August 2020 - tbb-commits - lists.torproject.org

[tor-browser/tor-browser-81.0b2-10.0-1] Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#tor
by gk＠torproject.org 27 Aug '20

27 Aug '20

commit ecf40136ba19a54f3fdd0c7b280f394edf3c4c53 Author: Richard Pospesel <richard(a)torproject.org> Date: Mon Sep 16 15:25:39 2019 -0700 Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#tor This patch adds a new about:preferences#tor page which allows modifying bridge, proxy, and firewall settings from within Tor Browser. All of the functionality present in tor-launcher's Network Configuration panel is present: - Setting built-in bridges - Requesting bridges from BridgeDB via moat - Using user-provided bridges - Configuring SOCKS4, SOCKS5, and HTTP/HTTPS proxies - Setting firewall ports - Viewing and Copying Tor's logs - The Networking Settings in General preferences has been removed --- browser/components/moz.build | 1 + browser/components/preferences/main.inc.xhtml | 55 -- browser/components/preferences/main.js | 14 - browser/components/preferences/preferences.js | 9 + browser/components/preferences/preferences.xhtml | 5 + browser/components/preferences/privacy.js | 1 + .../torpreferences/content/parseFunctions.jsm | 89 +++ .../torpreferences/content/requestBridgeDialog.jsm | 202 +++++ .../content/requestBridgeDialog.xhtml | 35 + .../torpreferences/content/torBridgeSettings.jsm | 325 ++++++++ .../torpreferences/content/torCategory.inc.xhtml | 9 + .../torpreferences/content/torFirewallSettings.jsm | 72 ++ .../torpreferences/content/torLogDialog.jsm | 66 ++ .../torpreferences/content/torLogDialog.xhtml | 23 + .../components/torpreferences/content/torPane.js | 857 +++++++++++++++++++++ .../torpreferences/content/torPane.xhtml | 123 +++ .../torpreferences/content/torPreferences.css | 77 ++ .../torpreferences/content/torPreferencesIcon.svg | 5 + .../torpreferences/content/torProxySettings.jsm | 245 ++++++ browser/components/torpreferences/jar.mn | 14 + browser/components/torpreferences/moz.build | 1 + browser/modules/BridgeDB.jsm | 110 +++ browser/modules/TorProtocolService.jsm | 212 +++++ browser/modules/moz.build | 2 + 24 files changed, 2483 insertions(+), 69 deletions(-) diff --git a/browser/components/moz.build b/browser/components/moz.build index cb6eeb9164ef..09e209dc9c3b 100644 --- a/browser/components/moz.build +++ b/browser/components/moz.build @@ -58,6 +58,7 @@ DIRS += [ 'syncedtabs', 'uitour', 'urlbar', + 'torpreferences', 'translation', ] diff --git a/browser/components/preferences/main.inc.xhtml b/browser/components/preferences/main.inc.xhtml index f7239b4d7342..5789464dcede 100644 --- a/browser/components/preferences/main.inc.xhtml +++ b/browser/components/preferences/main.inc.xhtml @@ -658,59 +658,4 @@ <label id="cfrFeaturesLearnMore" class="learnMore" data-l10n-id="browsing-cfr-recommendations-learn-more" is="text-link"/> </hbox> </groupbox> - -<hbox id="networkProxyCategory" - class="subcategory" - hidden="true" - data-category="paneGeneral"> - <html:h1 data-l10n-id="network-settings-title"/> -</hbox> - - -<groupbox id="connectionGroup" data-category="paneGeneral" hidden="true"> - <label class="search-header" hidden="true"><html:h2 data-l10n-id="network-settings-title"/></label> - - <hbox align="center"> - <hbox align="center" flex="1"> - <description id="connectionSettingsDescription" control="connectionSettings"/> - <spacer width="5"/> - <label id="connectionSettingsLearnMore" class="learnMore" is="text-link" - data-l10n-id="network-proxy-connection-learn-more"> - </label> - <separator orient="vertical"/> - </hbox> - -  - <hbox> - <button id="connectionSettings" - is="highlightable-button" - class="accessory-button" - data-l10n-id="network-proxy-connection-settings" - searchkeywords="doh trr" - search-l10n-ids=" - connection-window.title, - connection-proxy-option-no.label, - connection-proxy-option-auto.label, - connection-proxy-option-system.label, - connection-proxy-option-manual.label, - connection-proxy-http, - connection-proxy-https, - connection-proxy-ftp, - connection-proxy-http-port, - connection-proxy-socks, - connection-proxy-socks4, - connection-proxy-socks5, - connection-proxy-noproxy, - connection-proxy-noproxy-desc, - connection-proxy-http-sharing.label, - connection-proxy-autotype.label, - connection-proxy-reload.label, - connection-proxy-autologin.label, - connection-proxy-socks-remote-dns.label, - connection-dns-over-https.label, - connection-dns-over-https-url-custom.label, - " /> - </hbox> - </hbox> -</groupbox> </html:template> diff --git a/browser/components/preferences/main.js b/browser/components/preferences/main.js index 8afc3e0d5140..54556f474e59 100644 --- a/browser/components/preferences/main.js +++ b/browser/components/preferences/main.js @@ -370,15 +370,6 @@ var gMainPane = { }); this.updatePerformanceSettingsBox({ duringChangeEvent: false }); this.displayUseSystemLocale(); - let connectionSettingsLink = document.getElementById( - "connectionSettingsLearnMore" - ); - let connectionSettingsUrl = - Services.urlFormatter.formatURLPref("app.support.baseURL") + - "prefs-connection-settings"; - connectionSettingsLink.setAttribute("href", connectionSettingsUrl); - this.updateProxySettingsUI(); - initializeProxyUI(gMainPane); if (Services.prefs.getBoolPref("intl.multilingual.enabled")) { gMainPane.initBrowserLocale(); @@ -512,11 +503,6 @@ var gMainPane = { "change", gMainPane.updateHardwareAcceleration.bind(gMainPane) ); - setEventListener( - "connectionSettings", - "command", - gMainPane.showConnections - ); setEventListener( "browserContainersCheckbox", "command", diff --git a/browser/components/preferences/preferences.js b/browser/components/preferences/preferences.js index 7179fe7ec8b7..fcb722eea0b2 100644 --- a/browser/components/preferences/preferences.js +++ b/browser/components/preferences/preferences.js @@ -13,6 +13,7 @@ /* import-globals-from findInPage.js */ /* import-globals-from ../../base/content/utilityOverlay.js */ /* import-globals-from ../../../toolkit/content/preferencesBindings.js */ +/* import-globals-from ../torpreferences/content/torPane.js */ "use strict"; @@ -136,6 +137,14 @@ function init_all() { register_module("paneSync", gSyncPane); } register_module("paneSearchResults", gSearchResultsPane); + if (gTorPane.enabled) { + document.getElementById("category-tor").hidden = false; + register_module("paneTor", gTorPane); + } else { + // Remove the pane from the DOM so it doesn't get incorrectly included in search results. + document.getElementById("template-paneTor").remove(); + } + gSearchResultsPane.init(); gMainPane.preInit(); diff --git a/browser/components/preferences/preferences.xhtml b/browser/components/preferences/preferences.xhtml index f6ff20bacb56..514eba207ca3 100644 --- a/browser/components/preferences/preferences.xhtml +++ b/browser/components/preferences/preferences.xhtml @@ -13,6 +13,7 @@ <?xml-stylesheet href="chrome://browser/skin/preferences/containers.css"?> <?xml-stylesheet href="chrome://browser/skin/preferences/privacy.css"?> <?xml-stylesheet href="chrome://browser/content/securitylevel/securityLevelPreferences.css"?> +<?xml-stylesheet href="chrome://browser/content/torpreferences/torPreferences.css"?> <!DOCTYPE html [ <!ENTITY % aboutTorDTD SYSTEM "chrome://torbutton/locale/aboutTor.dtd"> @@ -153,6 +154,9 @@ <image class="category-icon"/> <label class="category-name" flex="1" data-l10n-id="pane-experimental-title"></label> </richlistitem> + +#include ../torpreferences/content/torCategory.inc.xhtml + </richlistbox> <spacer flex="1"/> @@ -213,6 +217,7 @@ #include containers.inc.xhtml #include sync.inc.xhtml #include experimental.inc.xhtml +#include ../torpreferences/content/torPane.xhtml </vbox> </vbox> </vbox> diff --git a/browser/components/preferences/privacy.js b/browser/components/preferences/privacy.js index 3115975ba685..9cd6d7260136 100644 --- a/browser/components/preferences/privacy.js +++ b/browser/components/preferences/privacy.js @@ -80,6 +80,7 @@ XPCOMUtils.defineLazyGetter(this, "AlertsServiceDND", function() { } }); +// TODO: module import via ChromeUtils.defineModuleGetter XPCOMUtils.defineLazyScriptGetter( this, ["SecurityLevelPreferences"], diff --git a/browser/components/torpreferences/content/parseFunctions.jsm b/browser/components/torpreferences/content/parseFunctions.jsm new file mode 100644 index 000000000000..954759de63a5 --- /dev/null +++ b/browser/components/torpreferences/content/parseFunctions.jsm @@ -0,0 +1,89 @@ +"use strict"; + +var EXPORTED_SYMBOLS = [ + "parsePort", + "parseAddrPort", + "parseUsernamePassword", + "parseAddrPortList", + "parseBridgeStrings", + "parsePortList", +]; + +// expects a string representation of an integer from 1 to 65535 +let parsePort = function(aPort) { + // ensure port string is a valid positive integer + const validIntRegex = /^[0-9]+$/; + if (!validIntRegex.test(aPort)) { + throw new Error(`Invalid PORT string : '${aPort}'`); + } + + // ensure port value is on valid range + let port = Number.parseInt(aPort); + if (port < 1 || port > 65535) { + throw new Error( + `Invalid PORT value, needs to be on range [1,65535] : '${port}'` + ); + } + + return port; +}; +// expects a string in the format: "ADDRESS:PORT" +let parseAddrPort = function(aAddrColonPort) { + let tokens = aAddrColonPort.split(":"); + if (tokens.length != 2) { + throw new Error(`Invalid ADDRESS:PORT string : '${aAddrColonPort}'`); + } + let address = tokens[0]; + let port = parsePort(tokens[1]); + return [address, port]; +}; + +// expects a string in the format: "USERNAME:PASSWORD" +// split on the first colon and any subsequent go into password +let parseUsernamePassword = function(aUsernameColonPassword) { + let colonIndex = aUsernameColonPassword.indexOf(":"); + if (colonIndex < 0) { + // we don't log the contents of the potentially password containing string + throw new Error("Invalid USERNAME:PASSWORD string"); + } + + let username = aUsernameColonPassword.substring(0, colonIndex); + let password = aUsernameColonPassword.substring(colonIndex + 1); + + return [username, password]; +}; + +// expects a string in the format: ADDRESS:PORT,ADDRESS:PORT,... +// returns array of ports (as ints) +let parseAddrPortList = function(aAddrPortList) { + let addrPorts = aAddrPortList.split(","); + // parse ADDRESS:PORT string and only keep the port (second element in returned array) + let retval = addrPorts.map(addrPort => parseAddrPort(addrPort)[1]); + return retval; +}; + +// expects a '/n' or '/r/n' delimited bridge string, which we split and trim +// each bridge string can also optionally have 'bridge' at the beginning ie: +// bridge $(type) $(address):$(port) $(certificate) +// we strip out the 'bridge' prefix here +let parseBridgeStrings = function(aBridgeStrings) { + + // replace carriage returns ('\r') with new lines ('\n') + aBridgeStrings = aBridgeStrings.replace(/\r/g, "\n"); + // then replace contiguous new lines ('\n') with a single one + aBridgeStrings = aBridgeStrings.replace(/[\n]+/g, "\n"); + + // split on the newline and for each bridge string: trim, remove starting 'bridge' string + // finally discard entries that are empty strings; empty strings could occur if we receive + // a new line containing only whitespace + let splitStrings = aBridgeStrings.split("\n"); + return splitStrings.map(val => val.trim().replace(/^bridge\s+/i, "")) + .filter(bridgeString => bridgeString != ""); +}; + +// expecting a ',' delimited list of ints with possible white space between +// returns an array of ints +let parsePortList = function(aPortListString) { + let splitStrings = aPortListString.split(","); + return splitStrings.map(val => parsePort(val.trim())); +}; diff --git a/browser/components/torpreferences/content/requestBridgeDialog.jsm b/browser/components/torpreferences/content/requestBridgeDialog.jsm new file mode 100644 index 000000000000..45419d001a7b --- /dev/null +++ b/browser/components/torpreferences/content/requestBridgeDialog.jsm @@ -0,0 +1,202 @@ +"use strict"; + +var EXPORTED_SYMBOLS = ["RequestBridgeDialog"]; + +const { BridgeDB } = ChromeUtils.import("resource:///modules/BridgeDB.jsm"); +const { TorStrings } = ChromeUtils.import("resource:///modules/TorStrings.jsm"); + +class RequestBridgeDialog { + constructor() { + this._dialog = null; + this._submitButton = null; + this._dialogDescription = null; + this._captchaImage = null; + this._captchaEntryTextbox = null; + this._captchaRefreshButton = null; + this._incorrectCaptchaHbox = null; + this._incorrectCaptchaLabel = null; + this._bridges = []; + this._proxyURI = null; + } + + static get selectors() { + return { + submitButton: + "accept" /* not really a selector but a key for dialog's getButton */, + dialogDescription: "description#torPreferences-requestBridge-description", + captchaImage: "image#torPreferences-requestBridge-captchaImage", + captchaEntryTextbox: "input#torPreferences-requestBridge-captchaTextbox", + refreshCaptchaButton: + "button#torPreferences-requestBridge-refreshCaptchaButton", + incorrectCaptchaHbox: + "hbox#torPreferences-requestBridge-incorrectCaptchaHbox", + incorrectCaptchaLabel: + "label#torPreferences-requestBridge-incorrectCaptchaError", + }; + } + + _populateXUL(dialog) { + const selectors = RequestBridgeDialog.selectors; + + this._dialog = dialog; + const dialogWin = dialog.parentElement; + dialogWin.setAttribute( + "title", + TorStrings.settings.requestBridgeDialogTitle + ); + // user may have opened a Request Bridge dialog in another tab, so update the + // CAPTCHA image or close out the dialog if we have a bridge list + this._dialog.addEventListener("focusin", () => { + const uri = BridgeDB.currentCaptchaImage; + const bridges = BridgeDB.currentBridges; + + // new captcha image + if (uri) { + this._setcaptchaImage(uri); + } else if (bridges) { + this._bridges = bridges; + this._submitButton.disabled = false; + this._dialog.cancelDialog(); + } + }); + + this._submitButton = this._dialog.getButton(selectors.submitButton); + this._submitButton.setAttribute("label", TorStrings.settings.submitCaptcha); + this._submitButton.disabled = true; + this._dialog.addEventListener("dialogaccept", e => { + e.preventDefault(); + this.onSubmitCaptcha(); + }); + + this._dialogDescription = this._dialog.querySelector( + selectors.dialogDescription + ); + this._dialogDescription.textContent = + TorStrings.settings.contactingBridgeDB; + + this._captchaImage = this._dialog.querySelector(selectors.captchaImage); + + // request captcha from bridge db + BridgeDB.requestNewCaptchaImage(this._proxyURI).then(uri => { + this._setcaptchaImage(uri); + }); + + this._captchaEntryTextbox = this._dialog.querySelector( + selectors.captchaEntryTextbox + ); + this._captchaEntryTextbox.setAttribute( + "placeholder", + TorStrings.settings.captchaTextboxPlaceholder + ); + this._captchaEntryTextbox.disabled = true; + // disable submit if entry textbox is empty + this._captchaEntryTextbox.oninput = () => { + this._submitButton.disabled = this._captchaEntryTextbox.value == ""; + }; + + this._captchaRefreshButton = this._dialog.querySelector( + selectors.refreshCaptchaButton + ); + this._captchaRefreshButton.disabled = true; + + this._incorrectCaptchaHbox = this._dialog.querySelector( + selectors.incorrectCaptchaHbox + ); + this._incorrectCaptchaLabel = this._dialog.querySelector( + selectors.incorrectCaptchaLabel + ); + this._incorrectCaptchaLabel.setAttribute( + "value", + TorStrings.settings.incorrectCaptcha + ); + + return true; + } + + _setcaptchaImage(uri) { + if (uri != this._captchaImage.src) { + this._captchaImage.src = uri; + this._dialogDescription.textContent = TorStrings.settings.solveTheCaptcha; + this._setUIDisabled(false); + this._captchaEntryTextbox.focus(); + this._captchaEntryTextbox.select(); + } + } + + _setUIDisabled(disabled) { + this._submitButton.disabled = this._captchaGuessIsEmpty() || disabled; + this._captchaEntryTextbox.disabled = disabled; + this._captchaRefreshButton.disabled = disabled; + } + + _captchaGuessIsEmpty() { + return this._captchaEntryTextbox.value == ""; + } + + init(window, dialog) { + // defer to later until firefox has populated the dialog with all our elements + window.setTimeout(() => { + this._populateXUL(dialog); + }, 0); + } + + close() { + BridgeDB.close(); + } + + /* + Event Handlers + */ + onSubmitCaptcha() { + let captchaText = this._captchaEntryTextbox.value.trim(); + // noop if the field is empty + if (captchaText == "") { + return; + } + + // freeze ui while we make request + this._setUIDisabled(true); + this._incorrectCaptchaHbox.style.visibility = "hidden"; + + BridgeDB.submitCaptchaGuess(captchaText) + .then(aBridges => { + this._bridges = aBridges; + + this._submitButton.disabled = false; + // This was successful, but use cancelDialog() to close, since + // we intercept the `dialogaccept` event. + this._dialog.cancelDialog(); + }) + .catch(aError => { + this._bridges = []; + this._setUIDisabled(false); + this._incorrectCaptchaHbox.style.visibility = "visible"; + }); + } + + onRefreshCaptcha() { + this._setUIDisabled(true); + this._captchaImage.src = ""; + this._dialogDescription.textContent = + TorStrings.settings.contactingBridgeDB; + this._captchaEntryTextbox.value = ""; + this._incorrectCaptchaHbox.style.visibility = "hidden"; + + BridgeDB.requestNewCaptchaImage(this._proxyURI).then(uri => { + this._setcaptchaImage(uri); + }); + } + + openDialog(gSubDialog, aProxyURI, aCloseCallback) { + this._proxyURI = aProxyURI; + gSubDialog.open( + "chrome://browser/content/torpreferences/requestBridgeDialog.xhtml", + "resizable=yes", + this, + () => { + this.close(); + aCloseCallback(this._bridges); + } + ); + } +} diff --git a/browser/components/torpreferences/content/requestBridgeDialog.xhtml b/browser/components/torpreferences/content/requestBridgeDialog.xhtml new file mode 100644 index 000000000000..64c4507807fb --- /dev/null +++ b/browser/components/torpreferences/content/requestBridgeDialog.xhtml @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="UTF-8"?> +<?xml-stylesheet href="chrome://global/skin/" type="text/css"?> +<?xml-stylesheet href="chrome://browser/skin/preferences/preferences.css"?> +<?xml-stylesheet href="chrome://browser/content/torpreferences/torPreferences.css"?> + +<window type="child" + xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" + xmlns:html="http://www.w3.org/1999/xhtml"> +<dialog id="torPreferences-requestBridge-dialog" + buttons="accept,cancel"> +  + <description id="torPreferences-requestBridge-description"></description> +  + <image id="torPreferences-requestBridge-captchaImage" flex="1"/> + <hbox id="torPreferences-requestBridge-inputHbox"> + <html:input id="torPreferences-requestBridge-captchaTextbox" type="text" style="-moz-box-flex: 1;"/> + <button id="torPreferences-requestBridge-refreshCaptchaButton" + image="chrome://browser/skin/reload.svg" + oncommand="requestBridgeDialog.onRefreshCaptcha();"/> + </hbox> + <hbox id="torPreferences-requestBridge-incorrectCaptchaHbox" align="center"> + <image id="torPreferences-requestBridge-errorIcon" /> + <label id="torPreferences-requestBridge-incorrectCaptchaError" flex="1"/> + </hbox> + <script type="application/javascript"><![CDATA[ + "use strict"; + + let requestBridgeDialog = window.arguments[0]; + let dialog = document.getElementById("torPreferences-requestBridge-dialog"); + requestBridgeDialog.init(window, dialog); + ]]></script> +</dialog> +</window> \ No newline at end of file diff --git a/browser/components/torpreferences/content/torBridgeSettings.jsm b/browser/components/torpreferences/content/torBridgeSettings.jsm new file mode 100644 index 000000000000..ceb61d3ec972 --- /dev/null +++ b/browser/components/torpreferences/content/torBridgeSettings.jsm @@ -0,0 +1,325 @@ +"use strict"; + +var EXPORTED_SYMBOLS = [ + "TorBridgeSource", + "TorBridgeSettings", + "makeTorBridgeSettingsNone", + "makeTorBridgeSettingsBuiltin", + "makeTorBridgeSettingsBridgeDB", + "makeTorBridgeSettingsUserProvided", +]; + +const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm"); +const { TorProtocolService } = ChromeUtils.import( + "resource:///modules/TorProtocolService.jsm" +); +const { TorStrings } = ChromeUtils.import("resource:///modules/TorStrings.jsm"); + +const TorBridgeSource = { + NONE: "NONE", + BUILTIN: "BUILTIN", + BRIDGEDB: "BRIDGEDB", + USERPROVIDED: "USERPROVIDED", +}; + +class TorBridgeSettings { + constructor() { + this._bridgeSource = TorBridgeSource.NONE; + this._selectedDefaultBridgeType = null; + this._bridgeStrings = []; + } + + get selectedDefaultBridgeType() { + if (this._bridgeSource == TorBridgeSource.BUILTIN) { + return this._selectedDefaultBridgeType; + } + return undefined; + } + + get bridgeSource() { + return this._bridgeSource; + } + + // for display + get bridgeStrings() { + return this._bridgeStrings.join("\n"); + } + + // raw + get bridgeStringsArray() { + return this._bridgeStrings; + } + + static get defaultBridgeTypes() { + if (TorBridgeSettings._defaultBridgeTypes) { + return TorBridgeSettings._defaultBridgeTypes; + } + + let bridgeListBranch = Services.prefs.getBranch( + TorStrings.preferenceBranches.defaultBridge + ); + let bridgePrefs = bridgeListBranch.getChildList("", {}); + + // an unordered set for shoving bridge types into + let bridgeTypes = new Set(); + // look for keys ending in ".N" and treat string before that as the bridge type + const pattern = /\.[0-9]+$/; + for (const key of bridgePrefs) { + const offset = key.search(pattern); + if (offset != -1) { + const bt = key.substring(0, offset); + bridgeTypes.add(bt); + } + } + + // recommended bridge type goes first in the list + let recommendedBridgeType = Services.prefs.getCharPref( + TorStrings.preferenceKeys.recommendedBridgeType, + null + ); + + let retval = []; + if (recommendedBridgeType && bridgeTypes.has(recommendedBridgeType)) { + retval.push(recommendedBridgeType); + } + + for (const bridgeType of bridgeTypes.values()) { + if (bridgeType != recommendedBridgeType) { + retval.push(bridgeType); + } + } + + // cache off + TorBridgeSettings._defaultBridgeTypes = retval; + return retval; + } + + _readDefaultBridges(aBridgeType) { + let bridgeBranch = Services.prefs.getBranch( + TorStrings.preferenceBranches.defaultBridge + ); + let bridgeBranchPrefs = bridgeBranch.getChildList("", {}); + + let retval = []; + + // regex matches against strings ending in ".N" where N is a positive integer + let pattern = /\.[0-9]+$/; + for (const key of bridgeBranchPrefs) { + // verify the location of the match is the correct offset required for aBridgeType + // to fit, and that the string begins with aBridgeType + if ( + key.search(pattern) == aBridgeType.length && + key.startsWith(aBridgeType) + ) { + let bridgeStr = bridgeBranch.getCharPref(key); + retval.push(bridgeStr); + } + } + + // fisher-yates shuffle + // shuffle so that Tor Browser users don't all try the built-in bridges in the same order + for (let i = retval.length - 1; i > 0; --i) { + // number n such that 0.0 <= n < 1.0 + const n = Math.random(); + // integer j such that 0 <= j <= i + const j = Math.floor(n * (i + 1)); + + // swap values at indices i and j + const tmp = retval[i]; + retval[i] = retval[j]; + retval[j] = tmp; + } + + return retval; + } + + _readBridgeDBBridges() { + let bridgeBranch = Services.prefs.getBranch( + `${TorStrings.preferenceBranches.bridgeDBBridges}` + ); + let bridgeBranchPrefs = bridgeBranch.getChildList("", {}); + // the child prefs do not come in any particular order so sort the keys + // so the values can be compared to what we get out off torrc + bridgeBranchPrefs.sort(); + + // just assume all of the prefs under the parent point to valid bridge string + let retval = bridgeBranchPrefs.map(key => + bridgeBranch.getCharPref(key).trim() + ); + + return retval; + } + + _readTorrcBridges() { + let bridgeList = TorProtocolService.readStringArraySetting( + TorStrings.configKeys.bridgeList + ); + + let retval = []; + for (const line of bridgeList) { + let trimmedLine = line.trim(); + if (trimmedLine) { + retval.push(trimmedLine); + } + } + + return retval; + } + + // analagous to initBridgeSettings() + readSettings() { + // restore to defaults + this._bridgeSource = TorBridgeSource.NONE; + this._selectedDefaultBridgeType = null; + this._bridgeStrings = []; + + // So the way tor-launcher determines the origin of the configured bridges is a bit + // weird and depends on inferring our scenario based on some firefox prefs and the + // relationship between the saved list of bridges in about:config vs the list saved in torrc + + // first off, if "extensions.torlauncher.default_bridge_type" is set to one of our + // builtin default types (obfs4, meek-azure, snowflake, etc) then we provide the + // bridges in "extensions.torlauncher.default_bridge.*" (filtered by our default_bridge_type) + + // next, we compare the list of bridges saved in torrc to the bridges stored in the + // "extensions.torlauncher.bridgedb_bridge."" branch. If they match *exactly* then we assume + // the bridges were retrieved from BridgeDB and use those. If the torrc list is empty then we know + // we have no bridge settings + + // finally, if none of the previous conditions are not met, it is assumed the bridges stored in + // torrc are user-provided + + // what we should(?) do once we excise tor-launcher entirely is explicitly store an int/enum in + // about:config that tells us which scenario we are in so we don't have to guess + + let defaultBridgeType = Services.prefs.getCharPref( + TorStrings.preferenceKeys.defaultBridgeType, + null + ); + + // check if source is BUILTIN + if (defaultBridgeType) { + this._bridgeStrings = this._readDefaultBridges(defaultBridgeType); + this._bridgeSource = TorBridgeSource.BUILTIN; + this._selectedDefaultBridgeType = defaultBridgeType; + return; + } + + let torrcBridges = this._readTorrcBridges(); + + // no stored bridges means no bridge is in use + if (torrcBridges.length == 0) { + this._bridgeStrings = []; + this._bridgeSource = TorBridgeSource.NONE; + return; + } + + let bridgedbBridges = this._readBridgeDBBridges(); + + // if these two lists are equal then we got our bridges from bridgedb + // ie: same element in identical order + let arraysEqual = (left, right) => { + if (left.length != right.length) { + return false; + } + const length = left.length; + for (let i = 0; i < length; ++i) { + if (left[i] != right[i]) { + return false; + } + } + return true; + }; + + // agreement between prefs and torrc means bridgedb bridges + if (arraysEqual(torrcBridges, bridgedbBridges)) { + this._bridgeStrings = torrcBridges; + this._bridgeSource = TorBridgeSource.BRIDGEDB; + return; + } + + // otherwise they must be user provided + this._bridgeStrings = torrcBridges; + this._bridgeSource = TorBridgeSource.USERPROVIDED; + } + + writeSettings() { + let settingsObject = new Map(); + + // init tor bridge settings to null + settingsObject.set(TorStrings.configKeys.useBridges, null); + settingsObject.set(TorStrings.configKeys.bridgeList, null); + + // clear bridge related firefox prefs + Services.prefs.setCharPref(TorStrings.preferenceKeys.defaultBridgeType, ""); + let bridgeBranch = Services.prefs.getBranch( + `${TorStrings.preferenceBranches.bridgeDBBridges}` + ); + let bridgeBranchPrefs = bridgeBranch.getChildList("", {}); + for (const pref of bridgeBranchPrefs) { + Services.prefs.clearUserPref( + `${TorStrings.preferenceBranches.bridgeDBBridges}${pref}` + ); + } + + switch (this._bridgeSource) { + case TorBridgeSource.BUILTIN: + // set builtin bridge type to use in prefs + Services.prefs.setCharPref( + TorStrings.preferenceKeys.defaultBridgeType, + this._selectedDefaultBridgeType + ); + break; + case TorBridgeSource.BRIDGEDB: + // save bridges off to prefs + for (let i = 0; i < this.bridgeStringsArray.length; ++i) { + Services.prefs.setCharPref( + `${TorStrings.preferenceBranches.bridgeDBBridges}${i}`, + this.bridgeStringsArray[i] + ); + } + break; + } + + // write over our bridge list if bridges are enabled + if (this._bridgeSource != TorBridgeSource.NONE) { + settingsObject.set(TorStrings.configKeys.useBridges, true); + settingsObject.set( + TorStrings.configKeys.bridgeList, + this.bridgeStringsArray + ); + } + TorProtocolService.writeSettings(settingsObject); + } +} + +function makeTorBridgeSettingsNone() { + return new TorBridgeSettings(); +} + +function makeTorBridgeSettingsBuiltin(aBridgeType) { + let retval = new TorBridgeSettings(); + retval._bridgeSource = TorBridgeSource.BUILTIN; + retval._selectedDefaultBridgeType = aBridgeType; + retval._bridgeStrings = retval._readDefaultBridges(aBridgeType); + + return retval; +} + +function makeTorBridgeSettingsBridgeDB(aBridges) { + let retval = new TorBridgeSettings(); + retval._bridgeSource = TorBridgeSource.BRIDGEDB; + retval._selectedDefaultBridgeType = null; + retval._bridgeStrings = aBridges; + + return retval; +} + +function makeTorBridgeSettingsUserProvided(aBridges) { + let retval = new TorBridgeSettings(); + retval._bridgeSource = TorBridgeSource.USERPROVIDED; + retval._selectedDefaultBridgeType = null; + retval._bridgeStrings = aBridges; + + return retval; +} diff --git a/browser/components/torpreferences/content/torCategory.inc.xhtml b/browser/components/torpreferences/content/torCategory.inc.xhtml new file mode 100644 index 000000000000..abe56200f571 --- /dev/null +++ b/browser/components/torpreferences/content/torCategory.inc.xhtml @@ -0,0 +1,9 @@ +<richlistitem id="category-tor" + class="category" + value="paneTor" + helpTopic="prefs-tor" + align="center" + hidden="true"> + <image class="category-icon"/> + <label id="torPreferences-labelCategory" class="category-name" flex="1" value="Tor"/> +</richlistitem> diff --git a/browser/components/torpreferences/content/torFirewallSettings.jsm b/browser/components/torpreferences/content/torFirewallSettings.jsm new file mode 100644 index 000000000000..e77f18ef2fae --- /dev/null +++ b/browser/components/torpreferences/content/torFirewallSettings.jsm @@ -0,0 +1,72 @@ +"use strict"; + +var EXPORTED_SYMBOLS = [ + "TorFirewallSettings", + "makeTorFirewallSettingsNone", + "makeTorFirewallSettingsCustom", +]; + +const { TorProtocolService } = ChromeUtils.import( + "resource:///modules/TorProtocolService.jsm" +); +const { TorStrings } = ChromeUtils.import("resource:///modules/TorStrings.jsm"); +const { parseAddrPortList } = ChromeUtils.import( + "chrome://browser/content/torpreferences/parseFunctions.jsm" +); + +class TorFirewallSettings { + constructor() { + this._allowedPorts = []; + } + + get portsConfigurationString() { + let portStrings = this._allowedPorts.map(port => `*:${port}`); + return portStrings.join(","); + } + + get commaSeparatedListString() { + return this._allowedPorts.join(","); + } + + get hasPorts() { + return this._allowedPorts.length > 0; + } + + readSettings() { + let addressPortList = TorProtocolService.readStringSetting( + TorStrings.configKeys.reachableAddresses + ); + + let allowedPorts = []; + if (addressPortList) { + allowedPorts = parseAddrPortList(addressPortList); + } + this._allowedPorts = allowedPorts; + } + + writeSettings() { + let settingsObject = new Map(); + + // init to null so Tor daemon resets if no ports + settingsObject.set(TorStrings.configKeys.reachableAddresses, null); + + if (this._allowedPorts.length > 0) { + settingsObject.set( + TorStrings.configKeys.reachableAddresses, + this.portsConfigurationString + ); + } + + TorProtocolService.writeSettings(settingsObject); + } +} + +function makeTorFirewallSettingsNone() { + return new TorFirewallSettings(); +} + +function makeTorFirewallSettingsCustom(aPortsList) { + let retval = new TorFirewallSettings(); + retval._allowedPorts = aPortsList; + return retval; +} diff --git a/browser/components/torpreferences/content/torLogDialog.jsm b/browser/components/torpreferences/content/torLogDialog.jsm new file mode 100644 index 000000000000..ba4b76738447 --- /dev/null +++ b/browser/components/torpreferences/content/torLogDialog.jsm @@ -0,0 +1,66 @@ +"use strict"; + +var EXPORTED_SYMBOLS = ["TorLogDialog"]; + +const { TorProtocolService } = ChromeUtils.import( + "resource:///modules/TorProtocolService.jsm" +); +const { TorStrings } = ChromeUtils.import("resource:///modules/TorStrings.jsm"); + +class TorLogDialog { + constructor() { + this._dialog = null; + this._logTextarea = null; + this._copyLogButton = null; + } + + static get selectors() { + return { + copyLogButton: "extra1", + logTextarea: "textarea#torPreferences-torDialog-textarea", + }; + } + + _populateXUL(aDialog) { + this._dialog = aDialog; + const dialogWin = this._dialog.parentElement; + dialogWin.setAttribute("title", TorStrings.settings.torLogDialogTitle); + + this._logTextarea = this._dialog.querySelector( + TorLogDialog.selectors.logTextarea + ); + + this._copyLogButton = this._dialog.getButton( + TorLogDialog.selectors.copyLogButton + ); + this._copyLogButton.setAttribute("label", TorStrings.settings.copyLog); + this._copyLogButton.addEventListener("command", () => { + this.copyTorLog(); + }); + + this._logTextarea.value = TorProtocolService.getLog(); + } + + init(window, aDialog) { + // defer to later until firefox has populated the dialog with all our elements + window.setTimeout(() => { + this._populateXUL(aDialog); + }, 0); + } + + copyTorLog() { + // Copy tor log messages to the system clipboard. + let clipboard = Cc["@mozilla.org/widget/clipboardhelper;1"].getService( + Ci.nsIClipboardHelper + ); + clipboard.copyString(this._logTextarea.value); + } + + openDialog(gSubDialog) { + gSubDialog.open( + "chrome://browser/content/torpreferences/torLogDialog.xhtml", + "resizable=yes", + this + ); + } +} diff --git a/browser/components/torpreferences/content/torLogDialog.xhtml b/browser/components/torpreferences/content/torLogDialog.xhtml new file mode 100644 index 000000000000..9c17f8132978 --- /dev/null +++ b/browser/components/torpreferences/content/torLogDialog.xhtml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<?xml-stylesheet href="chrome://global/skin/" type="text/css"?> +<?xml-stylesheet href="chrome://browser/skin/preferences/preferences.css"?> +<?xml-stylesheet href="chrome://browser/content/torpreferences/torPreferences.css"?> + +<window type="child" + xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" + xmlns:html="http://www.w3.org/1999/xhtml"> +<dialog id="torPreferences-torLog-dialog" + buttons="accept,extra1"> + <html:textarea + id="torPreferences-torDialog-textarea" + multiline="true" + readonly="true"/> + <script type="application/javascript"><![CDATA[ + "use strict"; + + let torLogDialog = window.arguments[0]; + let dialog = document.getElementById("torPreferences-torLog-dialog"); + torLogDialog.init(window, dialog); + ]]></script> +</dialog> +</window> \ No newline at end of file diff --git a/browser/components/torpreferences/content/torPane.js b/browser/components/torpreferences/content/torPane.js new file mode 100644 index 000000000000..49054b5dac6a --- /dev/null +++ b/browser/components/torpreferences/content/torPane.js @@ -0,0 +1,857 @@ +"use strict"; + +const { TorProtocolService } = ChromeUtils.import( + "resource:///modules/TorProtocolService.jsm" +); + +const { + TorBridgeSource, + TorBridgeSettings, + makeTorBridgeSettingsNone, + makeTorBridgeSettingsBuiltin, + makeTorBridgeSettingsBridgeDB, + makeTorBridgeSettingsUserProvided, +} = ChromeUtils.import( + "chrome://browser/content/torpreferences/torBridgeSettings.jsm" +); + +const { + TorProxyType, + TorProxySettings, + makeTorProxySettingsNone, + makeTorProxySettingsSocks4, + makeTorProxySettingsSocks5, + makeTorProxySettingsHTTPS, +} = ChromeUtils.import( + "chrome://browser/content/torpreferences/torProxySettings.jsm" +); +const { + TorFirewallSettings, + makeTorFirewallSettingsNone, + makeTorFirewallSettingsCustom, +} = ChromeUtils.import( + "chrome://browser/content/torpreferences/torFirewallSettings.jsm" +); + +const { TorLogDialog } = ChromeUtils.import( + "chrome://browser/content/torpreferences/torLogDialog.jsm" +); + +const { RequestBridgeDialog } = ChromeUtils.import( + "chrome://browser/content/torpreferences/requestBridgeDialog.jsm" +); + +ChromeUtils.defineModuleGetter( + this, + "TorStrings", + "resource:///modules/TorStrings.jsm" +); + +const { parsePort, parseBridgeStrings, parsePortList } = ChromeUtils.import( + "chrome://browser/content/torpreferences/parseFunctions.jsm" +); + +/* + Tor Pane + + Code for populating the XUL in about:preferences#tor, handling input events, interfacing with tor-launcher +*/ +const gTorPane = (function() { + /* CSS selectors for all of the Tor Network DOM elements we need to access */ + const selectors = { + category: { + title: "label#torPreferences-labelCategory", + }, + torPreferences: { + header: "h1#torPreferences-header", + description: "span#torPreferences-description", + learnMore: "label#torPreferences-learnMore", + }, + bridges: { + header: "h2#torPreferences-bridges-header", + description: "span#torPreferences-bridges-description", + learnMore: "label#torPreferences-bridges-learnMore", + useBridgeCheckbox: "checkbox#torPreferences-bridges-toggle", + bridgeSelectionRadiogroup: + "radiogroup#torPreferences-bridges-bridgeSelection", + builtinBridgeOption: "radio#torPreferences-bridges-radioBuiltin", + builtinBridgeList: "menulist#torPreferences-bridges-builtinList", + requestBridgeOption: "radio#torPreferences-bridges-radioRequestBridge", + requestBridgeButton: "button#torPreferences-bridges-buttonRequestBridge", + requestBridgeTextarea: + "textarea#torPreferences-bridges-textareaRequestBridge", + provideBridgeOption: "radio#torPreferences-bridges-radioProvideBridge", + provideBridgeDescription: + "description#torPreferences-bridges-descriptionProvideBridge", + provideBridgeTextarea: + "textarea#torPreferences-bridges-textareaProvideBridge", + }, + advanced: { + header: "h2#torPreferences-advanced-header", + description: "span#torPreferences-advanced-description", + learnMore: "label#torPreferences-advanced-learnMore", + useProxyCheckbox: "checkbox#torPreferences-advanced-toggleProxy", + proxyTypeLabel: "label#torPreferences-localProxy-type", + proxyTypeList: "menulist#torPreferences-localProxy-builtinList", + proxyAddressLabel: "label#torPreferences-localProxy-address", + proxyAddressTextbox: "input#torPreferences-localProxy-textboxAddress", + proxyPortLabel: "label#torPreferences-localProxy-port", + proxyPortTextbox: "input#torPreferences-localProxy-textboxPort", + proxyUsernameLabel: "label#torPreferences-localProxy-username", + proxyUsernameTextbox: "input#torPreferences-localProxy-textboxUsername", + proxyPasswordLabel: "label#torPreferences-localProxy-password", + proxyPasswordTextbox: "input#torPreferences-localProxy-textboxPassword", + useFirewallCheckbox: "checkbox#torPreferences-advanced-toggleFirewall", + firewallAllowedPortsLabel: "label#torPreferences-advanced-allowedPorts", + firewallAllowedPortsTextbox: + "input#torPreferences-advanced-textboxAllowedPorts", + torLogsLabel: "label#torPreferences-torLogs", + torLogsButton: "button#torPreferences-buttonTorLogs", + }, + }; /* selectors */ + + let retval = { + // cached frequently accessed DOM elements + _useBridgeCheckbox: null, + _bridgeSelectionRadiogroup: null, + _builtinBridgeOption: null, + _builtinBridgeMenulist: null, + _requestBridgeOption: null, + _requestBridgeButton: null, + _requestBridgeTextarea: null, + _provideBridgeOption: null, + _provideBridgeTextarea: null, + _useProxyCheckbox: null, + _proxyTypeLabel: null, + _proxyTypeMenulist: null, + _proxyAddressLabel: null, + _proxyAddressTextbox: null, + _proxyPortLabel: null, + _proxyPortTextbox: null, + _proxyUsernameLabel: null, + _proxyUsernameTextbox: null, + _proxyPasswordLabel: null, + _proxyPasswordTextbox: null, + _useFirewallCheckbox: null, + _allowedPortsLabel: null, + _allowedPortsTextbox: null, + + // tor network settings + _bridgeSettings: null, + _proxySettings: null, + _firewallSettings: null, + + // disables the provided list of elements + _setElementsDisabled(elements, disabled) { + for (let currentElement of elements) { + currentElement.disabled = disabled; + } + }, + + // populate xul with strings and cache the relevant elements + _populateXUL() { + // saves tor settings to disk when navigate away from about:preferences + window.addEventListener("blur", val => { + TorProtocolService.flushSettings(); + }); + + document + .querySelector(selectors.category.title) + .setAttribute("value", TorStrings.settings.categoryTitle); + + let prefpane = document.getElementById("mainPrefPane"); + + // Heading + prefpane.querySelector(selectors.torPreferences.header).innerText = + TorStrings.settings.torPreferencesHeading; + prefpane.querySelector(selectors.torPreferences.description).textContent = + TorStrings.settings.torPreferencesDescription; + { + let learnMore = prefpane.querySelector( + selectors.torPreferences.learnMore + ); + learnMore.setAttribute("value", TorStrings.settings.learnMore); + learnMore.setAttribute( + "href", + TorStrings.settings.learnMoreTorBrowserURL + ); + } + + // Bridge setup + prefpane.querySelector(selectors.bridges.header).innerText = + TorStrings.settings.bridgesHeading; + prefpane.querySelector(selectors.bridges.description).textContent = + TorStrings.settings.bridgesDescription; + { + let learnMore = prefpane.querySelector(selectors.bridges.learnMore); + learnMore.setAttribute("value", TorStrings.settings.learnMore); + learnMore.setAttribute("href", TorStrings.settings.learnMoreBridgesURL); + } + + this._useBridgeCheckbox = prefpane.querySelector( + selectors.bridges.useBridgeCheckbox + ); + this._useBridgeCheckbox.setAttribute( + "label", + TorStrings.settings.useBridge + ); + this._useBridgeCheckbox.addEventListener("command", e => { + const checked = this._useBridgeCheckbox.checked; + gTorPane.onToggleBridge(checked).onUpdateBridgeSettings(); + }); + this._bridgeSelectionRadiogroup = prefpane.querySelector( + selectors.bridges.bridgeSelectionRadiogroup + ); + this._bridgeSelectionRadiogroup.value = TorBridgeSource.BUILTIN; + this._bridgeSelectionRadiogroup.addEventListener("command", e => { + const value = this._bridgeSelectionRadiogroup.value; + gTorPane.onSelectBridgeOption(value).onUpdateBridgeSettings(); + }); + + // Builtin bridges + this._builtinBridgeOption = prefpane.querySelector( + selectors.bridges.builtinBridgeOption + ); + this._builtinBridgeOption.setAttribute( + "label", + TorStrings.settings.selectBridge + ); + this._builtinBridgeOption.setAttribute("value", TorBridgeSource.BUILTIN); + this._builtinBridgeMenulist = prefpane.querySelector( + selectors.bridges.builtinBridgeList + ); + this._builtinBridgeMenulist.addEventListener("command", e => { + gTorPane.onUpdateBridgeSettings(); + }); + + // Request bridge + this._requestBridgeOption = prefpane.querySelector( + selectors.bridges.requestBridgeOption + ); + this._requestBridgeOption.setAttribute( + "label", + TorStrings.settings.requestBridgeFromTorProject + ); + this._requestBridgeOption.setAttribute("value", TorBridgeSource.BRIDGEDB); + this._requestBridgeButton = prefpane.querySelector( + selectors.bridges.requestBridgeButton + ); + this._requestBridgeButton.setAttribute( + "label", + TorStrings.settings.requestNewBridge + ); + this._requestBridgeButton.addEventListener("command", () => + gTorPane.onRequestBridge() + ); + this._requestBridgeTextarea = prefpane.querySelector( + selectors.bridges.requestBridgeTextarea + ); + + // Provide a bridge + this._provideBridgeOption = prefpane.querySelector( + selectors.bridges.provideBridgeOption + ); + this._provideBridgeOption.setAttribute( + "label", + TorStrings.settings.provideBridge + ); + this._provideBridgeOption.setAttribute( + "value", + TorBridgeSource.USERPROVIDED + ); + prefpane.querySelector( + selectors.bridges.provideBridgeDescription + ).textContent = TorStrings.settings.provideBridgeDirections; + this._provideBridgeTextarea = prefpane.querySelector( + selectors.bridges.provideBridgeTextarea + ); + this._provideBridgeTextarea.setAttribute( + "placeholder", + TorStrings.settings.provideBridgePlaceholder + ); + this._provideBridgeTextarea.addEventListener("blur", () => { + gTorPane.onUpdateBridgeSettings(); + }); + + // Advanced setup + prefpane.querySelector(selectors.advanced.header).innerText = + TorStrings.settings.advancedHeading; + prefpane.querySelector(selectors.advanced.description).textContent = + TorStrings.settings.advancedDescription; + { + let learnMore = prefpane.querySelector(selectors.advanced.learnMore); + learnMore.setAttribute("value", TorStrings.settings.learnMore); + learnMore.setAttribute( + "href", + TorStrings.settings.learnMoreNetworkSettingsURL + ); + } + + // Local Proxy + this._useProxyCheckbox = prefpane.querySelector( + selectors.advanced.useProxyCheckbox + ); + this._useProxyCheckbox.setAttribute( + "label", + TorStrings.settings.useLocalProxy + ); + this._useProxyCheckbox.addEventListener("command", e => { + const checked = this._useProxyCheckbox.checked; + gTorPane.onToggleProxy(checked).onUpdateProxySettings(); + }); + this._proxyTypeLabel = prefpane.querySelector( + selectors.advanced.proxyTypeLabel + ); + this._proxyTypeLabel.setAttribute("value", TorStrings.settings.proxyType); + + let mockProxies = [ + { + value: TorProxyType.SOCKS4, + label: TorStrings.settings.proxyTypeSOCKS4, + }, + { + value: TorProxyType.SOCKS5, + label: TorStrings.settings.proxyTypeSOCKS5, + }, + { value: TorProxyType.HTTPS, label: TorStrings.settings.proxyTypeHTTP }, + ]; + this._proxyTypeMenulist = prefpane.querySelector( + selectors.advanced.proxyTypeList + ); + this._proxyTypeMenulist.addEventListener("command", e => { + const value = this._proxyTypeMenulist.value; + gTorPane.onSelectProxyType(value).onUpdateProxySettings(); + }); + for (let currentProxy of mockProxies) { + let menuEntry = document.createXULElement("menuitem"); + menuEntry.setAttribute("value", currentProxy.value); + menuEntry.setAttribute("label", currentProxy.label); + this._proxyTypeMenulist + .querySelector("menupopup") + .appendChild(menuEntry); + } + + this._proxyAddressLabel = prefpane.querySelector( + selectors.advanced.proxyAddressLabel + ); + this._proxyAddressLabel.setAttribute( + "value", + TorStrings.settings.proxyAddress + ); + this._proxyAddressTextbox = prefpane.querySelector( + selectors.advanced.proxyAddressTextbox + ); + this._proxyAddressTextbox.setAttribute( + "placeholder", + TorStrings.settings.proxyAddressPlaceholder + ); + this._proxyAddressTextbox.addEventListener("blur", () => { + gTorPane.onUpdateProxySettings(); + }); + this._proxyPortLabel = prefpane.querySelector( + selectors.advanced.proxyPortLabel + ); + this._proxyPortLabel.setAttribute("value", TorStrings.settings.proxyPort); + this._proxyPortTextbox = prefpane.querySelector( + selectors.advanced.proxyPortTextbox + ); + this._proxyPortTextbox.addEventListener("blur", () => { + gTorPane.onUpdateProxySettings(); + }); + this._proxyUsernameLabel = prefpane.querySelector( + selectors.advanced.proxyUsernameLabel + ); + this._proxyUsernameLabel.setAttribute( + "value", + TorStrings.settings.proxyUsername + ); + this._proxyUsernameTextbox = prefpane.querySelector( + selectors.advanced.proxyUsernameTextbox + ); + this._proxyUsernameTextbox.setAttribute( + "placeholder", + TorStrings.settings.proxyUsernamePasswordPlaceholder + ); + this._proxyUsernameTextbox.addEventListener("blur", () => { + gTorPane.onUpdateProxySettings(); + }); + this._proxyPasswordLabel = prefpane.querySelector( + selectors.advanced.proxyPasswordLabel + ); + this._proxyPasswordLabel.setAttribute( + "value", + TorStrings.settings.proxyPassword + ); + this._proxyPasswordTextbox = prefpane.querySelector( + selectors.advanced.proxyPasswordTextbox + ); + this._proxyPasswordTextbox.setAttribute( + "placeholder", + TorStrings.settings.proxyUsernamePasswordPlaceholder + ); + this._proxyPasswordTextbox.addEventListener("blur", () => { + gTorPane.onUpdateProxySettings(); + }); + + // Local firewall + this._useFirewallCheckbox = prefpane.querySelector( + selectors.advanced.useFirewallCheckbox + ); + this._useFirewallCheckbox.setAttribute( + "label", + TorStrings.settings.useFirewall + ); + this._useFirewallCheckbox.addEventListener("command", e => { + const checked = this._useFirewallCheckbox.checked; + gTorPane.onToggleFirewall(checked).onUpdateFirewallSettings(); + }); + this._allowedPortsLabel = prefpane.querySelector( + selectors.advanced.firewallAllowedPortsLabel + ); + this._allowedPortsLabel.setAttribute( + "value", + TorStrings.settings.allowedPorts + ); + this._allowedPortsTextbox = prefpane.querySelector( + selectors.advanced.firewallAllowedPortsTextbox + ); + this._allowedPortsTextbox.setAttribute( + "placeholder", + TorStrings.settings.allowedPortsPlaceholder + ); + this._allowedPortsTextbox.addEventListener("blur", () => { + gTorPane.onUpdateFirewallSettings(); + }); + + // Tor logs + prefpane + .querySelector(selectors.advanced.torLogsLabel) + .setAttribute("value", TorStrings.settings.showTorDaemonLogs); + let torLogsButton = prefpane.querySelector( + selectors.advanced.torLogsButton + ); + torLogsButton.setAttribute("label", TorStrings.settings.showLogs); + torLogsButton.addEventListener("command", () => { + gTorPane.onViewTorLogs(); + }); + + // Disable all relevant elements by default + this._setElementsDisabled( + [ + this._builtinBridgeOption, + this._builtinBridgeMenulist, + this._requestBridgeOption, + this._requestBridgeButton, + this._requestBridgeTextarea, + this._provideBridgeOption, + this._provideBridgeTextarea, + this._proxyTypeLabel, + this._proxyTypeMenulist, + this._proxyAddressLabel, + this._proxyAddressTextbox, + this._proxyPortLabel, + this._proxyPortTextbox, + this._proxyUsernameLabel, + this._proxyUsernameTextbox, + this._proxyPasswordLabel, + this._proxyPasswordTextbox, + this._allowedPortsLabel, + this._allowedPortsTextbox, + ], + true + ); + + // load bridge settings + let torBridgeSettings = new TorBridgeSettings(); + torBridgeSettings.readSettings(); + + // populate the bridge list + for (let currentBridge of TorBridgeSettings.defaultBridgeTypes) { + let menuEntry = document.createXULElement("menuitem"); + menuEntry.setAttribute("value", currentBridge); + menuEntry.setAttribute("label", currentBridge); + this._builtinBridgeMenulist + .querySelector("menupopup") + .appendChild(menuEntry); + } + + this.onSelectBridgeOption(torBridgeSettings.bridgeSource); + this.onToggleBridge( + torBridgeSettings.bridgeSource != TorBridgeSource.NONE + ); + switch (torBridgeSettings.bridgeSource) { + case TorBridgeSource.NONE: + break; + case TorBridgeSource.BUILTIN: + this._builtinBridgeMenulist.value = + torBridgeSettings.selectedDefaultBridgeType; + break; + case TorBridgeSource.BRIDGEDB: + this._requestBridgeTextarea.value = torBridgeSettings.bridgeStrings; + break; + case TorBridgeSource.USERPROVIDED: + this._provideBridgeTextarea.value = torBridgeSettings.bridgeStrings; + break; + } + + this._bridgeSettings = torBridgeSettings; + + // load proxy settings + let torProxySettings = new TorProxySettings(); + torProxySettings.readSettings(); + + if (torProxySettings.type != TorProxyType.NONE) { + this.onToggleProxy(true); + this.onSelectProxyType(torProxySettings.type); + this._proxyAddressTextbox.value = torProxySettings.address; + this._proxyPortTextbox.value = torProxySettings.port; + this._proxyUsernameTextbox.value = torProxySettings.username; + this._proxyPasswordTextbox.value = torProxySettings.password; + } + + this._proxySettings = torProxySettings; + + // load firewall settings + let torFirewallSettings = new TorFirewallSettings(); + torFirewallSettings.readSettings(); + + if (torFirewallSettings.hasPorts) { + this.onToggleFirewall(true); + this._allowedPortsTextbox.value = + torFirewallSettings.commaSeparatedListString; + } + + this._firewallSettings = torFirewallSettings; + }, + + init() { + this._populateXUL(); + }, + + // whether the page should be present in about:preferences + get enabled() { + return TorProtocolService.ownsTorDaemon; + }, + + // + // Callbacks + // + + // callback when using bridges toggled + onToggleBridge(enabled) { + this._useBridgeCheckbox.checked = enabled; + let disabled = !enabled; + + // first disable all the bridge related elements + this._setElementsDisabled( + [ + this._builtinBridgeOption, + this._builtinBridgeMenulist, + this._requestBridgeOption, + this._requestBridgeButton, + this._requestBridgeTextarea, + this._provideBridgeOption, + this._provideBridgeTextarea, + ], + disabled + ); + + // and selectively re-enable based on the radiogroup's current value + if (enabled) { + this.onSelectBridgeOption(this._bridgeSelectionRadiogroup.value); + } else { + this.onSelectBridgeOption(TorBridgeSource.NONE); + } + return this; + }, + + // callback when a bridge option is selected + onSelectBridgeOption(source) { + // disable all of the bridge elements under radio buttons + this._setElementsDisabled( + [ + this._builtinBridgeMenulist, + this._requestBridgeButton, + this._requestBridgeTextarea, + this._provideBridgeTextarea, + ], + true + ); + + if (source != TorBridgeSource.NONE) { + this._bridgeSelectionRadiogroup.value = source; + } + + switch (source) { + case TorBridgeSource.BUILTIN: { + this._setElementsDisabled([this._builtinBridgeMenulist], false); + break; + } + case TorBridgeSource.BRIDGEDB: { + this._setElementsDisabled( + [this._requestBridgeButton, this._requestBridgeTextarea], + false + ); + break; + } + case TorBridgeSource.USERPROVIDED: { + this._setElementsDisabled([this._provideBridgeTextarea], false); + break; + } + } + return this; + }, + + // called when the request bridge button is activated + onRequestBridge() { + let requestBridgeDialog = new RequestBridgeDialog(); + requestBridgeDialog.openDialog( + gSubDialog, + this._proxySettings.proxyURI, + aBridges => { + if (aBridges.length > 0) { + let bridgeSettings = makeTorBridgeSettingsBridgeDB(aBridges); + bridgeSettings.writeSettings(); + this._bridgeSettings = bridgeSettings; + + this._requestBridgeTextarea.value = bridgeSettings.bridgeStrings; + } + } + ); + return this; + }, + + // pushes bridge settings from UI to tor + onUpdateBridgeSettings() { + let bridgeSettings = null; + + let source = this._useBridgeCheckbox.checked + ? this._bridgeSelectionRadiogroup.value + : TorBridgeSource.NONE; + switch (source) { + case TorBridgeSource.NONE: { + bridgeSettings = makeTorBridgeSettingsNone(); + break; + } + case TorBridgeSource.BUILTIN: { + // if there is a built-in bridge already selected, use that + let bridgeType = this._builtinBridgeMenulist.value; + if (bridgeType) { + bridgeSettings = makeTorBridgeSettingsBuiltin(bridgeType); + } else { + bridgeSettings = makeTorBridgeSettingsNone(); + } + break; + } + case TorBridgeSource.BRIDGEDB: { + // if there are bridgedb bridges saved in the text area, use them + let bridgeStrings = this._requestBridgeTextarea.value; + if (bridgeStrings) { + let bridgeStringList = parseBridgeStrings(bridgeStrings); + bridgeSettings = makeTorBridgeSettingsBridgeDB(bridgeStringList); + } else { + bridgeSettings = makeTorBridgeSettingsNone(); + } + break; + } + case TorBridgeSource.USERPROVIDED: { + // if bridges already exist in the text area, use them + let bridgeStrings = this._provideBridgeTextarea.value; + if (bridgeStrings) { + let bridgeStringList = parseBridgeStrings(bridgeStrings); + bridgeSettings = makeTorBridgeSettingsUserProvided( + bridgeStringList + ); + } else { + bridgeSettings = makeTorBridgeSettingsNone(); + } + break; + } + } + bridgeSettings.writeSettings(); + this._bridgeSettings = bridgeSettings; + return this; + }, + + // callback when proxy is toggled + onToggleProxy(enabled) { + this._useProxyCheckbox.checked = enabled; + let disabled = !enabled; + + this._setElementsDisabled( + [ + this._proxyTypeLabel, + this._proxyTypeMenulist, + this._proxyAddressLabel, + this._proxyAddressTextbox, + this._proxyPortLabel, + this._proxyPortTextbox, + this._proxyUsernameLabel, + this._proxyUsernameTextbox, + this._proxyPasswordLabel, + this._proxyPasswordTextbox, + ], + disabled + ); + this.onSelectProxyType(this._proxyTypeMenulist.value); + return this; + }, + + // callback when proxy type is changed + onSelectProxyType(value) { + if (value == "") { + value = TorProxyType.NONE; + } + this._proxyTypeMenulist.value = value; + switch (value) { + case TorProxyType.NONE: { + this._setElementsDisabled( + [ + this._proxyAddressLabel, + this._proxyAddressTextbox, + this._proxyPortLabel, + this._proxyPortTextbox, + this._proxyUsernameLabel, + this._proxyUsernameTextbox, + this._proxyPasswordLabel, + this._proxyPasswordTextbox, + ], + true + ); // DISABLE + + this._proxyAddressTextbox.value = ""; + this._proxyPortTextbox.value = ""; + this._proxyUsernameTextbox.value = ""; + this._proxyPasswordTextbox.value = ""; + break; + } + case TorProxyType.SOCKS4: { + this._setElementsDisabled( + [ + this._proxyAddressLabel, + this._proxyAddressTextbox, + this._proxyPortLabel, + this._proxyPortTextbox, + ], + false + ); // ENABLE + this._setElementsDisabled( + [ + this._proxyUsernameLabel, + this._proxyUsernameTextbox, + this._proxyPasswordLabel, + this._proxyPasswordTextbox, + ], + true + ); // DISABLE + + this._proxyUsernameTextbox.value = ""; + this._proxyPasswordTextbox.value = ""; + break; + } + case TorProxyType.SOCKS5: + case TorProxyType.HTTPS: { + this._setElementsDisabled( + [ + this._proxyAddressLabel, + this._proxyAddressTextbox, + this._proxyPortLabel, + this._proxyPortTextbox, + this._proxyUsernameLabel, + this._proxyUsernameTextbox, + this._proxyPasswordLabel, + this._proxyPasswordTextbox, + ], + false + ); // ENABLE + break; + } + } + return this; + }, + + // pushes proxy settings from UI to tor + onUpdateProxySettings() { + const proxyType = this._useProxyCheckbox.checked + ? this._proxyTypeMenulist.value + : TorProxyType.NONE; + const addressString = this._proxyAddressTextbox.value; + const portString = this._proxyPortTextbox.value; + const usernameString = this._proxyUsernameTextbox.value; + const passwordString = this._proxyPasswordTextbox.value; + + let proxySettings = null; + + switch (proxyType) { + case TorProxyType.NONE: + proxySettings = makeTorProxySettingsNone(); + break; + case TorProxyType.SOCKS4: + proxySettings = makeTorProxySettingsSocks4( + addressString, + parsePort(portString) + ); + break; + case TorProxyType.SOCKS5: + proxySettings = makeTorProxySettingsSocks5( + addressString, + parsePort(portString), + usernameString, + passwordString + ); + break; + case TorProxyType.HTTPS: + proxySettings = makeTorProxySettingsHTTPS( + addressString, + parsePort(portString), + usernameString, + passwordString + ); + break; + } + + proxySettings.writeSettings(); + this._proxySettings = proxySettings; + return this; + }, + + // callback when firewall proxy is toggled + onToggleFirewall(enabled) { + this._useFirewallCheckbox.checked = enabled; + let disabled = !enabled; + + this._setElementsDisabled( + [this._allowedPortsLabel, this._allowedPortsTextbox], + disabled + ); + + return this; + }, + + // pushes firewall settings from UI to tor + onUpdateFirewallSettings() { + let portListString = this._useFirewallCheckbox.checked + ? this._allowedPortsTextbox.value + : ""; + let firewallSettings = null; + + if (portListString) { + firewallSettings = makeTorFirewallSettingsCustom( + parsePortList(portListString) + ); + } else { + firewallSettings = makeTorFirewallSettingsNone(); + } + + firewallSettings.writeSettings(); + this._firewallSettings = firewallSettings; + return this; + }, + + onViewTorLogs() { + let torLogDialog = new TorLogDialog(); + torLogDialog.openDialog(gSubDialog); + }, + }; + return retval; +})(); /* gTorPane */ diff --git a/browser/components/torpreferences/content/torPane.xhtml b/browser/components/torpreferences/content/torPane.xhtml new file mode 100644 index 000000000000..3c966b2b3726 --- /dev/null +++ b/browser/components/torpreferences/content/torPane.xhtml @@ -0,0 +1,123 @@ + + +<script type="application/javascript" + src="chrome://browser/content/torpreferences/torPane.js"/> +<html:template id="template-paneTor"> +<hbox id="torPreferencesCategory" + class="subcategory" + data-category="paneTor" + hidden="true"> + <html:h1 id="torPreferences-header"/> +</hbox> + +<groupbox data-category="paneTor" + hidden="true"> + <description flex="1"> + <html:span id="torPreferences-description" class="tail-with-learn-more"/> + <label id="torPreferences-learnMore" class="learnMore text-link" is="text-link"/> + </description> +</groupbox> + + +<groupbox id="torPreferences-bridges-group" + data-category="paneTor" + hidden="true"> + <html:h2 id="torPreferences-bridges-header"/> + <description flex="1"> + <html:span id="torPreferences-bridges-description" class="tail-with-learn-more"/> + <label id="torPreferences-bridges-learnMore" class="learnMore text-link" is="text-link"/> + </description> + <checkbox id="torPreferences-bridges-toggle"/> + <radiogroup id="torPreferences-bridges-bridgeSelection"> + <hbox class="indent"> + <radio id="torPreferences-bridges-radioBuiltin"/> + <spacer flex="1"/> + <menulist id="torPreferences-bridges-builtinList" class="torMarginFix"> + <menupopup/> + </menulist> + </hbox> + <vbox class="indent"> + <hbox> + <radio id="torPreferences-bridges-radioRequestBridge"/> + <space flex="1"/> + <button id="torPreferences-bridges-buttonRequestBridge" class="torMarginFix"/> + </hbox> + <html:textarea + id="torPreferences-bridges-textareaRequestBridge" + class="indent torMarginFix" + multiline="true" + rows="3" + readonly="true"/> + </vbox> + <hbox class="indent" flex="1"> + <vbox flex="1"> + <radio id="torPreferences-bridges-radioProvideBridge"/> + <description id="torPreferences-bridges-descriptionProvideBridge" class="indent"/> + <html:textarea + id="torPreferences-bridges-textareaProvideBridge" + class="indent torMarginFix" + multiline="true" + rows="3"/> + </vbox> + </hbox> + </radiogroup> +</groupbox> + + +<groupbox id="torPreferences-advanced-group" + data-category="paneTor" + hidden="true"> + <html:h2 id="torPreferences-advanced-header"/> + <description flex="1"> + <html:span id="torPreferences-advanced-description" class="tail-with-learn-more"/> + <label id="torPreferences-advanced-learnMore" class="learnMore text-link" is="text-link" style="display:none"/> + </description> + <box id="torPreferences-advanced-grid"> +  + <hbox class="torPreferences-advanced-checkbox-container"> + <checkbox id="torPreferences-advanced-toggleProxy"/> + </hbox> + <hbox class="indent" align="center"> + <label id="torPreferences-localProxy-type"/> + </hbox> + <hbox align="center"> + <spacer flex="1"/> + <menulist id="torPreferences-localProxy-builtinList" class="torMarginFix"> + <menupopup/> + </menulist> + </hbox> + <hbox class="indent" align="center"> + <label id="torPreferences-localProxy-address"/> + </hbox> + <hbox align="center"> + <html:input id="torPreferences-localProxy-textboxAddress" type="text" class="torMarginFix"/> + <label id="torPreferences-localProxy-port"/> +  + <html:input id="torPreferences-localProxy-textboxPort" class="proxy-port-input torMarginFix" hidespinbuttons="true" type="number" min="0" max="65535" maxlength="5"/> + </hbox> + <hbox class="indent" align="center"> + <label id="torPreferences-localProxy-username"/> + </hbox> + <hbox align="center"> + <html:input id="torPreferences-localProxy-textboxUsername" type="text" class="torMarginFix"/> + <label id="torPreferences-localProxy-password"/> + <html:input id="torPreferences-localProxy-textboxPassword" class="torMarginFix" type="password"/> + </hbox> +  + <hbox class="torPreferences-advanced-checkbox-container"> + <checkbox id="torPreferences-advanced-toggleFirewall"/> + </hbox> + <hbox class="indent" align="center"> + <label id="torPreferences-advanced-allowedPorts"/> + </hbox> + <hbox align="center"> + <html:input id="torPreferences-advanced-textboxAllowedPorts" type="text" class="torMarginFix" value="80,443"/> + </hbox> + </box> + <hbox id="torPreferences-torDaemon-hbox" align="center"> + <label id="torPreferences-torLogs"/> + <spacer flex="1"/> + <button id="torPreferences-buttonTorLogs" class="torMarginFix"/> + </hbox> +</groupbox> +</html:template> \ No newline at end of file diff --git a/browser/components/torpreferences/content/torPreferences.css b/browser/components/torpreferences/content/torPreferences.css new file mode 100644 index 000000000000..4dac2c457823 --- /dev/null +++ b/browser/components/torpreferences/content/torPreferences.css @@ -0,0 +1,77 @@ +#category-tor > .category-icon { + list-style-image: url("chrome://browser/content/torpreferences/torPreferencesIcon.svg"); +} + +#torPreferences-advanced-grid { + display: grid; + grid-template-columns: auto 1fr; +} + +.torPreferences-advanced-checkbox-container { + grid-column: 1 / 3; +} + +#torPreferences-localProxy-textboxAddress, +#torPreferences-localProxy-textboxUsername, +#torPreferences-localProxy-textboxPassword, +#torPreferences-advanced-textboxAllowedPorts { + -moz-box-flex: 1; +} + +hbox#torPreferences-torDaemon-hbox { + margin-top: 20px; +} + +description#torPreferences-requestBridge-description { + /*margin-bottom: 1em;*/ + min-height: 2em; +} + +image#torPreferences-requestBridge-captchaImage { + margin: 1em; + min-height: 125px; +} + +button#torPreferences-requestBridge-refreshCaptchaButton { + min-width: initial; +} + +dialog#torPreferences-requestBridge-dialog > hbox { + margin-bottom: 1em; +} + +/* + Various elements that really should be lining up don't because they have inconsistent margins +*/ +.torMarginFix { + margin-left : 4px; + margin-right : 4px; +} + +/* + This hbox is hidden by css here by default so that the + xul dialog allocates enough screen space for the error message + element, otherwise it gets cut off since dialog's overflow is hidden +*/ +hbox#torPreferences-requestBridge-incorrectCaptchaHbox { + visibility: hidden; +} + +image#torPreferences-requestBridge-errorIcon { + list-style-image: url("chrome://browser/skin/warning.svg"); +} + +groupbox#torPreferences-bridges-group textarea { + white-space: pre; + overflow: auto; +} + +textarea#torPreferences-torDialog-textarea { + -moz-box-flex: 1; + font-family: monospace; + font-size: 0.8em; + white-space: pre; + overflow: auto; + /* 10 lines */ + min-height: 20em; +} \ No newline at end of file diff --git a/browser/components/torpreferences/content/torPreferencesIcon.svg b/browser/components/torpreferences/content/torPreferencesIcon.svg new file mode 100644 index 000000000000..d7895f1107c5 --- /dev/null +++ b/browser/components/torpreferences/content/torPreferencesIcon.svg @@ -0,0 +1,5 @@ +<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"> + <g fill="context-fill" fill-opacity="context-fill-opacity" fill-rule="nonzero"> + <path d="M12.0246161,21.8174863 L12.0246161,20.3628098 C16.6324777,20.3495038 20.3634751,16.6108555 20.3634751,11.9996673 C20.3634751,7.38881189 16.6324777,3.65016355 12.0246161,3.63685757 L12.0246161,2.18218107 C17.4358264,2.1958197 21.8178189,6.58546322 21.8178189,11.9996673 C21.8178189,17.4142042 17.4358264,21.8041803 12.0246161,21.8174863 L12.0246161,21.8174863 Z M12.0246161,16.7259522 C14.623607,16.7123136 16.7272828,14.6023175 16.7272828,11.9996673 C16.7272828,9.39734991 14.623607,7.28735377 12.0246161,7.27371516 L12.0246161,5.81937131 C15.4272884,5.8326773 18.1819593,8.59400123 18.1819593,11.9996673 C18.1819593,15.4056661 15.4272884,18.1669901 12.0246161,18.1802961 L12.0246161,16.7259522 Z M12.0246161,9.45556355 C13.4187503,9.46886953 14.5454344,10.6022066 14.5454344,11.9996673 C14.5454344,13.3974608 13.4187503,14.5307978 12.0246161,14.5441038 L12.0246161,9.45556355 Z M0,11.9996673 C0,18.6273771 5.37229031,24 12,24 C18.6273771,24 24,18.6273771 24,11.9996673 C24,5.37229031 18.6273771,0 12,0 C5.37229031,0 0,5.37229031 0,11.9996673 Z"/> + </g> +</svg> \ No newline at end of file diff --git a/browser/components/torpreferences/content/torProxySettings.jsm b/browser/components/torpreferences/content/torProxySettings.jsm new file mode 100644 index 000000000000..98bb5e8d5cbf --- /dev/null +++ b/browser/components/torpreferences/content/torProxySettings.jsm @@ -0,0 +1,245 @@ +"use strict"; + +var EXPORTED_SYMBOLS = [ + "TorProxyType", + "TorProxySettings", + "makeTorProxySettingsNone", + "makeTorProxySettingsSocks4", + "makeTorProxySettingsSocks5", + "makeTorProxySettingsHTTPS", +]; + +const { TorProtocolService } = ChromeUtils.import( + "resource:///modules/TorProtocolService.jsm" +); +const { TorStrings } = ChromeUtils.import("resource:///modules/TorStrings.jsm"); +const { parseAddrPort, parseUsernamePassword } = ChromeUtils.import( + "chrome://browser/content/torpreferences/parseFunctions.jsm" +); + +const TorProxyType = { + NONE: "NONE", + SOCKS4: "SOCKS4", + SOCKS5: "SOCKS5", + HTTPS: "HTTPS", +}; + +class TorProxySettings { + constructor() { + this._proxyType = TorProxyType.NONE; + this._proxyAddress = undefined; + this._proxyPort = undefined; + this._proxyUsername = undefined; + this._proxyPassword = undefined; + } + + get type() { + return this._proxyType; + } + get address() { + return this._proxyAddress; + } + get port() { + return this._proxyPort; + } + get username() { + return this._proxyUsername; + } + get password() { + return this._proxyPassword; + } + get proxyURI() { + switch (this._proxyType) { + case TorProxyType.SOCKS4: + return `socks4a://${this._proxyAddress}:${this._proxyPort}`; + case TorProxyType.SOCKS5: + if (this._proxyUsername) { + return `socks5://${this._proxyUsername}:${this._proxyPassword}@${ + this._proxyAddress + }:${this._proxyPort}`; + } + return `socks5://${this._proxyAddress}:${this._proxyPort}`; + case TorProxyType.HTTPS: + if (this._proxyUsername) { + return `http://${this._proxyUsername}:${this._proxyPassword}@${ + this._proxyAddress + }:${this._proxyPort}`; + } + return `http://${this._proxyAddress}:${this._proxyPort}`; + } + return undefined; + } + + // attempts to read proxy settings from Tor daemon + readSettings() { + // SOCKS4 + { + let addressPort = TorProtocolService.readStringSetting( + TorStrings.configKeys.socks4Proxy + ); + if (addressPort) { + // address+port + let [proxyAddress, proxyPort] = parseAddrPort(addressPort); + + this._proxyType = TorProxyType.SOCKS4; + this._proxyAddress = proxyAddress; + this._proxyPort = proxyPort; + this._proxyUsername = ""; + this._proxyPassword = ""; + + return; + } + } + + // SOCKS5 + { + let addressPort = TorProtocolService.readStringSetting( + TorStrings.configKeys.socks5Proxy + ); + + if (addressPort) { + // address+port + let [proxyAddress, proxyPort] = parseAddrPort(addressPort); + // username + let proxyUsername = TorProtocolService.readStringSetting( + TorStrings.configKeys.socks5ProxyUsername + ); + // password + let proxyPassword = TorProtocolService.readStringSetting( + TorStrings.configKeys.socks5ProxyPassword + ); + + this._proxyType = TorProxyType.SOCKS5; + this._proxyAddress = proxyAddress; + this._proxyPort = proxyPort; + this._proxyUsername = proxyUsername; + this._proxyPassword = proxyPassword; + + return; + } + } + + // HTTP + { + let addressPort = TorProtocolService.readStringSetting( + TorStrings.configKeys.httpsProxy + ); + + if (addressPort) { + // address+port + let [proxyAddress, proxyPort] = parseAddrPort(addressPort); + + // username:password + let proxyAuthenticator = TorProtocolService.readStringSetting( + TorStrings.configKeys.httpsProxyAuthenticator + ); + + let [proxyUsername, proxyPassword] = ["", ""]; + if (proxyAuthenticator) { + [proxyUsername, proxyPassword] = parseUsernamePassword( + proxyAuthenticator + ); + } + + this._proxyType = TorProxyType.HTTPS; + this._proxyAddress = proxyAddress; + this._proxyPort = proxyPort; + this._proxyUsername = proxyUsername; + this._proxyPassword = proxyPassword; + } + } + // no proxy settings + } /* TorProxySettings::ReadFromTor() */ + + // attempts to write proxy settings to Tor daemon + // throws on error + writeSettings() { + let settingsObject = new Map(); + + // init proxy related settings to null so Tor daemon resets them + settingsObject.set(TorStrings.configKeys.socks4Proxy, null); + settingsObject.set(TorStrings.configKeys.socks5Proxy, null); + settingsObject.set(TorStrings.configKeys.socks5ProxyUsername, null); + settingsObject.set(TorStrings.configKeys.socks5ProxyPassword, null); + settingsObject.set(TorStrings.configKeys.httpsProxy, null); + settingsObject.set(TorStrings.configKeys.httpsProxyAuthenticator, null); + + switch (this._proxyType) { + case TorProxyType.SOCKS4: + settingsObject.set( + TorStrings.configKeys.socks4Proxy, + `${this._proxyAddress}:${this._proxyPort}` + ); + break; + case TorProxyType.SOCKS5: + settingsObject.set( + TorStrings.configKeys.socks5Proxy, + `${this._proxyAddress}:${this._proxyPort}` + ); + settingsObject.set( + TorStrings.configKeys.socks5ProxyUsername, + this._proxyUsername + ); + settingsObject.set( + TorStrings.configKeys.socks5ProxyPassword, + this._proxyPassword + ); + break; + case TorProxyType.HTTPS: + settingsObject.set( + TorStrings.configKeys.httpsProxy, + `${this._proxyAddress}:${this._proxyPort}` + ); + settingsObject.set( + TorStrings.configKeys.httpsProxyAuthenticator, + `${this._proxyUsername}:${this._proxyPassword}` + ); + break; + } + + TorProtocolService.writeSettings(settingsObject); + } /* TorProxySettings::WriteToTor() */ +} + +// factory methods for our various supported proxies +function makeTorProxySettingsNone() { + return new TorProxySettings(); +} + +function makeTorProxySettingsSocks4(aProxyAddress, aProxyPort) { + let retval = new TorProxySettings(); + retval._proxyType = TorProxyType.SOCKS4; + retval._proxyAddress = aProxyAddress; + retval._proxyPort = aProxyPort; + return retval; +} + +function makeTorProxySettingsSocks5( + aProxyAddress, + aProxyPort, + aProxyUsername, + aProxyPassword +) { + let retval = new TorProxySettings(); + retval._proxyType = TorProxyType.SOCKS5; + retval._proxyAddress = aProxyAddress; + retval._proxyPort = aProxyPort; + retval._proxyUsername = aProxyUsername; + retval._proxyPassword = aProxyPassword; + return retval; +} + +function makeTorProxySettingsHTTPS( + aProxyAddress, + aProxyPort, + aProxyUsername, + aProxyPassword +) { + let retval = new TorProxySettings(); + retval._proxyType = TorProxyType.HTTPS; + retval._proxyAddress = aProxyAddress; + retval._proxyPort = aProxyPort; + retval._proxyUsername = aProxyUsername; + retval._proxyPassword = aProxyPassword; + return retval; +} diff --git a/browser/components/torpreferences/jar.mn b/browser/components/torpreferences/jar.mn new file mode 100644 index 000000000000..857bc9ee3eac --- /dev/null +++ b/browser/components/torpreferences/jar.mn @@ -0,0 +1,14 @@ +browser.jar: + content/browser/torpreferences/parseFunctions.jsm (content/parseFunctions.jsm) + content/browser/torpreferences/requestBridgeDialog.xhtml (content/requestBridgeDialog.xhtml) + content/browser/torpreferences/requestBridgeDialog.jsm (content/requestBridgeDialog.jsm) + content/browser/torpreferences/torBridgeSettings.jsm (content/torBridgeSettings.jsm) + content/browser/torpreferences/torCategory.inc.xhtml (content/torCategory.inc.xhtml) + content/browser/torpreferences/torFirewallSettings.jsm (content/torFirewallSettings.jsm) + content/browser/torpreferences/torLogDialog.jsm (content/torLogDialog.jsm) + content/browser/torpreferences/torLogDialog.xhtml (content/torLogDialog.xhtml) + content/browser/torpreferences/torPane.js (content/torPane.js) + content/browser/torpreferences/torPane.xhtml (content/torPane.xhtml) + content/browser/torpreferences/torPreferences.css (content/torPreferences.css) + content/browser/torpreferences/torPreferencesIcon.svg (content/torPreferencesIcon.svg) + content/browser/torpreferences/torProxySettings.jsm (content/torProxySettings.jsm) diff --git a/browser/components/torpreferences/moz.build b/browser/components/torpreferences/moz.build new file mode 100644 index 000000000000..7e103239c8d6 --- /dev/null +++ b/browser/components/torpreferences/moz.build @@ -0,0 +1 @@ +JAR_MANIFESTS += ['jar.mn'] diff --git a/browser/modules/BridgeDB.jsm b/browser/modules/BridgeDB.jsm new file mode 100644 index 000000000000..2caa26b4e2e0 --- /dev/null +++ b/browser/modules/BridgeDB.jsm @@ -0,0 +1,110 @@ +"use strict"; + +var EXPORTED_SYMBOLS = ["BridgeDB"]; + +const { TorLauncherBridgeDB } = ChromeUtils.import( + "resource://torlauncher/modules/tl-bridgedb.jsm" +); +const { TorProtocolService } = ChromeUtils.import( + "resource:///modules/TorProtocolService.jsm" +); +const { TorStrings } = ChromeUtils.import("resource:///modules/TorStrings.jsm"); + +var BridgeDB = { + _moatRequestor: null, + _currentCaptchaInfo: null, + _bridges: null, + + get currentCaptchaImage() { + if (this._currentCaptchaInfo) { + return this._currentCaptchaInfo.captchaImage; + } + return null; + }, + + get currentBridges() { + return this._bridges; + }, + + submitCaptchaGuess(aCaptchaSolution) { + if (this._moatRequestor && this._currentCaptchaInfo) { + return this._moatRequestor + .finishFetch( + this._currentCaptchaInfo.transport, + this._currentCaptchaInfo.challenge, + aCaptchaSolution + ) + .then(aBridgeInfo => { + this._moatRequestor.close(); + this._moatRequestor = null; + this._currentCaptchaInfo = null; + this._bridges = aBridgeInfo.bridges; + // array of bridge strings + return this._bridges; + }); + } + + return new Promise((aResponse, aReject) => { + aReject(new Error("Invalid _moatRequestor or _currentCaptchaInfo")); + }); + }, + + requestNewCaptchaImage(aProxyURI) { + // close and clear out existing state on captcha request + this.close(); + + let transportPlugins = TorProtocolService.readStringArraySetting( + TorStrings.configKeys.clientTransportPlugin + ); + + let meekClientPath; + let meekTransport; // We support both "meek" and "meek_lite". + let meekClientArgs; + // TODO: shouldn't this early out once meek settings are found? + for (const line of transportPlugins) { + // Parse each ClientTransportPlugin line and look for the meek or + // meek_lite transport. This code works a lot like the Tor daemon's + // parse_transport_line() function. + let tokens = line.split(" "); + if (tokens.length > 2 && tokens[1] == "exec") { + let transportArray = tokens[0].split(",").map(aStr => aStr.trim()); + let transport = transportArray.find( + aTransport => aTransport === "meek" + ); + if (!transport) { + transport = transportArray.find( + aTransport => aTransport === "meek_lite" + ); + } + if (transport) { + meekTransport = transport; + meekClientPath = tokens[2]; + meekClientArgs = tokens.slice(3); + } + } + } + + this._moatRequestor = TorLauncherBridgeDB.createMoatRequestor(); + + return this._moatRequestor + .init(aProxyURI, meekTransport, meekClientPath, meekClientArgs) + .then(() => { + // TODO: get this from TorLauncherUtil + let bridgeType = "obfs4"; + return this._moatRequestor.fetchBridges([bridgeType]); + }) + .then(aCaptchaInfo => { + // cache off the current captcha info as the challenge is needed for response + this._currentCaptchaInfo = aCaptchaInfo; + return aCaptchaInfo.captchaImage; + }); + }, + + close() { + if (this._moatRequestor) { + this._moatRequestor.close(); + this._moatRequestor = null; + } + this._currentCaptchaInfo = null; + }, +}; diff --git a/browser/modules/TorProtocolService.jsm b/browser/modules/TorProtocolService.jsm new file mode 100644 index 000000000000..b4e6ed9a3253 --- /dev/null +++ b/browser/modules/TorProtocolService.jsm @@ -0,0 +1,212 @@ +"use strict"; + +var EXPORTED_SYMBOLS = ["TorProtocolService"]; + +const { TorLauncherUtil } = ChromeUtils.import( + "resource://torlauncher/modules/tl-util.jsm" +); + +var TorProtocolService = { + _tlps: Cc["@torproject.org/torlauncher-protocol-service;1"].getService( + Ci.nsISupports + ).wrappedJSObject, + + // maintain a map of tor settings set by Tor Browser so that we don't + // repeatedly set the same key/values over and over + // this map contains string keys to primitive or array values + _settingsCache: new Map(), + + _typeof(aValue) { + switch (typeof aValue) { + case "boolean": + return "boolean"; + case "string": + return "string"; + case "object": + if (aValue == null) { + return "null"; + } else if (Array.isArray(aValue)) { + return "array"; + } + return "object"; + } + return "unknown"; + }, + + _assertValidSettingKey(aSetting) { + // ensure the 'key' is a string + if (typeof aSetting != "string") { + throw new Error( + `Expected setting of type string but received ${typeof aSetting}` + ); + } + }, + + _assertValidSetting(aSetting, aValue) { + this._assertValidSettingKey(aSetting); + + const valueType = this._typeof(aValue); + switch (valueType) { + case "boolean": + case "string": + case "null": + return; + case "array": + for (const element of aValue) { + if (typeof element != "string") { + throw new Error( + `Setting '${aSetting}' array contains value of invalid type '${typeof element}'` + ); + } + } + return; + default: + throw new Error( + `Invalid object type received for setting '${aSetting}'` + ); + } + }, + + // takes a Map containing tor settings + // throws on error + writeSettings(aSettingsObj) { + // only write settings that have changed + let newSettings = new Map(); + for (const [setting, value] of aSettingsObj) { + let saveSetting = false; + + // make sure we have valid data here + this._assertValidSetting(setting, value); + + if (!this._settingsCache.has(setting)) { + // no cached setting, so write + saveSetting = true; + } else { + const cachedValue = this._settingsCache.get(setting); + if (value != cachedValue) { + // compare arrays member-wise + if (Array.isArray(value) && Array.isArray(cachedValue)) { + if (value.length != cachedValue.length) { + saveSetting = true; + } else { + const arrayLength = value.length; + for (let i = 0; i < arrayLength; ++i) { + if (value[i] != cachedValue[i]) { + saveSetting = true; + break; + } + } + } + } else { + // some other different values + saveSetting = true; + } + } + } + + if (saveSetting) { + newSettings.set(setting, value); + } + } + + // only write if new setting to save + if (newSettings.size > 0) { + // convert settingsObject map to js object for torlauncher-protocol-service + let settingsObject = {}; + for (const [setting, value] of newSettings) { + settingsObject[setting] = value; + } + + let errorObject = {}; + if (!this._tlps.TorSetConfWithReply(settingsObject, errorObject)) { + throw new Error(errorObject.details); + } + + // save settings to cache after successfully writing to Tor + for (const [setting, value] of newSettings) { + this._settingsCache.set(setting, value); + } + } + }, + + _readSetting(aSetting) { + this._assertValidSettingKey(aSetting); + let reply = this._tlps.TorGetConf(aSetting); + if (this._tlps.TorCommandSucceeded(reply)) { + return reply.lineArray; + } + throw new Error(reply.lineArray.join("\n")); + }, + + _readBoolSetting(aSetting) { + let lineArray = this._readSetting(aSetting); + if (lineArray.length != 1) { + throw new Error( + `Expected an array with length 1 but received array of length ${ + lineArray.length + }` + ); + } + + let retval = lineArray[0]; + switch (retval) { + case "0": + return false; + case "1": + return true; + default: + throw new Error(`Expected boolean (1 or 0) but received '${retval}'`); + } + }, + + _readStringSetting(aSetting) { + let lineArray = this._readSetting(aSetting); + if (lineArray.length != 1) { + throw new Error( + `Expected an array with length 1 but received array of length ${ + lineArray.length + }` + ); + } + return lineArray[0]; + }, + + _readStringArraySetting(aSetting) { + let lineArray = this._readSetting(aSetting); + return lineArray; + }, + + readBoolSetting(aSetting) { + let value = this._readBoolSetting(aSetting); + this._settingsCache.set(aSetting, value); + return value; + }, + + readStringSetting(aSetting) { + let value = this._readStringSetting(aSetting); + this._settingsCache.set(aSetting, value); + return value; + }, + + readStringArraySetting(aSetting) { + let value = this._readStringArraySetting(aSetting); + this._settingsCache.set(aSetting, value); + return value; + }, + + // writes current tor settings to disk + flushSettings() { + this._tlps.TorSendCommand("SAVECONF"); + }, + + getLog() { + let countObj = { value: 0 }; + let torLog = this._tlps.TorGetLog(countObj); + return torLog; + }, + + // true if we launched and control tor, false if using system tor + get ownsTorDaemon() { + return TorLauncherUtil.shouldStartAndOwnTor; + }, +}; diff --git a/browser/modules/moz.build b/browser/modules/moz.build index eb77e4f8b101..7a5c26b2e9e1 100644 --- a/browser/modules/moz.build +++ b/browser/modules/moz.build @@ -128,6 +128,7 @@ EXTRA_JS_MODULES += [ 'AboutNewTab.jsm', 'AppUpdater.jsm', 'AsyncTabSwitcher.jsm', + 'BridgeDB.jsm', 'BrowserUsageTelemetry.jsm', 'BrowserWindowTracker.jsm', 'ContentCrashHandlers.jsm', @@ -153,6 +154,7 @@ EXTRA_JS_MODULES += [ 'TabsList.jsm', 'TabUnloader.jsm', 'ThemeVariableMap.jsm', + 'TorProtocolService.jsm', 'TorStrings.jsm', 'TransientPrefs.jsm', 'webrtcUI.jsm',

1 0

[tor-browser/tor-browser-81.0b2-10.0-1] TB3: Tor Browser's official .mozconfigs.
by gk＠torproject.org 27 Aug '20

27 Aug '20

commit c2505684a74284ce35293c04f670f0582437b7c5 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Mon May 6 15:51:06 2013 -0700 TB3: Tor Browser's official .mozconfigs. Also: Bug #9829.1: new .mozconfig file for the new cross-compiler and ESR24 Changes needed to build Mac in 64bit Bug 10715: Enable Webgl for mingw-w64 again. Disable ICU when cross-compiling; clean-up. Bug 15773: Enable ICU on OS X Bug 15990: Don't build the sandbox with mingw-w64 Bug 12761: Switch to ESR 38 for OS X Updating .mozconfig-asan Bug 12516: Compile hardenend Tor Browser with -fwrapv Bug 18331: Switch to Mozilla's toolchain for building Tor Browser for OS X Bug 17858: Cannot create incremental MARs for hardened builds. Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff (which is part of mar-tools and is not distributed to end-users) with ASan. Bug 13419: Add back ICU for Windows Bug 21239: Use GTK2 for ESR52 Linux builds Bug 23025: Add hardening flags for macOS Bug 24478: Enable debug assertions and tests in our ASan builds --enable-proxy-bypass-protection Bug 27597: ASan build option in tor-browser-build is broken Bug 27623 - Export MOZILLA_OFFICIAL during desktop builds This fixes a problem where some preferences had the wrong default value. Also see bug 27472 where we made a similar fix for Android. Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING Bug 31450: Set proper BINDGEN_CFLAGS for ASan builds Add an --enable-tor-browser-data-outside-app-dir configure option Add --with-tor-browser-version configure option Bug 21849: Don't allow SSL key logging. Bug 31457: disable per-installation profiles The dedicated profiles (per-installation) feature does not interact well with our bundled profiles on Linux and Windows, and it also causes multiple profiles to be created on macOS under TorBrowser-Data. Bug 31935: Disable profile downgrade protection. Since Tor Browser does not support more than one profile, disable the prompt and associated code that offers to create one when a version downgrade situation is detected. Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT Bug 25741 - TBA: Disable features at compile-time MOZ_NATIVE_DEVICES for casting and the media player MOZ_TELEMETRY_REPORTING for telemetry MOZ_DATA_REPORTING for all data reporting preferences (crashreport, telemetry, geo) Bug 25741 - TBA: Add default configure options in dedicated file Define MOZ_ANDROID_NETWORK_STATE and MOZ_ANDROID_LOCATION Bug 29859: Disable HLS support for now Add --disable-tor-launcher build option Add --enable-tor-browser-update build option Bug 33734: Set MOZ_NORMANDY to False Bug 33851: Omit Parental Controls. Bug 40061: Omit the Windows default browser agent from the build --- .mozconfig | 38 ++++++++++++++++++++++++ .mozconfig-android | 35 ++++++++++++++++++++++ .mozconfig-asan | 43 +++++++++++++++++++++++++++ .mozconfig-mac | 55 +++++++++++++++++++++++++++++++++++ .mozconfig-mingw | 30 +++++++++++++++++++ browser/base/moz.build | 3 ++ browser/installer/Makefile.in | 8 +++++ browser/moz.configure | 8 ++--- build/moz.configure/old.configure | 6 ++++ mobile/android/confvars.sh | 9 ++++++ mobile/android/geckoview/build.gradle | 1 + mobile/android/moz.configure | 17 +++++++++-- mobile/android/torbrowser.configure | 30 +++++++++++++++++++ old-configure.in | 49 +++++++++++++++++++++++++++++++ security/moz.build | 2 +- security/nss/lib/ssl/Makefile | 2 +- toolkit/modules/AppConstants.jsm | 15 ++++++++++ toolkit/modules/moz.build | 3 ++ 18 files changed, 346 insertions(+), 8 deletions(-) diff --git a/.mozconfig b/.mozconfig new file mode 100755 index 000000000000..24efaea57b0b --- /dev/null +++ b/.mozconfig @@ -0,0 +1,38 @@ +. $topsrcdir/browser/config/mozconfig + +# This mozconfig file is not used in official Tor Browser builds. +# It is only intended to be used when doing incremental Linux builds +# during development. The platform-specific mozconfig configuration +# files used in official Tor Browser releases can be found in the +# tor-browser-build repo: +# https://gitweb.torproject.org/builders/tor-browser-build.git/ +# under: +# tor-browser-build/projects/firefox/mozconfig-$OS-$ARCH + +mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@ +mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" +export MOZILLA_OFFICIAL=1 + +ac_add_options --enable-optimize +ac_add_options --enable-official-branding + +# Let's support GTK3 for ESR60 +ac_add_options --enable-default-toolkit=cairo-gtk3 + +ac_add_options --disable-strip +ac_add_options --disable-install-strip +ac_add_options --disable-tests +ac_add_options --disable-debug +ac_add_options --disable-crashreporter +ac_add_options --disable-webrtc +ac_add_options --disable-parental-controls +# Let's make sure no preference is enabling either Adobe's or Google's CDM. +ac_add_options --disable-eme +ac_add_options --enable-proxy-bypass-protection + +# Disable telemetry +ac_add_options MOZ_TELEMETRY_REPORTING= + +ac_add_options --disable-tor-launcher +ac_add_options --with-tor-browser-version=dev-build +ac_add_options --disable-tor-browser-update diff --git a/.mozconfig-android b/.mozconfig-android new file mode 100755 index 000000000000..1b5e3f3178b7 --- /dev/null +++ b/.mozconfig-android @@ -0,0 +1,35 @@ +mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-arm-linux-androideabi +mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" +export MOZILLA_OFFICIAL=1 + +ac_add_options --enable-optimize +ac_add_options --enable-official-branding + +# Android +ac_add_options --enable-application=mobile/android +ac_add_options --target=arm-linux-androideabi +ac_add_options --with-android-ndk="$NDK_BASE" #Enter the android ndk location(ndk r17b) +ac_add_options --with-android-sdk="$SDK_BASE" #Enter the android sdk location +ac_add_options --with-branding=mobile/android/branding/alpha + +# Use Mozilla's Clang blobs +CC="$HOME/.mozbuild/clang/bin/clang" +CXX="$HOME/.mozbuild/clang/bin/clang++" + +#enable ccache to set amount of cache assigned for build. +ac_add_options --with-ccache + +ac_add_options --enable-strip +ac_add_options --disable-tests +ac_add_options --disable-debug +ac_add_options --disable-rust-debug + +ac_add_options --disable-updater +ac_add_options --disable-crashreporter +ac_add_options --disable-webrtc +ac_add_options --disable-parental-controls + +ac_add_options --enable-proxy-bypass-protection + +# Disable telemetry +ac_add_options MOZ_TELEMETRY_REPORTING= diff --git a/.mozconfig-asan b/.mozconfig-asan new file mode 100644 index 000000000000..13232e054d45 --- /dev/null +++ b/.mozconfig-asan @@ -0,0 +1,43 @@ +. $topsrcdir/browser/config/mozconfig + +export CFLAGS="-fsanitize=address -Dxmalloc=myxmalloc" +export CXXFLAGS="-fsanitize=address -Dxmalloc=myxmalloc" +# We need to add -ldl explicitely due to bug 1213698 +export LDFLAGS="-fsanitize=address -ldl" + +# Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff +# (which is part of mar-tools and is not distributed to end-users) with +# ASan. See bug 17858. +export HOST_CFLAGS="" +export HOST_CXXFLAGS="" +export HOST_LDFLAGS="-ldl" + +mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@ +mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" +export MOZILLA_OFFICIAL=1 +export BINDGEN_CFLAGS='--gcc-toolchain=/var/tmp/dist/gcc' + +ac_add_options --enable-address-sanitizer +ac_add_options --disable-jemalloc +ac_add_options --disable-elf-hack + +ac_add_options --enable-optimize +ac_add_options --enable-official-branding + +# Let's support GTK3 for ESR60 +ac_add_options --enable-default-toolkit=cairo-gtk3 + +ac_add_options --enable-tor-browser-update + +ac_add_options --disable-strip +ac_add_options --disable-install-strip +ac_add_options --enable-tests +ac_add_options --enable-debug +ac_add_options --disable-crashreporter +ac_add_options --disable-webrtc +ac_add_options --disable-parental-controls +ac_add_options --disable-eme +ac_add_options --enable-proxy-bypass-protection + +# Disable telemetry +ac_add_options MOZ_TELEMETRY_REPORTING= diff --git a/.mozconfig-mac b/.mozconfig-mac new file mode 100644 index 000000000000..1f89cab30bbc --- /dev/null +++ b/.mozconfig-mac @@ -0,0 +1,55 @@ +# ld needs libLTO.so from llvm +mk_add_options "export LD_LIBRARY_PATH=$topsrcdir/clang/lib" + +CROSS_CCTOOLS_PATH=$topsrcdir/cctools +CROSS_SYSROOT=$topsrcdir/MacOSX10.7.sdk +CROSS_PRIVATE_FRAMEWORKS=$CROSS_SYSROOT/System/Library/PrivateFrameworks +HARDENING_FLAGS="-Werror=format -Werror=format-security -fstack-protector-strong -D_FORTIFY_SOURCE=2" +FLAGS="-target x86_64-apple-darwin10 -mlinker-version=136 -B $CROSS_CCTOOLS_PATH/bin -isysroot $CROSS_SYSROOT $HARDENING_FLAGS" + +export CC="$topsrcdir/clang/bin/clang $FLAGS" +export CXX="$topsrcdir/clang/bin/clang++ $FLAGS" +export CPP="$topsrcdir/clang/bin/clang $FLAGS -E" +export LLVMCONFIG=$topsrcdir/clang/bin/llvm-config +export LDFLAGS="-Wl,-syslibroot,$CROSS_SYSROOT -Wl,-dead_strip -Wl,-pie" +export TOOLCHAIN_PREFIX=$CROSS_CCTOOLS_PATH/bin/x86_64-apple-darwin10- +#TODO: bug 1184202 - would be nice if these could be detected with TOOLCHAIN_PREFIX automatically +export AR=${TOOLCHAIN_PREFIX}ar +export RANLIB=${TOOLCHAIN_PREFIX}ranlib +export STRIP=${TOOLCHAIN_PREFIX}strip +export OTOOL=${TOOLCHAIN_PREFIX}otool +export DSYMUTIL=$topsrcdir/clang/bin/llvm-dsymutil + +export HOST_CC="$topsrcdir/clang/bin/clang" +export HOST_CXX="$topsrcdir/clang/bin/clang++" +export HOST_CPP="$topsrcdir/clang/bin/clang -E" +export HOST_CFLAGS="-g" +export HOST_CXXFLAGS="-g" +export HOST_LDFLAGS="-g" + +ac_add_options --target=x86_64-apple-darwin +ac_add_options --with-macos-private-frameworks=$CROSS_PRIVATE_FRAMEWORKS + +mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-macos +mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" +export MOZILLA_OFFICIAL=1 + +ac_add_options --enable-application=browser +ac_add_options --enable-strip +ac_add_options --enable-official-branding +ac_add_options --enable-optimize +ac_add_options --disable-debug + +ac_add_options --enable-tor-browser-data-outside-app-dir +ac_add_options --enable-tor-browser-update + +ac_add_options --disable-crashreporter +ac_add_options --disable-webrtc +ac_add_options --disable-parental-controls +ac_add_options --disable-tests +# Let's make sure no preference is enabling either Adobe's or Google's CDM. +ac_add_options --disable-eme +ac_add_options --enable-proxy-bypass-protection + +# Disable telemetry +ac_add_options MOZ_TELEMETRY_REPORTING= diff --git a/.mozconfig-mingw b/.mozconfig-mingw new file mode 100644 index 000000000000..4fb050308060 --- /dev/null +++ b/.mozconfig-mingw @@ -0,0 +1,30 @@ +CROSS_COMPILE=1 + +ac_add_options --enable-application=browser +ac_add_options --target=i686-w64-mingw32 +ac_add_options --with-toolchain-prefix=i686-w64-mingw32- +ac_add_options --enable-default-toolkit=cairo-windows +mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-mingw +mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser" +export MOZILLA_OFFICIAL=1 + +ac_add_options --disable-debug +ac_add_options --enable-optimize +ac_add_options --enable-strip +ac_add_options --enable-official-branding + +ac_add_options --enable-tor-browser-update +ac_add_options --disable-bits-download + +# Let's make sure no preference is enabling either Adobe's or Google's CDM. +ac_add_options --disable-eme +ac_add_options --disable-crashreporter +ac_add_options --disable-maintenance-service +ac_add_options --disable-webrtc +ac_add_options --disable-parental-controls +ac_add_options --disable-tests +ac_add_options --enable-proxy-bypass-protection + +# Disable telemetry +ac_add_options MOZ_TELEMETRY_REPORTING= +ac_add_options --disable-default-browser-agent diff --git a/browser/base/moz.build b/browser/base/moz.build index 0f443f3db5ad..ae6f63aebf4e 100644 --- a/browser/base/moz.build +++ b/browser/base/moz.build @@ -72,6 +72,9 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('windows', 'gtk', 'cocoa'): if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('windows', 'gtk'): DEFINES['MENUBAR_CAN_AUTOHIDE'] = 1 +if CONFIG['TOR_BROWSER_UPDATE']: + DEFINES['TOR_BROWSER_UPDATE'] = 1 + JAR_MANIFESTS += ['jar.mn'] GeneratedFile('content/aboutNetErrorCodes.js', script='gen_aboutneterror_codes.py', diff --git a/browser/installer/Makefile.in b/browser/installer/Makefile.in index b861ad214a64..0325f0ffab9a 100644 --- a/browser/installer/Makefile.in +++ b/browser/installer/Makefile.in @@ -82,6 +82,14 @@ endif endif endif +ifdef TOR_BROWSER_DISABLE_TOR_LAUNCHER +DEFINES += -DTOR_BROWSER_DISABLE_TOR_LAUNCHER +endif + +ifdef TOR_BROWSER_UPDATE +DEFINES += -DTOR_BROWSER_UPDATE +endif + ifneq (,$(filter WINNT Darwin Android,$(OS_TARGET))) DEFINES += -DMOZ_SHARED_MOZGLUE=1 endif diff --git a/browser/moz.configure b/browser/moz.configure index a251050feb9b..3b6b377235ca 100644 --- a/browser/moz.configure +++ b/browser/moz.configure @@ -5,11 +5,11 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. imply_option('MOZ_PLACES', True) -imply_option('MOZ_SERVICES_HEALTHREPORT', True) +imply_option('MOZ_SERVICES_HEALTHREPORT', False) imply_option('MOZ_SERVICES_SYNC', True) -imply_option('MOZ_DEDICATED_PROFILES', True) -imply_option('MOZ_BLOCK_PROFILE_DOWNGRADE', True) -imply_option('MOZ_NORMANDY', True) +imply_option('MOZ_DEDICATED_PROFILES', False) +imply_option('MOZ_BLOCK_PROFILE_DOWNGRADE', False) +imply_option('MOZ_NORMANDY', False) with only_when(target_is_linux & compile_environment): option(env='MOZ_NO_PIE_COMPAT', diff --git a/build/moz.configure/old.configure b/build/moz.configure/old.configure index 4737529ff11a..6e70cdac30e1 100644 --- a/build/moz.configure/old.configure +++ b/build/moz.configure/old.configure @@ -243,6 +243,12 @@ def old_configure_options(*options): '--with-user-appdir', '--x-includes', '--x-libraries', + + # Tor additions. + '--with-tor-browser-version', + '--enable-tor-browser-update', + '--enable-tor-browser-data-outside-app-dir', + '--enable-tor-launcher', ) def prepare_configure_options(host, target, all_options, *options): # old-configure only supports the options listed in @old_configure_options diff --git a/mobile/android/confvars.sh b/mobile/android/confvars.sh index 2cfd371a2956..2d0177075c33 100644 --- a/mobile/android/confvars.sh +++ b/mobile/android/confvars.sh @@ -29,9 +29,18 @@ MOZ_ANDROID_BROWSER_INTENT_CLASS=org.mozilla.gecko.BrowserApp MOZ_NO_SMART_CARDS=1 +# Adds MIME-type support for raw video MOZ_RAW=1 # use custom widget for html:select MOZ_USE_NATIVE_POPUP_WINDOWS=1 MOZ_APP_ID={aa3c5121-dab2-40e2-81ca-7ea25febc110} + +### Tor Browser for Android ### + +# Disable telemetry at compile-time +unset MOZ_TELEMETRY_REPORTING + +# Disable data reporting at compile-time +unset MOZ_DATA_REPORTING diff --git a/mobile/android/geckoview/build.gradle b/mobile/android/geckoview/build.gradle index e295f33e208c..231d364c7ca5 100644 --- a/mobile/android/geckoview/build.gradle +++ b/mobile/android/geckoview/build.gradle @@ -92,6 +92,7 @@ android { buildConfigField 'String', "MOZ_APP_DISPLAYNAME", "\"${mozconfig.substs.MOZ_APP_DISPLAYNAME}\""; buildConfigField 'String', "MOZ_APP_UA_NAME", "\"${mozconfig.substs.MOZ_APP_UA_NAME}\""; buildConfigField 'String', "MOZ_UPDATE_CHANNEL", "\"${mozconfig.substs.MOZ_UPDATE_CHANNEL}\""; + buildConfigField 'String', "TOR_BROWSER_VERSION", "\"${mozconfig.substs.TOR_BROWSER_VERSION}\""; // MOZILLA_VERSION is oddly quoted from autoconf, but we don't have to handle it specially in Gradle. buildConfigField 'String', "MOZILLA_VERSION", "\"${mozconfig.substs.MOZILLA_VERSION}\""; diff --git a/mobile/android/moz.configure b/mobile/android/moz.configure index fa510f0a57d3..f7b4df4ac24a 100644 --- a/mobile/android/moz.configure +++ b/mobile/android/moz.configure @@ -10,7 +10,7 @@ project_flag('MOZ_ANDROID_EXCLUDE_FONTS', project_flag('MOZ_ANDROID_HLS_SUPPORT', help='Enable HLS (HTTP Live Streaming) support (currently using the ExoPlayer library)', - default=True) + default=False) option(env='FENNEC_NIGHTLY', help='Enable experimental code for Fennec Nightly users. NOTE: This is *not* equivalent ' @@ -26,9 +26,12 @@ def fennec_nightly(nightly): return bool(nightly) imply_option('MOZ_NORMANDY', False) -imply_option('MOZ_SERVICES_HEALTHREPORT', True) imply_option('MOZ_ANDROID_HISTORY', True) imply_option('--enable-small-chunk-size', True) +# Comment this so we can imply |False| in torbrowser.configure +# The Build system doesn't allow multiple imply_option() +# calls with the same key. +#imply_option('MOZ_SERVICES_HEALTHREPORT', True) @depends(target) def check_target(target): @@ -39,6 +42,8 @@ def check_target(target): 'Build_Instructions/Simple_Firefox_for_Android_build ' 'for more information about the necessary options.') +include('torbrowser.configure') + include('../../toolkit/moz.configure') include('../../build/moz.configure/android-sdk.configure') include('../../build/moz.configure/java.configure') @@ -50,3 +55,11 @@ option(env='MOZ_ANDROID_FAT_AAR_ARCHITECTURES', help='Comma-separated list of Android CPU architectures like "armeabi-v7a,arm64-v8a,x86,x86_64"') set_config('MOZ_ANDROID_FAT_AAR_ARCHITECTURES', depends('MOZ_ANDROID_FAT_AAR_ARCHITECTURES')(lambda x: x)) + +project_flag('MOZ_ANDROID_NETWORK_STATE', + help='Include permission for accessing WiFi/network state on Android', + default=False) + +project_flag('MOZ_ANDROID_LOCATION', + help='Include permission for accessing fine and course-grain Location on Android', + default=False) diff --git a/mobile/android/torbrowser.configure b/mobile/android/torbrowser.configure new file mode 100644 index 000000000000..2ff6215eedc9 --- /dev/null +++ b/mobile/android/torbrowser.configure @@ -0,0 +1,30 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Set Tor Browser default config + +imply_option('MOZ_ANDROID_EXCLUDE_FONTS', False) + +# Disable uploading crash reports and dump files to an external server +# This is still configured in old-configure. Uncomment when this moves +# to the python config +#imply_option('MOZ_CRASHREPORTER', False) + +# Disable uploading information about the browser configuration and +# performance to an external server +imply_option('MOZ_SERVICES_HEALTHREPORT', False) + +# Disable creating telemetry and data reports that are uploaded to an +# external server +# These aren't actually configure options. These are disabled in +# confvars.sh, but they look like configure options so we'll document +# them here, as well. +#XXX: no confvars.sh here +#imply_option('MOZ_TELEMETRY_REPORTING', False) +#imply_option('MOZ_DATA_REPORTING', False) + +imply_option('MOZ_ANDROID_NETWORK_STATE', False); +imply_option('MOZ_ANDROID_LOCATION', False); diff --git a/old-configure.in b/old-configure.in index 696b31c10dff..dfe7a74b1669 100644 --- a/old-configure.in +++ b/old-configure.in @@ -1926,6 +1926,55 @@ if test -n "$MOZ_UPDATER"; then AC_DEFINE(MOZ_UPDATER) fi +dnl ======================================================== +dnl Tor additions +dnl ======================================================== +MOZ_ARG_WITH_STRING(tor-browser-version, +[ --with-tor-browser-version=VERSION + Set Tor Browser version, e.g., 7.0a1], + TOR_BROWSER_VERSION="$withval") + +if test -z "$TOR_BROWSER_VERSION"; then + AC_MSG_ERROR([--with-tor-browser-version is required for Tor Browser.]) +fi + +MOZ_ARG_ENABLE_BOOL(tor-browser-update, +[ --enable-tor-browser-update + Enable Tor Browser update], + TOR_BROWSER_UPDATE=1, + TOR_BROWSER_UPDATE= ) + +if test -n "$TOR_BROWSER_UPDATE"; then + AC_DEFINE(TOR_BROWSER_UPDATE) +fi + +MOZ_ARG_ENABLE_BOOL(tor-browser-data-outside-app-dir, +[ --enable-tor-browser-data-outside-app-dir + Enable Tor Browser data outside of app directory], + TOR_BROWSER_DATA_OUTSIDE_APP_DIR=1, + TOR_BROWSER_DATA_OUTSIDE_APP_DIR= ) + +if test -n "$TOR_BROWSER_DATA_OUTSIDE_APP_DIR"; then + AC_DEFINE(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) +fi + +AC_DEFINE_UNQUOTED(TOR_BROWSER_VERSION,$TOR_BROWSER_VERSION) +AC_DEFINE_UNQUOTED(TOR_BROWSER_VERSION_QUOTED,"$TOR_BROWSER_VERSION") +AC_SUBST(TOR_BROWSER_UPDATE) +AC_SUBST(TOR_BROWSER_DATA_OUTSIDE_APP_DIR) + +MOZ_ARG_DISABLE_BOOL(tor-launcher, +[ --disable-tor-launcher + Do not include Tor Launcher], + TOR_BROWSER_DISABLE_TOR_LAUNCHER=1, + TOR_BROWSER_DISABLE_TOR_LAUNCHER=) + +if test -n "$TOR_BROWSER_DISABLE_TOR_LAUNCHER"; then + AC_DEFINE(TOR_BROWSER_DISABLE_TOR_LAUNCHER) +fi + +AC_SUBST(TOR_BROWSER_DISABLE_TOR_LAUNCHER) + dnl ======================================================== dnl parental controls (for Windows Vista) dnl ======================================================== diff --git a/security/moz.build b/security/moz.build index dec6f3ef7e21..f00f9fe5d7a7 100644 --- a/security/moz.build +++ b/security/moz.build @@ -85,7 +85,7 @@ gyp_vars['nss_dist_obj_dir'] = '$PRODUCT_DIR/dist/bin' gyp_vars['disable_tests'] = 1 gyp_vars['disable_dbm'] = 1 gyp_vars['disable_libpkix'] = 1 -gyp_vars['enable_sslkeylogfile'] = 1 +gyp_vars['enable_sslkeylogfile'] = 0 # pkg-config won't reliably find zlib on our builders, so just force it. # System zlib is only used for modutil and signtool unless # SSL zlib is enabled, which we are disabling immediately below this. diff --git a/security/nss/lib/ssl/Makefile b/security/nss/lib/ssl/Makefile index 8a8b06f4b508..90571bb3e256 100644 --- a/security/nss/lib/ssl/Makefile +++ b/security/nss/lib/ssl/Makefile @@ -41,7 +41,7 @@ endif # Enable key logging by default in debug builds, but not opt builds. # Logging still needs to be enabled at runtime through env vars. -NSS_ALLOW_SSLKEYLOGFILE ?= $(if $(BUILD_OPT),0,1) +NSS_ALLOW_SSLKEYLOGFILE ?= 0 ifeq (1,$(NSS_ALLOW_SSLKEYLOGFILE)) DEFINES += -DNSS_ALLOW_SSLKEYLOGFILE=1 endif diff --git a/toolkit/modules/AppConstants.jsm b/toolkit/modules/AppConstants.jsm index da47d20b293c..4192ee5b1c44 100644 --- a/toolkit/modules/AppConstants.jsm +++ b/toolkit/modules/AppConstants.jsm @@ -342,6 +342,14 @@ this.AppConstants = Object.freeze({ MOZ_WIDGET_TOOLKIT: "@MOZ_WIDGET_TOOLKIT@", ANDROID_PACKAGE_NAME: "@ANDROID_PACKAGE_NAME@", + TOR_BROWSER_VERSION: "@TOR_BROWSER_VERSION@", + TOR_BROWSER_DATA_OUTSIDE_APP_DIR: +#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR + true, +#else + false, +#endif + DEBUG_JS_MODULES: "@DEBUG_JS_MODULES@", MOZ_BING_API_CLIENTID: "@MOZ_BING_API_CLIENTID@", @@ -419,4 +427,11 @@ this.AppConstants = Object.freeze({ #else false, #endif + + TOR_BROWSER_UPDATE: +#ifdef TOR_BROWSER_UPDATE + true, +#else + false, +#endif }); diff --git a/toolkit/modules/moz.build b/toolkit/modules/moz.build index 1dbbb685efcd..348ea91f5f2e 100644 --- a/toolkit/modules/moz.build +++ b/toolkit/modules/moz.build @@ -296,6 +296,9 @@ for var in ('MOZ_ALLOW_ADDON_SIDELOAD', if CONFIG[var]: DEFINES[var] = True +if CONFIG['TOR_BROWSER_UPDATE']: + DEFINES['TOR_BROWSER_UPDATE'] = 1 + JAR_MANIFESTS += ['jar.mn'] DEFINES['TOPOBJDIR'] = TOPOBJDIR

1 0

[tor-browser/tor-browser-81.0b2-10.0-1] Bug 28044: Integrate Tor Launcher into tor-browser
by gk＠torproject.org 27 Aug '20

27 Aug '20

commit 69e06d479539b33e2fc09a74d7bf423d7b47bfbd Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Tue Feb 26 10:07:17 2019 -0500 Bug 28044: Integrate Tor Launcher into tor-browser Build and package Tor Launcher as part of the browser (similar to how pdfjs is handled). If a Tor Launcher extension is present in the user's profile, it is removed. --- browser/extensions/moz.build | 5 +++++ browser/installer/package-manifest.in | 5 +++++ toolkit/mozapps/extensions/internal/XPIProvider.jsm | 10 ++++++++++ 3 files changed, 20 insertions(+) diff --git a/browser/extensions/moz.build b/browser/extensions/moz.build index f71ece63c42d..9787ecf81592 100644 --- a/browser/extensions/moz.build +++ b/browser/extensions/moz.build @@ -11,3 +11,8 @@ DIRS += [ 'webcompat', 'report-site-issue' ] + +if not CONFIG['TOR_BROWSER_DISABLE_TOR_LAUNCHER']: + DIRS += [ + 'tor-launcher', + ] diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in index 2865597f498e..9cb8a3c65d7b 100644 --- a/browser/installer/package-manifest.in +++ b/browser/installer/package-manifest.in @@ -252,6 +252,11 @@ @RESPATH@/browser/chrome/browser.manifest @RESPATH@/chrome/pdfjs.manifest @RESPATH@/chrome/pdfjs/* +#ifndef TOR_BROWSER_DISABLE_TOR_LAUNCHER +@RESPATH@/browser/chrome/torlauncher.manifest +@RESPATH@/browser/chrome/torlauncher/* +@RESPATH@/browser/@PREF_DIR@/torlauncher-prefs.js +#endif @RESPATH@/chrome/toolkit@JAREXT@ @RESPATH@/chrome/toolkit.manifest @RESPATH@/chrome/recording.manifest diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm index 14bbba2b39b9..87e4d3ee9e45 100644 --- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm +++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm @@ -1462,6 +1462,16 @@ var XPIStates = { for (let [id, file] of loc.readAddons()) { knownIds.delete(id); + // Since it is now part of the browser, uninstall the Tor Launcher + // extension. This will remove the Tor Launcher .xpi from user + // profiles on macOS. + if (id === "tor-launcher(a)torproject.org") { + logger.debug("Uninstalling the Tor Launcher extension."); + loc.installer.uninstallAddon(id); + changed = true; + continue; + } + let xpiState = loc.get(id); if (!xpiState) { // If the location is not supported for sideloading, skip new

1 0

[tor-browser/tor-browser-81.0b2-10.0-1] Bug 12620: TorBrowser regression tests
by gk＠torproject.org 27 Aug '20

27 Aug '20

commit ecb4f385c2a4b6813da4e6f75ebb1e2d1b60ea93 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Wed Aug 27 16:25:00 2014 -0700 Bug 12620: TorBrowser regression tests Regression tests for Bug #2950: Make Permissions Manager memory-only Regression tests for TB4: Tor Browser's Firefox preference overrides. Note: many more functional tests could be made here Regression tests for #2874: Block Components.interfaces from content Bug 18923: Add a script to run all Tor Browser specific tests Regression tests for Bug #16441: Suppress "Reset Tor Browser" prompt. --- run-tbb-tests | 60 +++++++++++++++ tbb-tests/browser.ini | 5 ++ tbb-tests/browser_tor_TB4.js | 162 +++++++++++++++++++++++++++++++++++++++ tbb-tests/browser_tor_bug2950.js | 74 ++++++++++++++++++ tbb-tests/mochitest.ini | 3 + tbb-tests/moz.build | 10 +++ tbb-tests/test_tor_bug2874.html | 25 ++++++ toolkit/toolkit.mozbuild | 3 +- 8 files changed, 341 insertions(+), 1 deletion(-) diff --git a/run-tbb-tests b/run-tbb-tests new file mode 100755 index 000000000000..5e266f9ba4cd --- /dev/null +++ b/run-tbb-tests @@ -0,0 +1,60 @@ +#!/bin/bash + +# This script runs all the Mochitest tests that have been added or +# modified since the last ffxbld commit. +# +# It does not currently run XPCShell tests. We should change this if we +# start using this type or other types of tests. +# +# The logs of the tests are stored in the tbb-tests.log file. +# Ignored tests are listed in the tbb-tests-ignore.txt file. +# +# https://trac.torproject.org/projects/tor/ticket/18923 + +IFS=$'\n' + +if [ -n "$USE_TESTS_LIST" ] && [ -f tbb-tests-list.txt ] +then + echo "Using tests list from file tbb-tests-list.txt" + tests=($(cat tbb-tests-list.txt)) +else + ffxbld_commit=$(git log -500 --format='%an %H' | grep '^ffxbld ' \ + | head -1 | cut -d ' ' -f 2) + + tests=($(git diff --name-status "$ffxbld_commit" HEAD | \ + grep -e '^[AM].*/test_[^/]\+\.$html\|xul$$' \ + -e '^[AM].*/browser_[^/]\+\.js$' \ + | sed 's/^[AM]\s\+//')) +fi + +echo 'The following tests will be run:' +for i in "${!tests[@]}" +do + if [ -z "$USE_TESTS_LIST" ] \ + && grep -q "^${tests[$i]}$" tbb-tests-ignore.txt + then + unset "tests[$i]" + continue + fi + echo "- ${tests[$i]}" +done + +if [ -n "$WRITE_TESTS_LIST" ] +then + rm -f tbb-tests-list.txt + for i in "${!tests[@]}" + do + echo "${tests[$i]}" >> tbb-tests-list.txt + done + exit 0 +fi + +rm -f tbb-tests.log +echo $'\n''Starting tests' +./mach mochitest --log-tbpl tbb-tests.log --setpref security.nocertdb=false \ + "${tests[@]}" + +echo "*************************" +echo "*************************" +echo "Summary of failed tests:" +grep --color=never TEST-UNEXPECTED-FAIL tbb-tests.log diff --git a/tbb-tests/browser.ini b/tbb-tests/browser.ini new file mode 100644 index 000000000000..f481660f1417 --- /dev/null +++ b/tbb-tests/browser.ini @@ -0,0 +1,5 @@ +[DEFAULT] + +[browser_tor_bug2950.js] +[browser_tor_omnibox.js] +[browser_tor_TB4.js] diff --git a/tbb-tests/browser_tor_TB4.js b/tbb-tests/browser_tor_TB4.js new file mode 100644 index 000000000000..af688bee0226 --- /dev/null +++ b/tbb-tests/browser_tor_TB4.js @@ -0,0 +1,162 @@ +// # Test for TB4: Tor Browser's Firefox preference overrides +// Simple regression tests to check the value of each pref and +// decides if it is set as expected. + +// TODO: Write unit tests to check that each pref setting here +// causes the browser to have the desired behavior (a big task). + +function test() { + +let expectedPrefs = [ + // Disable browser auto updaters and associated homepage notifications + ["app.update.auto", false], + ["app.update.enabled", false], + ["browser.search.update", false], + ["browser.rights.3.shown", true], + ["browser.startup.homepage_override.mstone", "ignore"], + ["startup.homepage_welcome_url", ""], + ["startup.homepage_override_url", ""], + + // Disable the "Refresh" prompt that is displayed for stale profiles. + ["browser.disableResetPrompt", true], + + // Disk activity: Disable Browsing History Storage + ["browser.privatebrowsing.autostart", true], + ["browser.cache.disk.enable", false], + ["browser.cache.offline.enable", false], + ["dom.indexedDB.enabled", false], + ["permissions.memory_only", true], + ["network.cookie.lifetimePolicy", 2], + ["security.nocertdb", true], + + // Disk activity: TBB Directory Isolation + ["browser.download.useDownloadDir", false], + ["browser.shell.checkDefaultBrowser", false], + ["browser.download.manager.addToRecentDocs", false], + + // Misc privacy: Disk + ["signon.rememberSignons", false], + ["browser.formfill.enable", false], + ["signon.autofillForms", false], + ["browser.sessionstore.privacy_level", 2], + ["media.cache_size", 0], + + // Misc privacy: Remote + ["browser.send_pings", false], + ["geo.enabled", false], + ["geo.wifi.uri", ""], + ["browser.search.suggest.enabled", false], + ["browser.safebrowsing.malware.enabled", false], + ["extensions.ui.lastCategory", "addons://list/extension"], + ["datareporting.healthreport.uploadEnabled", false], + ["datareporting.policy.dataSubmissionEnabled", false], + ["security.mixed_content.block_active_content", false], // Disable until https://bugzilla.mozilla.org/show_bug.cgi?id=878890 is patched + ["browser.syncPromoViewsLeftMap", "{\"addons\":0, \"passwords\":0, \"bookmarks\":0}"], // Don't promote sync + ["services.sync.engine.prefs", false], // Never sync prefs, addons, or tabs with other browsers + ["services.sync.engine.addons", false], + ["services.sync.engine.tabs", false], + ["extensions.getAddons.cache.enabled", false], // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ + + // Fingerprinting + ["webgl.min_capability_mode", true], + ["webgl.disable-extensions", true], + ["dom.battery.enabled", false], // fingerprinting due to differing OS implementations + ["browser.display.max_font_attempts",10], + ["browser.display.max_font_count",10], + ["gfx.downloadable_fonts.fallback_delay", -1], + ["browser.startup.homepage_override.buildID", "20100101"], + + // Third party stuff + ["network.cookie.cookieBehavior", 1], + ["security.enable_tls_session_tickets", false], + ["network.http.spdy.enabled", false], // Stores state and may have keepalive issues (both fixable) + ["network.http.spdy.enabled.v2", false], // Seems redundant, but just in case + ["network.http.spdy.enabled.v3", false], // Seems redundant, but just in case + + // Proxy and proxy security + ["network.proxy.socks", "127.0.0.1"], + ["network.proxy.socks_port", 9150], + ["network.proxy.socks_remote_dns", true], + ["network.proxy.no_proxies_on", ""], // For fingerprinting and local service vulns (#10419) + ["network.proxy.type", 1], + ["network.security.ports.banned", "9050,9051,9150,9151"], + ["network.dns.disablePrefetch", true], + ["network.protocol-handler.external-default", false], + ["network.protocol-handler.external.mailto", false], + ["network.protocol-handler.external.news", false], + ["network.protocol-handler.external.nntp", false], + ["network.protocol-handler.external.snews", false], + ["network.protocol-handler.warn-external.mailto", true], + ["network.protocol-handler.warn-external.news", true], + ["network.protocol-handler.warn-external.nntp", true], + ["network.protocol-handler.warn-external.snews", true], + + // Network and performance + ["network.http.pipelining", true], + ["network.http.pipelining.aggressive", true], + ["network.http.pipelining.maxrequests", 12], + ["network.http.pipelining.ssl", true], + ["network.http.proxy.pipelining", true], + ["security.ssl.enable_false_start", true], + ["network.http.keep-alive.timeout", 20], + ["network.http.connection-retry-timeout", 0], + ["network.http.max-persistent-connections-per-proxy", 256], + ["network.http.pipelining.reschedule-timeout", 15000], + ["network.http.pipelining.read-timeout", 60000], + // Hacked pref: Now means "Attempt to pipeline at least this many requests together" + ["network.http.pipelining.max-optimistic-requests", 3], + ["security.disable_session_identifiers", true], + + // Extension support + ["extensions.autoDisableScopes", 0], + ["extensions.bootstrappedAddons", "{}"], + ["extensions.checkCompatibility.4.*", false], + ["extensions.databaseSchema", 3], + ["extensions.enabledAddons", "https-everywhere%40eff.org:3.1.4,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1,torbutton%40torproject.org:1.5.2,ubufox%40ubuntu.com:2.6,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.5"], + ["extensions.enabledItems", "langpack-en-US@firefox.mozilla.org:,{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.57,{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8"], + ["extensions.enabledScopes", 1], + ["extensions.pendingOperations", false], + ["xpinstall.whitelist.add", ""], + ["xpinstall.whitelist.add.36", ""], + + // Omnibox settings + ["keyword.URL", "https://startpage.com/do/search?q="], + + // Hacks/workarounds: Direct2D seems to crash w/ lots of video cards w/ MinGW? + // Nvida cards also experience crashes without the second pref set to disabled + ["gfx.direct2d.disabled", true], + ["layers.acceleration.disabled", true], + + // Security enhancements + // https://trac.torproject.org/projects/tor/ticket/9387#comment:17 + ["javascript.options.ion.content", false], + ["javascript.options.baselinejit.content", false], + ["javascript.options.asmjs", false], + ["javascript.options.typeinference", false], + + // Enable TLS 1.1 and 1.2: + // https://trac.torproject.org/projects/tor/ticket/11253 + ["security.tls.version.max", 3], + + // Version placeholder + ["torbrowser.version", "UNKNOWN"], + + ]; + +let getPref = function (prefName) { + let type = gPrefService.getPrefType(prefName); + if (type === gPrefService.PREF_INT) return gPrefService.getIntPref(prefName); + if (type === gPrefService.PREF_BOOL) return gPrefService.getBoolPref(prefName); + if (type === gPrefService.PREF_STRING) return gPrefService.getCharPref(prefName); + // Something went wrong. + throw new Error("Can't access pref " + prefName); +}; + +let testPref = function([key, expectedValue]) { + let foundValue = getPref(key); + is(foundValue, expectedValue, "Pref '" + key + "' should be '" + expectedValue +"'."); +}; + +expectedPrefs.map(testPref); + +} // end function test() diff --git a/tbb-tests/browser_tor_bug2950.js b/tbb-tests/browser_tor_bug2950.js new file mode 100644 index 000000000000..010cc6356202 --- /dev/null +++ b/tbb-tests/browser_tor_bug2950.js @@ -0,0 +1,74 @@ +// # Regression tests for tor Bug #2950, Make Permissions Manager memory-only +// Ensures that permissions.sqlite file in profile directory is not written to, +// even when we write a value to Firefox's permissions database. + +// The requisite test() function. +function test() { + +// Needed because of asynchronous part later in the test. +waitForExplicitFinish(); + +// Shortcut +let Ci = Components.interfaces; + +// ## utility functions + +// __uri(spec)__. +// Creates an nsIURI instance from a spec +// (string address such as "http://torproject.org"). +let uri = spec => Services.io.newURI(spec, null, null); + +// __setPermission(spec, key, value)__. +// Sets the site permission of type key to value, for the site located at address spec. +let setPermission = (spec, key, value) => SitePermissions.set(uri(spec), key, value); + +// __getPermission(spec, key)__. +// Reads the site permission value for permission type key, for the site +// located at address spec. +let getPermission = (spec, key) => SitePermissions.get(uri(spec), key); + +// __profileDirPath__. +// The Firefox Profile directory. Expected location of various persistent files. +let profileDirPath = Services.dirsvc.get("ProfD", Components.interfaces.nsIFile).path; + +// __fileInProfile(fileName)__. +// Returns an nsIFile instance corresponding to a file in the Profile directory. +let fileInProfile = fileName => FileUtils.File(profileDirPath + "/" + fileName); + +// ## Now let's run the test. + +let SITE = "http://torproject.org", + KEY = "popup"; + +let permissionsFile = fileInProfile("permissions.sqlite"), + lastModifiedTime = null, + newModifiedTime = null; +if (permissionsFile.exists()) { + lastModifiedTime = permissionsFile.lastModifiedTime; +} +// Read the original value of the permission. +let originalValue = getPermission(SITE, KEY); + +// We need to delay by at least 1000 ms, because that's the granularity +// of file time stamps, it seems. +window.setTimeout( + function () { + // Set the permission to a new value. + setPermission(SITE, KEY, (originalValue === 0) ? 1 : 0); + // Now read back the permission value again. + let newReadValue = getPermission(SITE, KEY); + // Compare to confirm that the permission + // value was successfully changed. + isnot(newReadValue, originalValue, "Set a value in permissions db (perhaps in memory).");; + // If file existed or now exists, get the current time stamp. + if (permissionsFile.exists()) { + newModifiedTime = permissionsFile.lastModifiedTime; + } + // If file was created or modified since we began this test, + // then permissions db is not memory only. Complain! + is(lastModifiedTime, newModifiedTime, "Don't write to permissions.sqlite file on disk."); + // We are done with the test. + finish(); + }, 1100); + +} // test() diff --git a/tbb-tests/mochitest.ini b/tbb-tests/mochitest.ini new file mode 100644 index 000000000000..cc5172733bbe --- /dev/null +++ b/tbb-tests/mochitest.ini @@ -0,0 +1,3 @@ +[DEFAULT] + +[test_tor_bug2874.html] diff --git a/tbb-tests/moz.build b/tbb-tests/moz.build new file mode 100644 index 000000000000..de8a41a67a5c --- /dev/null +++ b/tbb-tests/moz.build @@ -0,0 +1,10 @@ +# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +MOCHITEST_MANIFESTS += ['mochitest.ini'] + +BROWSER_CHROME_MANIFESTS += [ 'browser.ini' ] + diff --git a/tbb-tests/test_tor_bug2874.html b/tbb-tests/test_tor_bug2874.html new file mode 100644 index 000000000000..c0a956e9f687 --- /dev/null +++ b/tbb-tests/test_tor_bug2874.html @@ -0,0 +1,25 @@ +<!DOCTYPE HTML> +<html> + +<head> + <meta charset="utf-8"> + <title>Test for Tor Bug 2874</title> + <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> + <script type="application/javascript"> + is(typeof Components, 'undefined', "The global window object should not expose a Components property to untrusted content."); + </script> +</head> +<body> +<a target="_blank" href="https://trac.torproject.org/projects/tor/ticket/2874">Tor Bug 2874</a> +<p id="display"></p> +<div id="content" style="display: none"> + +</div> +<pre id="test"> +</pre> +</body> +</html> diff --git a/toolkit/toolkit.mozbuild b/toolkit/toolkit.mozbuild index d092b8b22346..6e35a4602300 100644 --- a/toolkit/toolkit.mozbuild +++ b/toolkit/toolkit.mozbuild @@ -96,7 +96,8 @@ if CONFIG['MOZ_WEBRTC'] and CONFIG['COMPILE_ENVIRONMENT']: ] if CONFIG['ENABLE_TESTS']: - DIRS += ['/testing/specialpowers'] + DIRS += ['/testing/specialpowers', + '/tbb-tests'] DIRS += [ '/testing/gtest',

1 0

[tor-browser/tor-browser-81.0b2-10.0-1] Bug 14970: Don't block our unsigned extensions
by gk＠torproject.org 27 Aug '20

27 Aug '20

commit 36c4dde9d5da786b650059f854c266f4bdd9ce78 Author: Georg Koppen <gk(a)torproject.org> Date: Thu Mar 30 10:38:06 2017 +0000 Bug 14970: Don't block our unsigned extensions Mozilla introduced extension signing as a way to make it harder for an attacker to get a malicious add-on running in a user's browser. See: https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experien… and https://blog.mozilla.org/addons/2016/01/22/add-on-signing-update/ for some background information. Since ESR45 this feature is enabled by default and we exempt EFF's HTTPS-Everywhere from this requirement. --- browser/components/BrowserGlue.jsm | 6 +++++- toolkit/mozapps/extensions/content/aboutaddonsCommon.js | 6 ++++++ toolkit/mozapps/extensions/internal/XPIDatabase.jsm | 5 +++++ toolkit/mozapps/extensions/internal/XPIInstall.jsm | 1 + 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm index 68b77e6f42cf..a432b28b97bc 100644 --- a/browser/components/BrowserGlue.jsm +++ b/browser/components/BrowserGlue.jsm @@ -2257,7 +2257,11 @@ BrowserGlue.prototype = { ); AddonManager.getAddonsByIDs(disabledAddons).then(addons => { for (let addon of addons) { - if (addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) { + // We don't need a false notification that our extensions are + // disabled. Even if they lack Mozilla's blessing they are enabled + // nevertheless. + if ((addon.signedState <= AddonManager.SIGNEDSTATE_MISSING) && + (addon.id !== "https-everywhere-eff(a)eff.org")) { this._notifyUnsignedAddonsDisabled(); break; } diff --git a/toolkit/mozapps/extensions/content/aboutaddonsCommon.js b/toolkit/mozapps/extensions/content/aboutaddonsCommon.js index 5459d0fff050..9204aa657b83 100644 --- a/toolkit/mozapps/extensions/content/aboutaddonsCommon.js +++ b/toolkit/mozapps/extensions/content/aboutaddonsCommon.js @@ -225,9 +225,15 @@ var gBrowser = { }, }; +// This function is the central check point to decide whether to show a warning +// about unsigned extensions or not. We want those warnings but only for +// extensions we don't distribute. function isCorrectlySigned(addon) { // Add-ons without an "isCorrectlySigned" property are correctly signed as // they aren't the correct type for signing. + if (addon.id == "https-everywhere-eff(a)eff.org") { + return true; + } return addon.isCorrectlySigned !== false; } diff --git a/toolkit/mozapps/extensions/internal/XPIDatabase.jsm b/toolkit/mozapps/extensions/internal/XPIDatabase.jsm index 0b9bfa34b138..c8407541c2df 100644 --- a/toolkit/mozapps/extensions/internal/XPIDatabase.jsm +++ b/toolkit/mozapps/extensions/internal/XPIDatabase.jsm @@ -2211,6 +2211,11 @@ this.XPIDatabase = { * True if the add-on should not be appDisabled */ isUsableAddon(aAddon) { + // Ensure that we allow https-everywhere + if (aAddon.id == "https-everywhere-eff(a)eff.org") { + return true; + } + if (this.mustSign(aAddon.type) && !aAddon.isCorrectlySigned) { logger.warn(`Add-on ${aAddon.id} is not correctly signed.`); if (Services.prefs.getBoolPref(PREF_XPI_SIGNATURES_DEV_ROOT, false)) { diff --git a/toolkit/mozapps/extensions/internal/XPIInstall.jsm b/toolkit/mozapps/extensions/internal/XPIInstall.jsm index 4e172f89694a..3396d43116d2 100644 --- a/toolkit/mozapps/extensions/internal/XPIInstall.jsm +++ b/toolkit/mozapps/extensions/internal/XPIInstall.jsm @@ -3953,6 +3953,7 @@ var XPIInstall = { if ( XPIDatabase.mustSign(addon.type) && + addon.id !== "https-everywhere-eff(a)eff.org" && addon.signedState <= AddonManager.SIGNEDSTATE_MISSING ) { throw new Error(

1 0

[tor-browser/tor-browser-81.0b2-10.0-1] Bug 3547: Block all plugins.
by gk＠torproject.org 27 Aug '20

27 Aug '20

commit f4e0e76c2583469d74dc1ba35caf6041175b62a5 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Tue Dec 4 16:03:13 2012 -0800 Bug 3547: Block all plugins. We cannot use the @mozilla.org/extensions/blocklist;1 service, because we actually want to stop plugins from ever entering the browser's process space and/or executing code (for example, AV plugins that collect statistics/analyse urls, magical toolbars that phone home or "help" the user, skype buttons that ruin our day, and censorship filters). Hence we rolled our own. See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings on a better way. Until then, it is delta-darwinism for us. --- dom/plugins/base/PluginFinder.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dom/plugins/base/PluginFinder.cpp b/dom/plugins/base/PluginFinder.cpp index dfac7b052567..aa06842dd3f5 100644 --- a/dom/plugins/base/PluginFinder.cpp +++ b/dom/plugins/base/PluginFinder.cpp @@ -478,6 +478,9 @@ nsresult PluginFinder::ScanPluginsDirectory(nsIFile* pluginsDir, *aPluginsChanged = false; + // Block all plugins + return NS_OK; + #ifdef PLUGIN_LOGGING nsAutoCString dirPath; pluginsDir->GetNativePath(dirPath);

1 0

[tor-browser/tor-browser-81.0b2-10.0-1] Bug 10760: Integrate TorButton to TorBrowser core
by gk＠torproject.org 27 Aug '20

27 Aug '20

commit bc8f2ce056c7c6b3900fbe82a80766430f35f807 Author: Alex Catarineu <acat(a)torproject.org> Date: Wed Feb 19 23:05:08 2020 +0100 Bug 10760: Integrate TorButton to TorBrowser core Because of the non-restartless nature of Torbutton, it required a two-stage installation process. On mobile, it was a problem, because it was not loading when the user opened the browser for the first time. Moving it to tor-browser and making it a system extension allows it to load when the user opens the browser for first time. Additionally, this patch also fixes Bug 27611. Bug 26321: New Circuit and New Identity menu items Bug 14392: Make about:tor behave like other initial pages. Bug 25013: Add torbutton as a tor-browser submodule --- .gitmodules | 3 ++ browser/base/content/aboutDialog.xhtml | 38 +++++++++++------ browser/base/content/browser-doctype.inc | 6 +++ browser/base/content/browser-menubar.inc | 49 ++++++++++++++++------ browser/base/content/browser-sets.inc | 2 + browser/base/content/browser.js | 1 + browser/base/content/browser.xhtml | 26 +++++++++++- .../controlcenter/content/identityPanel.inc.xhtml | 14 +++++++ browser/installer/package-manifest.in | 2 + docshell/base/nsAboutRedirector.cpp | 6 ++- docshell/build/components.conf | 1 + mobile/android/installer/package-manifest.in | 4 ++ toolkit/moz.build | 1 + .../mozapps/extensions/internal/XPIProvider.jsm | 9 ++++ toolkit/torproject/torbutton | 1 + .../lib/environments/browser-window.js | 6 ++- 16 files changed, 139 insertions(+), 30 deletions(-) diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 000000000000..2f03bd8e22df --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "toolkit/torproject/torbutton"] + path = toolkit/torproject/torbutton + url = https://git.torproject.org/torbutton.git diff --git a/browser/base/content/aboutDialog.xhtml b/browser/base/content/aboutDialog.xhtml index 69cbf846bbef..5274cbc02831 100644 --- a/browser/base/content/aboutDialog.xhtml +++ b/browser/base/content/aboutDialog.xhtml @@ -7,11 +7,11 @@ <?xml-stylesheet href="chrome://global/skin/global.css" type="text/css"?> <?xml-stylesheet href="chrome://browser/content/aboutDialog.css" type="text/css"?> <?xml-stylesheet href="chrome://branding/content/aboutDialog.css" type="text/css"?> +<?xml-stylesheet href="chrome://torbutton/skin/aboutDialog.css" type="text/css"?> + <!DOCTYPE window [ -#ifdef XP_MACOSX #include browser-doctype.inc -#endif ]> <window xmlns:html="http://www.w3.org/1999/xhtml" @@ -28,7 +28,7 @@ data-l10n-id="aboutDialog-title" #endif role="dialog" - aria-describedby="version distribution distributionId communityDesc contributeDesc trademark" + aria-describedby="version distribution distributionId projectDesc helpDesc trademark trademarkTor" > #ifdef XP_MACOSX #include macWindow.inc.xhtml @@ -132,24 +132,36 @@ <label is="text-link" useoriginprincipal="true" href="about:credits" data-l10n-name="community-exp-creditsLink"></label> </description> </vbox> - <description class="text-blurb" id="communityDesc" data-l10n-id="community-2"> - <label is="text-link" href="http://www.mozilla.org/" data-l10n-name="community-mozillaLink"></label> - <label is="text-link" useoriginprincipal="true" href="about:credits" data-l10n-name="community-creditsLink"></label> +  + <description class="text-blurb" id="communityDesc" data-l10n-id="community-2" hidden="true"></description> + <description class="text-blurb" id="contributeDesc" data-l10n-id="helpus" hidden="true"></description> + <description class="text-blurb" id="projectDesc"> + &project.start; + <label is="text-link" href="https://www.torproject.org/"> + &project.tpoLink; + </label>&project.end; </description> - <description class="text-blurb" id="contributeDesc" data-l10n-id="helpus"> - <label is="text-link" href="https://donate.mozilla.org/?utm_source=firefox&utm_medium=referral&…" data-l10n-name="helpus-donateLink"></label> - <label is="text-link" href="http://www.mozilla.org/contribute/" data-l10n-name="helpus-getInvolvedLink"></label> + <description class="text-blurb" id="helpDesc"> + &help.start; + <label is="text-link" href="https://donate.torproject.org/"> + &help.donateLink; + </label> + &help.or; + <label is="text-link" href="https://community.torproject.org/"> + &help.getInvolvedLink; + </label>&help.end; </description> </vbox> </vbox> </hbox> <vbox id="bottomBox"> - <hbox pack="center"> - <label is="text-link" class="bottom-link" useoriginprincipal="true" href="about:license" data-l10n-id="bottomLinks-license"></label> - <label is="text-link" class="bottom-link" useoriginprincipal="true" href="about:rights" data-l10n-id="bottomLinks-rights"></label> - <label is="text-link" class="bottom-link" href="https://www.mozilla.org/privacy/" data-l10n-id="bottomLinks-privacy"></label> + <hbox id="newBottom" pack="center" position="1"> + <label is="text-link" class="bottom-link" href="https://support.torproject.org/">&bottomLinks.questions;</label> + <label is="text-link" class="bottom-link" href="https://community.torproject.org/relay/">&bottomLinks.grow;</label> + <label is="text-link" class="bottom-link" useoriginprincipal="true" href="about:license">&bottomLinks.license;</label> </hbox> <description id="trademark" data-l10n-id="trademarkInfo"></description> + <description id="trademarkTor">&tor.TrademarkStatement;</description> </vbox> </vbox> diff --git a/browser/base/content/browser-doctype.inc b/browser/base/content/browser-doctype.inc index 9aa278773158..48cf6cd3eda0 100644 --- a/browser/base/content/browser-doctype.inc +++ b/browser/base/content/browser-doctype.inc @@ -14,3 +14,9 @@ %syncBrandDTD; <!ENTITY % brandingsDTD SYSTEM "chrome://browser/locale/brandings.dtd"> %brandingsDTD; +<!ENTITY % torbuttonDTD SYSTEM "chrome://torbutton/locale/torbutton.dtd"> +%torbuttonDTD; +<!ENTITY % aboutTorDTD SYSTEM "chrome://torbutton/locale/aboutTor.dtd"> +%aboutTorDTD; +<!ENTITY % aboutDialogDTD SYSTEM "chrome://torbutton/locale/aboutDialog.dtd"> +%aboutDialogDTD; diff --git a/browser/base/content/browser-menubar.inc b/browser/base/content/browser-menubar.inc index a865c1fd0d9c..a0eb209f08e4 100644 --- a/browser/base/content/browser-menubar.inc +++ b/browser/base/content/browser-menubar.inc @@ -33,6 +33,18 @@ command="Tools:NonFissionWindow" accesskey="s" label="New Non-Fission Window"/> #endif + <menuseparator/> + <menuitem id="menu_newIdentity" + accesskey="&torbutton.context_menu.new_identity_key;" + key="torbutton-new-identity-key" + label="&torbutton.context_menu.new_identity;" + oncommand="torbutton_new_identity();"/> + <menuitem id="menu_newCircuit" + accesskey="&torbutton.context_menu.new_circuit_key;" + key="torbutton-new-circuit-key" + label="&torbutton.context_menu.new_circuit;" + oncommand="torbutton_new_circuit();"/> + <menuseparator/> <menuitem id="menu_openLocation" hidden="true" command="Browser:OpenLocation" @@ -453,17 +465,28 @@ #endif data-l10n-id="menu-help"> <menupopup id="menu_HelpPopup" onpopupshowing="buildHelpMenu();"> - <menuitem id="menu_openHelp" +  + <box id="feedbackPage"/> + <box id="helpSafeMode"/> + <box id="menu_HelpPopup_reportPhishingtoolmenu"/> + <box id="menu_HelpPopup_reportPhishingErrortoolmenu"/> +  + <menuitem id="torBrowserUserManual" + oncommand="gBrowser.selectedTab = gBrowser.addTab('https://tb-manual.torproject.org/' + Services.locale.requestedLocale, {triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal()});" + label="&aboutTor.torbrowser_user_manual.label;" + accesskey="&aboutTor.torbrowser_user_manual.accesskey;"/> +  +  #else - /> + /> --> #endif - <menuitem id="menu_openTour" - oncommand="openTourPage();" data-l10n-id="menu-help-show-tour"/> +  <menuitem id="help_importFromAnotherBrowser" command="cmd_help_importFromAnotherBrowser" data-l10n-id="menu-help-import-from-another-browser"/> <menuitem id="menu_keyboardShortcuts" @@ -472,22 +495,22 @@ <menuitem id="troubleShooting" oncommand="openTroubleshootingPage()" onclick="checkForMiddleClick(this, event);" data-l10n-id="menu-help-troubleshooting-info"/> - <menuitem id="feedbackPage" +  +  +  +  <menuseparator id="helpPolicySeparator" hidden="true"/> <menuitem id="helpPolicySupport" diff --git a/browser/base/content/browser-sets.inc b/browser/base/content/browser-sets.inc index 613039f4ad28..0bac630b6a5e 100644 --- a/browser/base/content/browser-sets.inc +++ b/browser/base/content/browser-sets.inc @@ -376,4 +376,6 @@ data-l10n-id="hide-other-apps-shortcut" modifiers="accel,alt"/> #endif + <key id="torbutton-new-identity-key" modifiers="accel shift" key="U" oncommand="torbutton_new_identity()"/> + <key id="torbutton-new-circuit-key" modifiers="accel shift" key="L" oncommand="torbutton_new_circuit()"/> </keyset> diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js index 6e25542069ed..074be1c85c5f 100644 --- a/browser/base/content/browser.js +++ b/browser/base/content/browser.js @@ -620,6 +620,7 @@ var gPageIcons = { }; var gInitialPages = [ + "about:tor", "about:blank", "about:newtab", "about:home", diff --git a/browser/base/content/browser.xhtml b/browser/base/content/browser.xhtml index a2a242cc1bc7..cc8679988cba 100644 --- a/browser/base/content/browser.xhtml +++ b/browser/base/content/browser.xhtml @@ -29,6 +29,8 @@ <?xml-stylesheet href="chrome://browser/skin/searchbar.css" type="text/css"?> <?xml-stylesheet href="chrome://browser/skin/places/tree-icons.css" type="text/css"?> <?xml-stylesheet href="chrome://browser/skin/places/editBookmark.css" type="text/css"?> +<?xml-stylesheet href="chrome://torbutton/skin/tor-circuit-display.css" type="text/css"?> +<?xml-stylesheet href="chrome://torbutton/skin/torbutton.css" type="text/css"?> # All DTD information is stored in a separate file so that it can be shared by # hiddenWindowMac.xhtml. @@ -106,11 +108,18 @@ Services.scriptloader.loadSubScript("chrome://browser/content/places/places-menupopup.js", this); Services.scriptloader.loadSubScript("chrome://browser/content/search/autocomplete-popup.js", this); Services.scriptloader.loadSubScript("chrome://browser/content/search/searchbar.js", this); + Services.scriptloader.loadSubScript("chrome://torbutton/content/tor-circuit-display.js", this); + Services.scriptloader.loadSubScript("chrome://torbutton/content/torbutton.js", this); window.onload = gBrowserInit.onLoad.bind(gBrowserInit); window.onunload = gBrowserInit.onUnload.bind(gBrowserInit); window.onclose = WindowIsClosing; + //onLoad Handler + try { + window.addEventListener("load", torbutton_init, false); + } catch (e) {} + window.addEventListener("MozBeforeInitialXULLayout", gBrowserInit.onBeforeInitialXULLayout.bind(gBrowserInit), { once: true }); @@ -791,7 +800,8 @@ class="subviewbutton subviewbutton-iconic" label="&newPrivateWindow.label;" key="key_privatebrowsing" - command="Tools:PrivateBrowsing"/> + command="Tools:PrivateBrowsing" + hidden="true"/> #ifdef NIGHTLY_BUILD <toolbarbutton id="appMenu-fission-window-button" class="subviewbutton subviewbutton-iconic" @@ -807,7 +817,19 @@ <toolbarbutton id="appMenuRestoreLastSession" label="&appMenuHistory.restoreSession.label;" class="subviewbutton subviewbutton-iconic" - command="Browser:RestoreLastSession"/> + command="Browser:RestoreLastSession" + hidden="true"/> + <toolbarseparator/> + <toolbarbutton id="appMenuNewIdentity" + class="subviewbutton subviewbutton-iconic" + key="torbutton-new-identity-key" + label="&torbutton.context_menu.new_identity;" + oncommand="torbutton_new_identity();"/> + <toolbarbutton id="appMenuNewCircuit" + class="subviewbutton subviewbutton-iconic" + key="torbutton-new-circuit-key" + label="&torbutton.context_menu.new_circuit;" + oncommand="torbutton_new_circuit();"/> <toolbarseparator/> <toolbaritem id="appMenu-zoom-controls" class="toolbaritem-combined-buttons" closemenu="none">  diff --git a/browser/components/controlcenter/content/identityPanel.inc.xhtml b/browser/components/controlcenter/content/identityPanel.inc.xhtml index 7e3badbff3b3..fd0399cf2d0f 100644 --- a/browser/components/controlcenter/content/identityPanel.inc.xhtml +++ b/browser/components/controlcenter/content/identityPanel.inc.xhtml @@ -60,6 +60,20 @@ oncommand="gIdentityHandler.showSecuritySubView();"/> </hbox> +  + <hbox id="circuit-display-container" class="identity-popup-section"> + <vbox id="circuit-display-content" flex="1"> + <label id="circuit-display-headline" + class="identity-popup-headline">&torbutton.circuit_display.title;</label> + <html:ul id="circuit-display-nodes" dir="auto"/> + </vbox> + <vbox id="circuit-reload-content" flex="1"> + <html:button id="circuit-reload-button" + onclick="torbutton_new_circuit()">&torbutton.circuit_display.new_circuit;</html:button> + <hbox id="circuit-guard-note-container"/> + </vbox> + </hbox> +  <hbox class="identity-popup-section" when-connection="not-secure secure secure-ev secure-cert-user-overridden file extension cert-error-page https-only-error-page"> diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in index 9cb8a3c65d7b..d2113da95cdf 100644 --- a/browser/installer/package-manifest.in +++ b/browser/installer/package-manifest.in @@ -257,6 +257,8 @@ @RESPATH@/browser/chrome/torlauncher/* @RESPATH@/browser/@PREF_DIR@/torlauncher-prefs.js #endif +@RESPATH@/chrome/torbutton.manifest +@RESPATH@/chrome/torbutton/* @RESPATH@/chrome/toolkit@JAREXT@ @RESPATH@/chrome/toolkit.manifest @RESPATH@/chrome/recording.manifest diff --git a/docshell/base/nsAboutRedirector.cpp b/docshell/base/nsAboutRedirector.cpp index 26fd0dca54eb..fd6f6a4972a1 100644 --- a/docshell/base/nsAboutRedirector.cpp +++ b/docshell/base/nsAboutRedirector.cpp @@ -150,7 +150,11 @@ static const RedirEntry kRedirMap[] = { {"crashcontent", "about:blank", nsIAboutModule::HIDE_FROM_ABOUTABOUT | nsIAboutModule::URI_CAN_LOAD_IN_CHILD | - nsIAboutModule::URI_MUST_LOAD_IN_CHILD}}; + nsIAboutModule::URI_MUST_LOAD_IN_CHILD}, + {"tor", "chrome://torbutton/content/aboutTor/aboutTor.xhtml", + nsIAboutModule::URI_MUST_LOAD_IN_CHILD | + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | + nsIAboutModule::ALLOW_SCRIPT}}; static const int kRedirTotal = mozilla::ArrayLength(kRedirMap); NS_IMETHODIMP diff --git a/docshell/build/components.conf b/docshell/build/components.conf index 70dbcd661099..b5bf16f4cae8 100644 --- a/docshell/build/components.conf +++ b/docshell/build/components.conf @@ -27,6 +27,7 @@ about_pages = [ 'srcdoc', 'support', 'telemetry', + 'tor', 'url-classifier', 'webrtc', ] diff --git a/mobile/android/installer/package-manifest.in b/mobile/android/installer/package-manifest.in index 17d6471c4742..055eb4717447 100644 --- a/mobile/android/installer/package-manifest.in +++ b/mobile/android/installer/package-manifest.in @@ -137,6 +137,10 @@ @BINPATH@/chrome/devtools@JAREXT@ @BINPATH@/chrome/devtools.manifest +; Torbutton +@BINPATH@/chrome/torbutton@JAREXT@ +@BINPATH@/chrome/torbutton.manifest + ; [Default Preferences] ; All the pref files must be part of base to prevent migration bugs #ifdef MOZ_GECKOVIEW_JAR diff --git a/toolkit/moz.build b/toolkit/moz.build index b6f792da7124..3451334de15c 100644 --- a/toolkit/moz.build +++ b/toolkit/moz.build @@ -23,6 +23,7 @@ DIRS += [ 'pluginproblem', 'profile', 'themes', + 'torproject/torbutton', ] if CONFIG['OS_ARCH'] == 'WINNT' and CONFIG['MOZ_DEFAULT_BROWSER_AGENT']: diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm index 87e4d3ee9e45..a27888278f77 100644 --- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm +++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm @@ -1462,6 +1462,15 @@ var XPIStates = { for (let [id, file] of loc.readAddons()) { knownIds.delete(id); + // Uninstall torbutton if it is installed in the user profile + if (id === "torbutton(a)torproject.org" && + loc.name === KEY_APP_PROFILE) { + logger.debug("Uninstalling torbutton from user profile."); + loc.installer.uninstallAddon(id); + changed = true; + continue; + } + // Since it is now part of the browser, uninstall the Tor Launcher // extension. This will remove the Tor Launcher .xpi from user // profiles on macOS. diff --git a/toolkit/torproject/torbutton b/toolkit/torproject/torbutton new file mode 160000 index 000000000000..3dc1c58d6c49 --- /dev/null +++ b/toolkit/torproject/torbutton @@ -0,0 +1 @@ +Subproject commit 3dc1c58d6c494eeb5514ad84831b76661667ba2c diff --git a/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/browser-window.js b/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/browser-window.js index 76e03f2d49bb..2ff107b553b2 100644 --- a/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/browser-window.js +++ b/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/browser-window.js @@ -75,7 +75,11 @@ function getGlobalScriptIncludes(scriptPath) { "browser/components/search/content/" ) .replace("chrome://browser/content/", "browser/base/content/") - .replace("chrome://global/content/", "toolkit/content/"); + .replace("chrome://global/content/", "toolkit/content/") + .replace( + "chrome://torbutton/content/", + "toolkit/torproject/torbutton/chrome/content/" + ); for (let mapping of Object.getOwnPropertyNames(MAPPINGS)) { if (sourceFile.includes(mapping)) {

1 0

[tor-browser/tor-browser-81.0b2-10.0-1] Bug 40069: Add helpers for message passing with extensions
by gk＠torproject.org 27 Aug '20

27 Aug '20

commit 9f6c00052bde179cbe94a9a4b398f57b53f0f564 Author: Alex Catarineu <acat(a)torproject.org> Date: Sun Aug 2 19:12:25 2020 +0200 Bug 40069: Add helpers for message passing with extensions --- toolkit/components/extensions/ExtensionParent.jsm | 47 +++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/toolkit/components/extensions/ExtensionParent.jsm b/toolkit/components/extensions/ExtensionParent.jsm index b7bf99accb73..33c3359af04c 100644 --- a/toolkit/components/extensions/ExtensionParent.jsm +++ b/toolkit/components/extensions/ExtensionParent.jsm @@ -264,6 +264,8 @@ const ProxyMessenger = { /** @type Map<number, ParentPort> */ ports: new Map(), + _torRuntimeMessageListeners: [], + init() { this.conduit = new BroadcastConduit(ProxyMessenger, { id: "ProxyMessenger", @@ -326,6 +328,10 @@ const ProxyMessenger = { }, async recvRuntimeMessage(arg, { sender }) { + // We need to listen to some extension messages in Tor Browser + for (const listener of this._torRuntimeMessageListeners) { + listener(arg); + } arg.firstResponse = true; let kind = await this.normalizeArgs(arg, sender); let result = await this.conduit.castRuntimeMessage(kind, arg); @@ -1870,6 +1876,45 @@ for (let name of StartupCache.STORE_NAMES) { StartupCache[name] = new CacheStore(name); } +async function torSendExtensionMessage(extensionId, message) { + // This should broadcast the message to all children "conduits" + // listening for a "RuntimeMessage". Those children conduits + // will either be extension background pages or other extension + // pages listening to browser.runtime.onMessage. + const result = await ProxyMessenger.conduit.castRuntimeMessage("messenger", { + extensionId, + holder: new StructuredCloneHolder(message), + firstResponse: true, + sender: { + id: extensionId, + envType: "addon_child", + }, + }); + return result + ? result.value + : Promise.reject({ message: ERROR_NO_RECEIVERS }); +} + +async function torWaitForExtensionMessage(extensionId, checker) { + return new Promise(resolve => { + const msgListener = msg => { + try { + if (msg && msg.extensionId === extensionId) { + const deserialized = msg.holder.deserialize({}); + if (checker(deserialized)) { + const idx = ProxyMessenger._torRuntimeMessageListeners.indexOf( + msgListener + ); + ProxyMessenger._torRuntimeMessageListeners.splice(idx, 1); + resolve(deserialized); + } + } + } catch (e) {} + }; + ProxyMessenger._torRuntimeMessageListeners.push(msgListener); + }); +} + var ExtensionParent = { GlobalManager, HiddenExtensionPage, @@ -1881,6 +1926,8 @@ var ExtensionParent = { promiseExtensionViewLoaded, watchExtensionProxyContextLoad, DebugUtils, + torSendExtensionMessage, + torWaitForExtensionMessage, }; // browserPaintedPromise and browserStartupPromise are promises that

1 0

[tor-browser/tor-browser-81.0b2-10.0-1] Add TorStrings module for localization
by gk＠torproject.org 27 Aug '20

27 Aug '20

commit b6ec35b38181a0fe05be80657fa86eb40f991493 Author: Alex Catarineu <acat(a)torproject.org> Date: Fri Jul 24 21:15:20 2020 +0200 Add TorStrings module for localization --- browser/modules/TorStrings.jsm | 490 +++++++++++++++++++++++++++++++++++++++++ browser/modules/moz.build | 1 + 2 files changed, 491 insertions(+) diff --git a/browser/modules/TorStrings.jsm b/browser/modules/TorStrings.jsm new file mode 100644 index 000000000000..e8a8d37ae373 --- /dev/null +++ b/browser/modules/TorStrings.jsm @@ -0,0 +1,490 @@ +"use strict"; + +var EXPORTED_SYMBOLS = ["TorStrings"]; + +const { XPCOMUtils } = ChromeUtils.import( + "resource://gre/modules/XPCOMUtils.jsm" +); +const { Services } = ChromeUtils.import( + "resource://gre/modules/Services.jsm" +); +const { getLocale } = ChromeUtils.import( + "resource://torbutton/modules/utils.js" +); + +XPCOMUtils.defineLazyGlobalGetters(this, ["DOMParser"]); +XPCOMUtils.defineLazyGetter(this, "domParser", () => { + const parser = new DOMParser(); + parser.forceEnableDTD(); + return parser; +}); + +/* + Tor DTD String Bundle + + DTD strings loaded from torbutton/tor-launcher, but provide a fallback in case they aren't available +*/ +class TorDTDStringBundle { + constructor(aBundleURLs, aPrefix) { + let locations = []; + for (const [index, url] of aBundleURLs.entries()) { + locations.push(`<!ENTITY % dtd_${index} SYSTEM "${url}">%dtd_${index};`); + } + this._locations = locations; + this._prefix = aPrefix; + } + + // copied from testing/marionette/l10n.js + localizeEntity(urls, id) { + // Use the DOM parser to resolve the entity and extract its real value + let header = `<?xml version="1.0"?><!DOCTYPE elem [${this._locations.join( + "" + )}]>`; + let elem = `<elem id="elementID">&${id};</elem>`; + let doc = domParser.parseFromString(header + elem, "text/xml"); + let element = doc.querySelector("elem[id='elementID']"); + + if (element === null) { + throw new Error(`Entity with id='${id}' hasn't been found`); + } + + return element.textContent; + } + + getString(key, fallback) { + if (key) { + try { + return this.localizeEntity(this._bundleURLs, `${this._prefix}${key}`); + } catch (e) {} + } + + // on failure, assign the fallback if it exists + if (fallback) { + return fallback; + } + // otherwise return string key + return `$(${key})`; + } +} + +/* + Tor Property String Bundle + + Property strings loaded from torbutton/tor-launcher, but provide a fallback in case they aren't available +*/ +class TorPropertyStringBundle { + constructor(aBundleURL, aPrefix) { + try { + this._bundle = Services.strings.createBundle(aBundleURL); + } catch (e) {} + + this._prefix = aPrefix; + } + + getString(key, fallback) { + if (key) { + try { + return this._bundle.GetStringFromName(`${this._prefix}${key}`); + } catch (e) {} + } + + // on failure, assign the fallback if it exists + if (fallback) { + return fallback; + } + // otherwise return string key + return `$(${key})`; + } +} + +/* + Security Level Strings +*/ +var TorStrings = { + /* + Tor Browser Security Level Strings + */ + securityLevel: (function() { + let tsb = new TorDTDStringBundle( + ["chrome://torbutton/locale/torbutton.dtd"], + "torbutton.prefs.sec_" + ); + let getString = function(key, fallback) { + return tsb.getString(key, fallback); + }; + + // read localized strings from torbutton; but use hard-coded en-US strings as fallbacks in case of error + let retval = { + securityLevel: getString("caption", "Security Level"), + customWarning: getString("custom_warning", "Custom"), + overview: getString( + "overview", + "Disable certain web features that can be used to attack your security and anonymity." + ), + standard: { + level: getString("standard_label", "Standard"), + tooltip: getString("standard_tooltip", "Security Level : Standard"), + summary: getString( + "standard_description", + "All Tor Browser and website features are enabled." + ), + }, + safer: { + level: getString("safer_label", "Safer"), + tooltip: getString("safer_tooltip", "Security Level : Safer"), + summary: getString( + "safer_description", + "Disables website features that are often dangerous, causing some sites to lose functionality." + ), + description1: getString( + "js_on_https_sites_only", + "JavaScript is disabled on non-HTTPS sites." + ), + description2: getString( + "limit_typography", + "Some fonts and math symbols are disabled." + ), + description3: getString( + "click_to_play_media", + "Audio and video (HTML5 media), and WebGL are click-to-play." + ), + }, + safest: { + level: getString("safest_label", "Safest"), + tooltip: getString("safest_tooltip", "Security Level : Safest"), + summary: getString( + "safest_description", + "Only allows website features required for static sites and basic services. These changes affect images, media, and scripts." + ), + description1: getString( + "js_disabled", + "JavaScript is disabled by default on all sites." + ), + description2: getString( + "limit_graphics_and_typography", + "Some fonts, icons, math symbols, and images are disabled." + ), + description3: getString( + "click_to_play_media", + "Audio and video (HTML5 media), and WebGL are click-to-play." + ), + }, + custom: { + summary: getString( + "custom_summary", + "Your custom browser preferences have resulted in unusual security settings. For security and privacy reasons, we recommend you choose one of the default security levels." + ), + }, + learnMore: getString("learn_more_label", "Learn more"), + learnMoreURL: `https://tb-manual.torproject.org/${getLocale()}/security-settings/`, + restoreDefaults: getString("restore_defaults", "Restore Defaults"), + advancedSecuritySettings: getString( + "advanced_security_settings", + "Advanced Security Settings\u2026" + ), + }; + return retval; + })() /* Security Level Strings */, + + /* + Tor about:preferences#tor Strings + */ + settings: (function() { + let tsb = new TorDTDStringBundle( + ["chrome://torlauncher/locale/network-settings.dtd"], + "" + ); + let getString = function(key, fallback) { + return tsb.getString(key, fallback); + }; + + let retval = { + categoryTitle: getString("torPreferences.categoryTitle", "Tor"), + torPreferencesHeading: getString( + "torPreferences.torSettings", + "Tor Settings" + ), + torPreferencesDescription: getString( + "torPreferences.torSettingsDescription", + "Tor Browser routes your traffic over the Tor Network, run by thousands of volunteers around the world." + ), + learnMore: getString("torPreferences.learnMore", "Learn More"), + bridgesHeading: getString("torPreferences.bridges", "Bridges"), + bridgesDescription: getString( + "torPreferences.bridgesDescription", + "Bridges help you access the Tor Network in places where Tor is blocked. Depending on where you are, one bridge may work better than another." + ), + useBridge: getString("torPreferences.useBridge", "Use a bridge"), + selectBridge: getString( + "torsettings.useBridges.default", + "Select a bridge" + ), + requestBridgeFromTorProject: getString( + "torsettings.useBridges.bridgeDB", + "Request a bridge from torproject.org" + ), + requestNewBridge: getString( + "torPreferences.requestNewBridge", + "Request a New Bridge\u2026" + ), + provideBridge: getString( + "torPreferences.provideBridge", + "Provide a bridge" + ), + provideBridgeDirections: getString( + "torsettings.useBridges.label", + "Enter bridge information from a trusted source." + ), + provideBridgePlaceholder: getString( + "torsettings.useBridges.placeholder", + "type address:port (one per line)" + ), + advancedHeading: getString("torPreferences.advanced", "Advanced"), + advancedDescription: getString( + "torPreferences.advancedDescription", + "Configure how Tor Browser connects to the internet." + ), + useLocalProxy: getString("torsettings.useProxy.checkbox", "I use a proxy to connect to the Internet"), + proxyType: getString("torsettings.useProxy.type", "Proxy Type"), + proxyTypeSOCKS4: getString("torsettings.useProxy.type.socks4", "SOCKS4"), + proxyTypeSOCKS5: getString("torsettings.useProxy.type.socks5", "SOCKS5"), + proxyTypeHTTP: getString("torsettings.useProxy.type.http", "HTTP/HTTPS"), + proxyAddress: getString("torsettings.useProxy.address", "Address"), + proxyAddressPlaceholder: getString( + "torsettings.useProxy.address.placeholder", + "IP address or hostname" + ), + proxyPort: getString("torsettings.useProxy.port", "Port"), + proxyUsername: getString("torsettings.useProxy.username", "Username"), + proxyPassword: getString("torsettings.useProxy.password", "Password"), + proxyUsernamePasswordPlaceholder: getString( + "torsettings.optional", + "Optional" + ), + useFirewall: getString( + "torsettings.firewall.checkbox", + "This computer goes through a firewall that only allows connections to certain ports" + ), + allowedPorts: getString( + "torsettings.firewall.allowedPorts", + "Allowed Ports" + ), + allowedPortsPlaceholder: getString( + "torPreferences.firewallPortsPlaceholder", + "Comma-seperated values" + ), + requestBridgeDialogTitle: getString( + "torPreferences.requestBridgeDialogTitle", + "Request Bridge" + ), + submitCaptcha: getString( + "torsettings.useBridges.captchaSubmit", + "Submit" + ), + contactingBridgeDB: getString( + "torPreferences.requestBridgeDialogWaitPrompt", + "Contacting BridgeDB. Please Wait." + ), + solveTheCaptcha: getString( + "torPreferences.requestBridgeDialogSolvePrompt", + "Solve the CAPTCHA to request a bridge." + ), + captchaTextboxPlaceholder: getString( + "torsettings.useBridges.captchaSolution.placeholder", + "Enter the characters from the image" + ), + incorrectCaptcha: getString( + "torPreferences.requestBridgeErrorBadSolution", + "The solution is not correct. Please try again." + ), + showTorDaemonLogs: getString( + "torPreferences.viewTorLogs", + "View the Tor logs." + ), + showLogs: getString("torPreferences.viewLogs", "View Logs\u2026"), + torLogDialogTitle: getString( + "torPreferences.torLogsDialogTitle", + "Tor Logs" + ), + copyLog: getString("torsettings.copyLog", "Copy Tor Log to Clipboard"), + + learnMoreTorBrowserURL: `https://tb-manual.torproject.org/${getLocale()}/about/`, + learnMoreBridgesURL: `https://tb-manual.torproject.org/${getLocale()}/bridges/`, + learnMoreNetworkSettingsURL: `about:blank`, + }; + + return retval; + })() /* Tor Network Settings Strings */, + + /* + Tor Onion Services Strings, e.g., for the authentication prompt. + */ + onionServices: (function() { + let tsb = new TorPropertyStringBundle( + "chrome://torbutton/locale/torbutton.properties", + "onionServices." + ); + let getString = function(key, fallback) { + return tsb.getString(key, fallback); + }; + + const kProblemLoadingSiteFallback = "Problem Loading Onionsite"; + const kLongDescFallback = "Details: %S"; + + let retval = { + learnMore: getString("learnMore", "Learn more"), + learnMoreURL: `https://support.torproject.org/${getLocale()}/onionservices/client-auth/`, + errorPage: { + browser: getString("errorPage.browser", "Browser"), + network: getString("errorPage.network", "Network"), + onionSite: getString("errorPage.onionSite", "Onionsite"), + }, + descNotFound: { // Tor SOCKS error 0xF0 + pageTitle: getString("descNotFound.pageTitle", kProblemLoadingSiteFallback), + header: getString("descNotFound.header", "Onionsite Not Found"), + longDescription: getString("descNotFound.longDescription", kLongDescFallback), + }, + descInvalid: { // Tor SOCKS error 0xF1 + pageTitle: getString("descInvalid.pageTitle", kProblemLoadingSiteFallback), + header: getString("descInvalid.header", "Onionsite Cannot Be Reached"), + longDescription: getString("descInvalid.longDescription", kLongDescFallback), + }, + introFailed: { // Tor SOCKS error 0xF2 + pageTitle: getString("introFailed.pageTitle", kProblemLoadingSiteFallback), + header: getString("introFailed.header", "Onionsite Has Disconnected"), + longDescription: getString("introFailed.longDescription", kLongDescFallback), + }, + rendezvousFailed: { // Tor SOCKS error 0xF3 + pageTitle: getString("rendezvousFailed.pageTitle", kProblemLoadingSiteFallback), + header: getString("rendezvousFailed.header", "Unable to Connect to Onionsite"), + longDescription: getString("rendezvousFailed.longDescription", kLongDescFallback), + }, + clientAuthMissing: { // Tor SOCKS error 0xF4 + pageTitle: getString("clientAuthMissing.pageTitle", "Authorization Required"), + header: getString("clientAuthMissing.header", "Onionsite Requires Authentication"), + longDescription: getString("clientAuthMissing.longDescription", kLongDescFallback), + }, + clientAuthIncorrect: { // Tor SOCKS error 0xF5 + pageTitle: getString("clientAuthIncorrect.pageTitle", "Authorization Failed"), + header: getString("clientAuthIncorrect.header", "Onionsite Authentication Failed"), + longDescription: getString("clientAuthIncorrect.longDescription", kLongDescFallback), + }, + badAddress: { // Tor SOCKS error 0xF6 + pageTitle: getString("badAddress.pageTitle", kProblemLoadingSiteFallback), + header: getString("badAddress.header", "Invalid Onionsite Address"), + longDescription: getString("badAddress.longDescription", kLongDescFallback), + }, + introTimedOut: { // Tor SOCKS error 0xF7 + pageTitle: getString("introTimedOut.pageTitle", kProblemLoadingSiteFallback), + header: getString("introTimedOut.header", "Onionsite Circuit Creation Timed Out"), + longDescription: getString("introTimedOut.longDescription", kLongDescFallback), + }, + authPrompt: { + description: + getString("authPrompt.description2", "%S is requesting that you authenticate."), + keyPlaceholder: getString("authPrompt.keyPlaceholder", "Enter your key"), + done: getString("authPrompt.done", "Done"), + doneAccessKey: getString("authPrompt.doneAccessKey", "d"), + invalidKey: getString("authPrompt.invalidKey", "Invalid key"), + failedToSetKey: + getString("authPrompt.failedToSetKey", "Failed to set key"), + }, + authPreferences: { + header: getString("authPreferences.header", "Onion Services Authentication"), + overview: getString("authPreferences.overview", "Some onion services require that you identify yourself with a key"), + savedKeys: getString("authPreferences.savedKeys", "Saved Keys"), + dialogTitle: getString("authPreferences.dialogTitle", "Onion Services Keys"), + dialogIntro: getString("authPreferences.dialogIntro", "Keys for the following onionsites are stored on your computer"), + onionSite: getString("authPreferences.onionSite", "Onionsite"), + onionKey: getString("authPreferences.onionKey", "Key"), + remove: getString("authPreferences.remove", "Remove"), + removeAll: getString("authPreferences.removeAll", "Remove All"), + failedToGetKeys: getString("authPreferences.failedToGetKeys", "Failed to get keys"), + failedToRemoveKey: getString("authPreferences.failedToRemoveKey", "Failed to remove key"), + }, + }; + + return retval; + })() /* Tor Onion Services Strings */, + + /* + OnionLocation + */ + onionLocation: (function() { + const tsb = new TorPropertyStringBundle( + ["chrome://torbutton/locale/torbutton.properties"], + "onionLocation." + ); + const getString = function(key, fallback) { + return tsb.getString(key, fallback); + }; + + const retval = { + alwaysPrioritize: getString( + "alwaysPrioritize", + "Always Prioritize Onionsites" + ), + alwaysPrioritizeAccessKey: getString("alwaysPrioritizeAccessKey", "a"), + notNow: getString("notNow", "Not Now"), + notNowAccessKey: getString("notNowAccessKey", "n"), + description: getString( + "description", + "Website publishers can protect users by adding a security layer. This prevents eavesdroppers from knowing that you are the one visiting that website." + ), + tryThis: getString("tryThis", "Try this: Onionsite"), + onionAvailable: getString("onionAvailable", "Onionsite available"), + learnMore: getString("learnMore", "Learn more"), + learnMoreURL: `https://tb-manual.torproject.org/${getLocale()}/onion-services/`, + always: getString("always", "Always"), + askEverytime: getString("askEverytime", "Ask you every time"), + prioritizeOnionsDescription: getString( + "prioritizeOnionsDescription", + "Prioritize onionsites when they are available." + ), + onionServicesTitle: getString("onionServicesTitle", "Onion Services"), + }; + + return retval; + })() /* OnionLocation */, + + /* + Tor Deamon Configuration Key Strings + */ + + // TODO: proper camel case + configKeys: { + /* Bridge Conf Settings */ + useBridges: "UseBridges", + bridgeList: "Bridge", + /* Proxy Conf Strings */ + socks4Proxy: "Socks4Proxy", + socks5Proxy: "Socks5Proxy", + socks5ProxyUsername: "Socks5ProxyUsername", + socks5ProxyPassword: "Socks5ProxyPassword", + httpsProxy: "HTTPSProxy", + httpsProxyAuthenticator: "HTTPSProxyAuthenticator", + /* Firewall Conf Strings */ + reachableAddresses: "ReachableAddresses", + + /* BridgeDB Strings */ + clientTransportPlugin: "ClientTransportPlugin", + }, + + /* + about:config preference keys + */ + + preferenceKeys: { + defaultBridgeType: "extensions.torlauncher.default_bridge_type", + recommendedBridgeType: + "extensions.torlauncher.default_bridge_recommended_type", + }, + + /* + about:config preference branches + */ + preferenceBranches: { + defaultBridge: "extensions.torlauncher.default_bridge.", + bridgeDBBridges: "extensions.torlauncher.bridgedb_bridge.", + }, +}; diff --git a/browser/modules/moz.build b/browser/modules/moz.build index 6a8b14b684a7..eb77e4f8b101 100644 --- a/browser/modules/moz.build +++ b/browser/modules/moz.build @@ -153,6 +153,7 @@ EXTRA_JS_MODULES += [ 'TabsList.jsm', 'TabUnloader.jsm', 'ThemeVariableMap.jsm', + 'TorStrings.jsm', 'TransientPrefs.jsm', 'webrtcUI.jsm', 'ZoomUI.jsm',

1 0

[tor-browser/tor-browser-81.0b2-10.0-1] Bug 13028: Prevent potential proxy bypass cases.
by gk＠torproject.org 27 Aug '20

27 Aug '20

commit 446ce2588131ec578b44be20444292d98c1865f7 Author: Mike Perry <mikeperry-git(a)torproject.org> Date: Mon Sep 29 14:30:19 2014 -0700 Bug 13028: Prevent potential proxy bypass cases. It looks like these cases should only be invoked in the NSS command line tools, and not the browser, but I decided to patch them anyway because there literally is a maze of network function pointers being passed around, and it's very hard to tell if some random code might not pass in the proper proxied versions of the networking code here by accident. --- security/nss/lib/certhigh/ocsp.c | 8 ++++++++ .../lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c | 21 +++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c index cea8456606bf..86fa971cfbef 100644 --- a/security/nss/lib/certhigh/ocsp.c +++ b/security/nss/lib/certhigh/ocsp.c @@ -2932,6 +2932,14 @@ ocsp_ConnectToHost(const char *host, PRUint16 port) PRNetAddr addr; char *netdbbuf = NULL; + // XXX: Do we need a unittest ifdef here? We don't want to break the tests, but + // we want to ensure nothing can ever hit this code in production. +#if 1 + printf("Tor Browser BUG: Attempted OSCP direct connect to %s, port %u\n", host, + port); + goto loser; +#endif + sock = PR_NewTCPSocket(); if (sock == NULL) goto loser; diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c index e8698376b5be..85791d84a932 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c @@ -1334,6 +1334,13 @@ pkix_pl_Socket_Create( plContext), PKIX_COULDNOTCREATESOCKETOBJECT); + // XXX: Do we need a unittest ifdef here? We don't want to break the tests, but + // we want to ensure nothing can ever hit this code in production. +#if 1 + printf("Tor Browser BUG: Attempted pkix direct socket connect\n"); + PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED); +#endif + socket->isServer = isServer; socket->timeout = timeout; socket->clientSock = NULL; @@ -1433,6 +1440,13 @@ pkix_pl_Socket_CreateByName( localCopyName = PL_strdup(serverName); + // XXX: Do we need a unittest ifdef here? We don't want to break the tests, but + // we want to ensure nothing can ever hit this code in production. +#if 1 + printf("Tor Browser BUG: Attempted pkix direct connect to %s\n", serverName); + PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED); +#endif + sepPtr = strchr(localCopyName, ':'); /* First strip off the portnum, if present, from the end of the name */ if (sepPtr) { @@ -1582,6 +1596,13 @@ pkix_pl_Socket_CreateByHostAndPort( PKIX_ENTER(SOCKET, "pkix_pl_Socket_CreateByHostAndPort"); PKIX_NULLCHECK_THREE(hostname, pStatus, pSocket); + // XXX: Do we need a unittest ifdef here? We don't want to break the tests, but + // we want to ensure nothing can ever hit this code in production. +#if 1 + printf("Tor Browser BUG: Attempted pkix direct connect to %s, port %u\n", hostname, + portnum); + PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED); +#endif prstatus = PR_GetHostByName(hostname, buf, sizeof(buf), &hostent);

1 0