January 2023 - tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser][tor-browser-102.6.0esr-12.5-1] fixup! Bug 32308: use direct browser sizing for letterboxing.
by Pier Angelo Vendrame (＠pierov) 10 Jan '23

10 Jan '23

Pier Angelo Vendrame pushed to branch tor-browser-102.6.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 1340b399 by hackademix at 2023-01-09T22:50:42+01:00 fixup! Bug 32308: use direct browser sizing for letterboxing. Bug 45162: do not force letterboxing on API-initiated fullscreen. - - - - - 2 changed files: - browser/base/content/browser.css - layout/style/res/ua.css Changes: ===================================== browser/base/content/browser.css ===================================== @@ -111,8 +111,8 @@ body { outline: initial; } -.letterboxing-ready .browserStack:not(.exclude-letterboxing) { - place-content: start center; +:root:not([inDOMFullscreen]) .letterboxing-ready .browserStack:not(.exclude-letterboxing) { + place-content: start center; } /* extend down the toolbar's colors when letterboxing is enabled */ ===================================== layout/style/res/ua.css ===================================== @@ -356,8 +356,8 @@ left: 0 !important; right: 0 !important; bottom: 0 !important; - width: 100%; - height: 100%; + width: 100% !important; + height: 100% !important; margin: 0 !important; min-width: 0 !important; max-width: none !important; @@ -368,11 +368,6 @@ transform: none !important; } -*|*:fullscreen:not(:root, .letterboxing .browserStack:not(.exclude-letterboxing) > browser) { - width: 100% !important; - height: 100% !important; -} - xul|*:fullscreen:not(:root, [hidden="true"]) { /* The position: fixed; property above used to force the computed display * value to block. It is no longer the case now, so we manually set it here to View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1340b39… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1340b39… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.6.0esr-12.5-1] fixup! Bug 40925: Implemented the Security Level component
by Richard Pospesel (＠richard) 09 Jan '23

09 Jan '23

Richard Pospesel pushed to branch tor-browser-102.6.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 90395b29 by Henry Wilkes at 2023-01-09T20:41:54+00:00 fixup! Bug 40925: Implemented the Security Level component Bug 32274: Make the security level settings more accessible: + We remove the "Restore Defaults" link that was between each radio option and place it separately as a button, with some notification text. + We set the `aria-describedby` attribute on the radio options to point to the description. + We change the security level popup's button text from "Change" to "Change Setting" to give users more of a hint that clicking the button will land them in the middle of about:preferences. We also tidied up the javascript, CSS and xhtml. - - - - - 5 changed files: - browser/components/preferences/privacy.js - browser/components/securitylevel/content/securityLevel.js - browser/components/securitylevel/content/securityLevelPreferences.css - browser/components/securitylevel/content/securityLevelPreferences.inc.xhtml - browser/components/securitylevel/locale/en-US/securityLevel.properties Changes: ===================================== browser/components/preferences/privacy.js ===================================== @@ -341,11 +341,9 @@ var gPrivacyPane = { */ _initSecurityLevel() { SecurityLevelPreferences.init(); - let unload = () => { - window.removeEventListener("unload", unload); - SecurityLevelPreferences.uninit(); - }; - window.addEventListener("unload", unload); + window.addEventListener("unload", () => SecurityLevelPreferences.uninit(), { + once: true, + }); }, /** ===================================== browser/components/securitylevel/content/securityLevel.js ===================================== @@ -17,13 +17,14 @@ XPCOMUtils.defineLazyGetter(this, "SecurityLevelStrings", () => { security_level_restore: "Restore Defaults", security_level_learn_more: "Learn more", // Panel - security_level_change: "Change…", + security_level_change_setting: "Change Setting…", security_level_standard_summary: "All browser and website features are enabled.", security_level_safer_summary: "Disables website features that are often dangerous, causing some sites to lose functionality.", security_level_safest_summary: "Only allows website features required for static sites and basic services. These changes affect images, media, and scripts.", + security_level_custom_heading: "Warning!", security_level_custom_summary: "Your custom browser preferences have resulted in unusual security settings. For security and privacy reasons, we recommend you choose one of the default security levels.", // Security level section in about:preferences#privacy @@ -259,7 +260,7 @@ var SecurityLevelPanel = { this._elements.restoreDefaultsButton.textContent = SecurityLevelStrings.security_level_restore; this._elements.settingsButton.textContent = - SecurityLevelStrings.security_level_change; + SecurityLevelStrings.security_level_change_setting; this._elements.restoreDefaultsButton.addEventListener("command", () => { this.restoreDefaults(); @@ -367,120 +368,112 @@ var SecurityLevelPanel = { var SecurityLevelPreferences = { _securityPrefsBranch: null, + /** + * The notification box shown when the user has a custom security setting. + * + * @type {Element} + */ + _customNotification: null, + /** + * The radiogroup for this preference. + * + * @type {Element} + */ + _radiogroup: null, + /** + * A list of radio options and their containers. + * + * @type {Array<Object>} + */ + _radioOptions: null, _populateXUL() { - const groupbox = document.querySelector("#securityLevel-groupbox"); - const radiogroup = groupbox.querySelector("#securityLevel-radiogroup"); - radiogroup.addEventListener( - "command", - SecurityLevelPreferences.selectSecurityLevel + this._customNotification = document.getElementById( + "securityLevel-customNotification" ); + this._radiogroup = document.getElementById("securityLevel-radiogroup"); - groupbox.querySelector("h2").textContent = + document.querySelector("#securityLevel-groupbox h2").textContent = SecurityLevelStrings.security_level; - groupbox.querySelector("#securityLevel-overview").textContent = + document.getElementById("securityLevel-overview").textContent = SecurityLevelStrings.security_level_overview; - groupbox - .querySelector("#securityLevel-learnMore") + document + .getElementById("securityLevel-learnMore") .setAttribute("value", SecurityLevelStrings.security_level_learn_more); - const populateRadioElements = (level, descr) => { - const vbox = groupbox.querySelector(`#securityLevel-vbox-${level}`); - vbox - .querySelector("radio") - .setAttribute("label", SecurityLevelStrings[`security_level_${level}`]); - vbox - .querySelector(".securityLevel-customWarning") - .setAttribute("value", SecurityLevelStrings.security_level_custom); - vbox.querySelector(".summary").textContent = - SecurityLevelStrings[`security_level_${level}_summary`]; - const labelRestoreDefaults = vbox.querySelector( - ".securityLevel-restoreDefaults" - ); - labelRestoreDefaults.setAttribute( - "value", - SecurityLevelStrings.security_level_restore + document.getElementById("securityLevel-customHeading").textContent = + SecurityLevelStrings.security_level_custom_heading; + document.getElementById("securityLevel-customDescription").textContent = + SecurityLevelStrings.security_level_custom_summary; + const restoreDefaultsButton = document.getElementById( + "securityLevel-restoreDefaults" + ); + restoreDefaultsButton.textContent = + SecurityLevelStrings.security_level_restore; + + this._radioOptions = Array.from( + this._radiogroup.querySelectorAll(".securityLevel-radio-option"), + container => { + return { container, radio: container.querySelector("radio") }; + } + ); + const descListItemsMap = { + safer: [ + SecurityLevelStrings.security_level_js_https_only, + SecurityLevelStrings.security_level_limit_typography, + SecurityLevelStrings.security_level_limit_media, + ], + safest: [ + SecurityLevelStrings.security_level_js_disabled, + SecurityLevelStrings.security_level_limit_typography_svg, + SecurityLevelStrings.security_level_limit_media, + ], + }; + for (const { container, radio } of this._radioOptions) { + const level = radio.value; + radio.setAttribute( + "label", + SecurityLevelStrings[`security_level_${level}`] ); - labelRestoreDefaults.addEventListener( - "click", - SecurityLevelStrings.restoreDefaults + container.querySelector(".summary").textContent = + SecurityLevelStrings[`security_level_${level}_summary`]; + const descListItems = descListItemsMap[level]; + if (!descListItems) { + continue; + } + const descrList = container.querySelector( + ".securityLevel-descriptionList" ); - if (descr) { - const descrList = vbox.querySelector(".securityLevel-descriptionList"); - // TODO: Add the elements in securityLevelPreferences.inc.xhtml again - // when we switch to Fluent - for (const text of descr) { - let elem = document.createXULElement("description"); - elem.textContent = text; - elem.className = "indent"; - descrList.append(elem); - } + // TODO: Add the elements in securityLevelPreferences.inc.xhtml again + // when we switch to Fluent + for (const text of descListItems) { + let elem = document.createXULElement("description"); + elem.textContent = text; + elem.className = "indent"; + descrList.append(elem); } - }; - populateRadioElements("standard"); - populateRadioElements("safer", [ - SecurityLevelStrings.security_level_js_https_only, - SecurityLevelStrings.security_level_limit_typography, - SecurityLevelStrings.security_level_limit_media, - ]); - populateRadioElements("safest", [ - SecurityLevelStrings.security_level_js_disabled, - SecurityLevelStrings.security_level_limit_typography_svg, - SecurityLevelStrings.security_level_limit_media, - ]); + } + + restoreDefaultsButton.addEventListener("command", () => { + SecurityLevelPrefs.securityCustom = false; + }); + this._radiogroup.addEventListener("select", () => { + SecurityLevelPrefs.securityLevel = this._radiogroup.value; + }); }, _configUIFromPrefs() { - // read our prefs - const securityLevel = SecurityLevelPrefs.securityLevel; - const securityCustom = SecurityLevelPrefs.securityCustom; - - // get our elements - const groupbox = document.querySelector("#securityLevel-groupbox"); - let radiogroup = groupbox.querySelector("#securityLevel-radiogroup"); - let labelStandardCustom = groupbox.querySelector( - "#securityLevel-vbox-standard label.securityLevel-customWarning" - ); - let labelSaferCustom = groupbox.querySelector( - "#securityLevel-vbox-safer label.securityLevel-customWarning" - ); - let labelSafestCustom = groupbox.querySelector( - "#securityLevel-vbox-safest label.securityLevel-customWarning" - ); - let labelStandardRestoreDefaults = groupbox.querySelector( - "#securityLevel-vbox-standard label.securityLevel-restoreDefaults" - ); - let labelSaferRestoreDefaults = groupbox.querySelector( - "#securityLevel-vbox-safer label.securityLevel-restoreDefaults" - ); - let labelSafestRestoreDefaults = groupbox.querySelector( - "#securityLevel-vbox-safest label.securityLevel-restoreDefaults" - ); - - // hide custom label by default until we know which level we're at - labelStandardCustom.hidden = true; - labelSaferCustom.hidden = true; - labelSafestCustom.hidden = true; - - labelStandardRestoreDefaults.hidden = true; - labelSaferRestoreDefaults.hidden = true; - labelSafestRestoreDefaults.hidden = true; - - radiogroup.value = securityLevel; - - switch (securityLevel) { - case "standard": - labelStandardCustom.hidden = !securityCustom; - labelStandardRestoreDefaults.hidden = !securityCustom; - break; - case "safer": - labelSaferCustom.hidden = !securityCustom; - labelSaferRestoreDefaults.hidden = !securityCustom; - break; - case "safest": - labelSafestCustom.hidden = !securityCustom; - labelSafestRestoreDefaults.hidden = !securityCustom; - break; + this._radiogroup.value = SecurityLevelPrefs.securityLevel; + const isCustom = SecurityLevelPrefs.securityCustom; + this._radiogroup.disabled = isCustom; + this._customNotification.hidden = !isCustom; + // Have the container's selection CSS class match the selection state of the + // radio elements. + for (const { container, radio } of this._radioOptions) { + container.classList.toggle( + "securityLevel-radio-option-selected", + radio.selected + ); } }, @@ -514,17 +507,4 @@ var SecurityLevelPreferences = { break; } }, - - selectSecurityLevel() { - // radio group elements - let radiogroup = document.getElementById("securityLevel-radiogroup"); - - // update pref based on selected radio option - SecurityLevelPrefs.securityLevel = radiogroup.value; - SecurityLevelPreferences.restoreDefaults(); - }, - - restoreDefaults() { - SecurityLevelPrefs.securityCustom = false; - }, }; /* SecurityLevelPreferences */ ===================================== browser/components/securitylevel/content/securityLevelPreferences.css ===================================== @@ -1,51 +1,58 @@ -label.securityLevel-customWarning { - border-radius: 4px; - background-color: var(--yellow-50); - color: black; - font-size: 1em; - height: 1.6em; - padding: 0.4em 0.5em; +#securityLevel-groupbox { + --section-highlight-background-color: color-mix(in srgb, var(--in-content-accent-color) 20%, transparent); +} + +#securityLevel-customNotification { + /* Spacing similar to #fpiIncompatibilityWarning. */ + margin-block: 16px; +} + +.info-icon.securityLevel-custom-warning-icon { + list-style-image: url("chrome://global/skin/icons/warning.svg"); +} + +#securityLevel-customHeading { + font-weight: bold; } -radiogroup#securityLevel-radiogroup description { - color: var(--in-content-page-color)!important; +/* Overwrite indent rule from preferences.css */ +#securityLevel-radiogroup description.indent { + color: var(--in-content-page-color); } -radiogroup#securityLevel-radiogroup radio { +#securityLevel-radiogroup radio { font-weight: bold; } -radiogroup#securityLevel-radiogroup > vbox { +#securityLevel-radiogroup[disabled] { + opacity: 0.5; +} + +/* Overwrite the rule in common-shared.css so we don't get 0.25 opacity overall + * on the radio text. */ +#securityLevel-radiogroup[disabled] radio[disabled] { + opacity: 1.0; +} + +.securityLevel-radio-option { border: 1px solid var(--in-content-box-border-color); border-radius: 4px; margin: 3px 0; padding: 9px; } -radiogroup#securityLevel-radiogroup[value=standard] > vbox#securityLevel-vbox-standard, -radiogroup#securityLevel-radiogroup[value=safer] > vbox#securityLevel-vbox-safer, -radiogroup#securityLevel-radiogroup[value=safest] > vbox#securityLevel-vbox-safest { - --section-highlight-background-color: color-mix(in srgb, var(--in-content-accent-color) 20%, transparent); +.securityLevel-radio-option.securityLevel-radio-option-selected { background-color: var(--section-highlight-background-color); border: 1px solid var(--in-content-accent-color); } -vbox.securityLevel-descriptionList { +.securityLevel-radio-option:not( + .securityLevel-radio-option-selected +) .securityLevel-descriptionList { display: none; } -radiogroup#securityLevel-radiogroup[value=safer] vbox#securityLevel-vbox-safer vbox.securityLevel-descriptionList, -radiogroup#securityLevel-radiogroup[value=safest] vbox#securityLevel-vbox-safest vbox.securityLevel-descriptionList { - display: inherit; -} - -vbox.securityLevel-descriptionList description { +.securityLevel-descriptionList description { display: list-item; } - -vbox#securityLevel-vbox-standard, -vbox#securityLevel-vbox-safer, -vbox#securityLevel-vbox-safest { - margin-top: 0.4em; -} ===================================== browser/components/securitylevel/content/securityLevelPreferences.inc.xhtml ===================================== @@ -2,62 +2,58 @@ data-category="panePrivacy" data-subcategory="securitylevel" hidden="true"> - <label><html:h2/></label> + <label><html:h2></html:h2></label> <vbox flex="1"> <description flex="1"> - <html:span id="securityLevel-overview" class="tail-with-learn-more"/> + <html:span id="securityLevel-overview" class="tail-with-learn-more"> + </html:span> <label id="securityLevel-learnMore" class="learnMore text-link" is="text-link" href="about:manual#security-settings" useoriginprincipal="true"/> </description> + <hbox id="securityLevel-customNotification" + class="info-box-container" + flex="1"> + <hbox class="info-icon-container"> + <image class="info-icon securityLevel-custom-warning-icon"/> + </hbox> + <vbox flex="1"> + <label id="securityLevel-customHeading"/> + <description id="securityLevel-customDescription" flex="1"/> + </vbox> + <hbox align="center"> + <button id="securityLevel-restoreDefaults"/> + </hbox> + </hbox> <radiogroup id="securityLevel-radiogroup"> - <vbox id="securityLevel-vbox-standard"> - <hbox> - <radio value="standard"/> - <vbox> - <spacer flex="1"/> - <label class="securityLevel-customWarning"/> - <spacer flex="1"/> - </vbox> - <spacer flex="1"/> - </hbox> - <description flex="1" class="indent"> - <html:span class="summary tail-with-learn-more"/> - <label class="securityLevel-restoreDefaults learnMore text-link"/> - </description> + <vbox class="securityLevel-radio-option"> + <radio value="standard" + aria-describedby="securityLevelSummary-standard"/> + <vbox id="securityLevelSummary-standard"> + <description class="summary indent" flex="1"/> + </vbox> </vbox> - <vbox id="securityLevel-vbox-safer"> - <hbox> - <radio value="safer"/> - <vbox> - <spacer flex="1"/> - <label class="securityLevel-customWarning"/> - <spacer flex="1"/> - </vbox> - </hbox> - <description flex="1" class="indent"> - <html:span class="summary tail-with-learn-more"/> - <label class="securityLevel-restoreDefaults learnMore text-link"/> - </description> - <vbox class="securityLevel-descriptionList indent"> + <vbox class="securityLevel-radio-option"> +  + <radio value="safer" + aria-describedby="securityLevelSummary-safer"/> + <vbox id="securityLevelSummary-safer"> + <description class="summary indent" flex="1"/> + <vbox class="securityLevel-descriptionList indent"/> </vbox> </vbox> - <vbox id="securityLevel-vbox-safest"> - <hbox> - <radio value="safest"/> - <vbox> - <spacer flex="1"/> - <label class="securityLevel-customWarning"/> - <spacer flex="1"/> - </vbox> - </hbox> - <description flex="1" class="indent"> - <html:span class="summary tail-with-learn-more"/> - <label class="securityLevel-restoreDefaults learnMore text-link"/> - </description> - <vbox class="securityLevel-descriptionList indent"> + <vbox class="securityLevel-radio-option"> + <radio value="safest" + aria-describedby="securityLevelSummary-safest"/> + <vbox id="securityLevelSummary-safest"> + <description class="summary indent" flex="1"/> + <vbox class="securityLevel-descriptionList indent"/> </vbox> </vbox> </radiogroup> ===================================== browser/components/securitylevel/locale/en-US/securityLevel.properties ===================================== @@ -13,9 +13,11 @@ security_level_learn_more = Learn more # Panel security_level_change = Change… +security_level_change_setting = Change Setting… security_level_standard_summary = All browser and website features are enabled. security_level_safer_summary = Disables website features that are often dangerous, causing some sites to lose functionality. security_level_safest_summary = Only allows website features required for static sites and basic services. These changes affect images, media, and scripts. +security_level_custom_heading = Warning! security_level_custom_summary = Your custom browser preferences have resulted in unusual security settings. For security and privacy reasons, we recommend you choose one of the default security levels. ## Security level section in about:preferences#privacy View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/90395b2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/90395b2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.6.0esr-12.0-1] 2 commits: fixup! Bug 16940: After update, load local change notes.
by Richard Pospesel (＠richard) 09 Jan '23

09 Jan '23

Richard Pospesel pushed to branch tor-browser-102.6.0esr-12.0-1 at The Tor Project / Applications / Tor Browser Commits: 4b8dca0d by Pier Angelo Vendrame at 2023-01-09T20:34:21+00:00 fixup! Bug 16940: After update, load local change notes. Bug 41524: Read changelogs as UTF-8 - - - - - 7774a06e by Henry Wilkes at 2023-01-09T20:34:31+00:00 fixup! Bug 16940: After update, load local change notes. We make a number of related changed to improve the semantics and accessibility of the about:tbupdate page: + We parse and show the release notes as a bullet list. + We use paragraphs, headings and bullet list to structure content. + We stop using fixed "px" font sizes and use relative sizes instead. + Add a lang="en-US" and dir="ltr" attribute to the english text. - - - - - 4 changed files: - browser/actors/AboutTBUpdateParent.jsm - browser/base/content/abouttbupdate/aboutTBUpdate.css - browser/base/content/abouttbupdate/aboutTBUpdate.js - browser/base/content/abouttbupdate/aboutTBUpdate.xhtml Changes: ===================================== browser/actors/AboutTBUpdateParent.jsm ===================================== @@ -8,7 +8,6 @@ this.EXPORTED_SYMBOLS = ["AboutTBUpdateParent"]; const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm"); -const { NetUtil } = ChromeUtils.import("resource://gre/modules/NetUtil.jsm"); const { AppConstants } = ChromeUtils.import( "resource://gre/modules/AppConstants.jsm" ); @@ -22,9 +21,9 @@ const kRequestUpdateMessageName = "FetchUpdateData"; * implementation. */ class AboutTBUpdateParent extends JSWindowActorParent { - receiveMessage(aMessage) { + async receiveMessage(aMessage) { if (aMessage.name == kRequestUpdateMessageName) { - return this.releaseNoteInfo; + return this.getReleaseNoteInfo(); } return undefined; } @@ -51,7 +50,7 @@ class AboutTBUpdateParent extends JSWindowActorParent { // On Mac OS, when building with --enable-tor-browser-data-outside-app-dir // to support Gatekeeper signing, the ChangeLog.txt file is located in // TorBrowser.app/Contents/Resources/TorBrowser/Docs/. - get releaseNoteInfo() { + async getReleaseNoteInfo() { let info = { moreInfoURL: this.moreInfoURL }; try { @@ -74,46 +73,72 @@ class AboutTBUpdateParent extends JSWindowActorParent { f.append("Docs"); f.append("ChangeLog.txt"); - let fs = Cc["@mozilla.org/network/file-input-stream;1"].createInstance( - Ci.nsIFileInputStream - ); - fs.init(f, -1, 0, 0); - let s = NetUtil.readInputStreamToString(fs, fs.available()); - fs.close(); - - // Truncate at the first empty line. - s = s.replace(/[\r\n][\r\n][\s\S]*$/m, ""); - - // Split into first line (version plus releaseDate) and - // remainder (releaseNotes). - // This first match() uses multiline mode with two capture groups: - // first line: (.*$) - // remaining lines: ([\s\S]+) - // [\s\S] matches all characters including end of line. This trick - // is needed because when using JavaScript regex in multiline mode, - // . does not match an end of line character. - let matchArray = s.match(/(.*$)\s*([\s\S]+)/m); - if (matchArray && matchArray.length == 3) { - info.releaseNotes = matchArray[2]; - let line1 = matchArray[1]; - // Extract the version and releaseDate. The first line looks like: - // Tor Browser 8.5 -- May 1 2019 - // The regex uses two capture groups: - // text that does not include a hyphen: (^[^-]*) - // remaining text: (.*$) - // In between we match optional whitespace, one or more hyphens, and - // optional whitespace by using: \s*-+\s* - matchArray = line1.match(/(^[^-]*)\s*-+\s*(.*$)/); - if (matchArray && matchArray.length == 3) { - info.version = matchArray[1]; - info.releaseDate = matchArray[2]; + // NOTE: We load in the entire file, but only use the first few lines + // before the first blank line. + const logLines = (await IOUtils.readUTF8(f.path)) + .replace(/\n\r?\n.*/ms, "") + .split(/\n\r?/); + + // Read the first line to get the version and date. + // Assume everything after the last "-" is the date. + const firstLine = logLines.shift(); + const match = firstLine?.match(/(.*)-+(.*)/); + if (match) { + info.version = match[1].trim(); + info.releaseDate = match[2].trim(); + } else { + // No date. + info.version = firstLine?.trim(); + } + + // We want to read the rest of the release notes as a tree. Each entry + // will contain the text for that line. + // We choose a negative index for the top node of this tree to ensure no + // line will appear less indented. + const topEntry = { indent: -1, children: undefined }; + let prevEntry = topEntry; + + for (let line of logLines) { + const indent = line.match(/^ */)[0]; + line = line.trim(); + if (line.startsWith("*")) { + // Treat as a bullet point. + let entry = { + text: line.replace(/^\*\s/, ""), + indent: indent.length, + }; + let parentEntry; + if (entry.indent > prevEntry.indent) { + // A sub-list of the previous item. + prevEntry.children = []; + parentEntry = prevEntry; + } else { + // Same list or end of sub-list. + // Search for the first parent whose indent comes before ours. + parentEntry = prevEntry.parent; + while (entry.indent <= parentEntry.indent) { + parentEntry = parentEntry.parent; + } + } + entry.parent = parentEntry; + parentEntry.children.push(entry); + prevEntry = entry; + } else if (prevEntry === topEntry) { + // Unexpected, missing bullet point on first line. + // Place as its own bullet point instead, and set as prevEntry for the + // next loop. + prevEntry = { text: line, indent: indent.length, parent: topEntry }; + topEntry.children = [prevEntry]; } else { - info.version = line1; // Match failed: return entire line in version. + // Append to the previous bullet point. + prevEntry.text += ` ${line}`; } - } else { - info.releaseNotes = s; // Only one line: use as releaseNotes. } - } catch (e) {} + + info.releaseNotes = topEntry.children; + } catch (e) { + Cu.reportError(e); + } return info; } ===================================== browser/base/content/abouttbupdate/aboutTBUpdate.css ===================================== @@ -14,61 +14,54 @@ body { font-family: Helvetica, Arial, sans-serif; color: var(--abouttor-text-color); background-color: var(--abouttor-bg-toron-color); - background-attachment: fixed; - background-size: 100% 100%; -} - -a { - color: var(--abouttor-text-color); -} - -.two-column-grid { - display: inline-grid; + margin-block: 40px; + margin-inline: 50px; + display: grid; grid-template-columns: auto auto; - grid-column-gap: 50px; - margin: 10px 0px 0px 50px; + align-items: baseline; + gap: 40px 50px; } -.two-column-grid div { - margin-top: 40px; - align-self: baseline; /* Align baseline of text across the row. */ +body > *:not([hidden]) { + display: contents; } .label-column { - font-size: 14px; - font-weight: 400; + grid-column: 1; } -/* - * Use a reduced top margin to bring the row that contains the - * "visit our website" link closer to the row that precedes it. This - * looks better because the "visit our website" row does not have a - * label in the left column. - */ -div.more-info-row { - margin-top: 5px; - font-size: 14px; +.content { + grid-column: 2; + font-family: monospace; + line-height: 1.4; +} + +.label-column, .content { + margin: 0; + padding: 0; + font-size: 1rem; + font-weight: normal; } -#version-content { - font-size: 50px; - font-weight: 300; +a { + color: inherit; } -body:not([havereleasedate]) .release-date-cell { - display: none; +.no-line-break { + white-space: nowrap; } -#releasedate-content { - font-size: 17px; +ul { + padding-inline: 1em 0; } -#releasenotes-label { - align-self: start; /* Anchor "Release Notes" label at the top. */ +h3, h4 { + font-size: 1.1rem; + font-weight: bold; } -#releasenotes-content { - font-family: monospace; - font-size: 15px; - white-space: pre; +h3.build-system-heading { + font-size: 1.5rem; + font-weight: normal; + margin-block-start: 3em; } ===================================== browser/base/content/abouttbupdate/aboutTBUpdate.js ===================================== @@ -5,23 +5,105 @@ /* eslint-env mozilla/frame-script */ -// aData may contain the following string properties: -// version -// releaseDate -// moreInfoURL -// releaseNotes -function onUpdate(aData) { - document.getElementById("version-content").textContent = aData.version; - if (aData.releaseDate) { - document.body.setAttribute("havereleasedate", "true"); - document.getElementById("releasedate-content").textContent = - aData.releaseDate; +/** + * An object representing a bullet point in the release notes. + * + * typedef {Object} ReleaseBullet + * @property {string} text - The text for this bullet point. + * @property {?Array<ReleaseBullet>} children - A sub-list of bullet points. + */ + +/** + * Fill an element with the given list of release bullet points. + * + * @param {Element} container - The element to fill with bullet points. + * @param {Array<ReleaseBullet>} bulletPoints - The list of bullet points. + * @param {string} [childTag="h3"] - The element tag name to use for direct + * children. Initially, the children are h3 sub-headings. + */ +function fillReleaseNotes(container, bulletPoints, childTag = "h3") { + for (const { text, children } of bulletPoints) { + const childEl = document.createElement(childTag); + // Keep dashes like "[tor-browser]" on the same line by nowrapping the word. + for (const [index, part] of text.split(/(\S+-\S+)/).entries()) { + if (!part) { + continue; + } + const span = document.createElement("span"); + span.textContent = part; + span.classList.toggle("no-line-break", index % 2); + childEl.appendChild(span); + } + container.appendChild(childEl); + if (children) { + if (childTag == "h3" && text.toLowerCase() === "build system") { + // Special case: treat the "Build System" heading's children as + // sub-headings. + childEl.classList.add("build-system-heading"); + fillReleaseNotes(container, children, "h4"); + } else { + const listEl = document.createElement("ul"); + fillReleaseNotes(listEl, children, "li"); + if (childTag == "li") { + // Insert within the "li" element. + childEl.appendChild(listEl); + } else { + container.appendChild(listEl); + } + } + } + } +} + +/** + * Set the content for the specified container, or hide it if we have no + * content. + * + * @template C + * @param {string} containerId - The id for the container. + * @param {?C} content - The content for this container, or a falsey value if + * the container has no content. + * @param {function(contentEl: Elemenet, content: C)} [fillContent] - A function + * to fill the ".content" contentEl with the given 'content'. If unspecified, + * the 'content' will become the contentEl's textContent. + */ +function setContent(containerId, content, fillContent) { + const container = document.getElementById(containerId); + if (!content) { + container.hidden = true; + return; } + const contentEl = container.querySelector(".content"); + // Release notes are only in English. + contentEl.setAttribute("lang", "en-US"); + contentEl.setAttribute("dir", "ltr"); + if (fillContent) { + fillContent(contentEl, content); + } else { + contentEl.textContent = content; + } +} + +/** + * Callback when we receive the update details. + * + * @param {Object} aData - The update details. + * @param {?string} aData.version - The update version. + * @param {?string} aData.releaseDate - The release date. + * @param {?string} aData.moreInfoURL - A URL for more info. + * @param {?Array<ReleaseBullet>} aData.releaseNotes - Release notes as bullet + * points. + */ +function onUpdate(aData) { + setContent("version-row", aData.version); + setContent("releasedate-row", aData.releaseDate); + setContent("releasenotes", aData.releaseNotes, fillReleaseNotes); + if (aData.moreInfoURL) { document.getElementById("infolink").setAttribute("href", aData.moreInfoURL); + } else { + document.getElementById("fullinfo").hidden = true; } - document.getElementById("releasenotes-content").textContent = - aData.releaseNotes; } RPMSendQuery("FetchUpdateData").then(onUpdate); ===================================== browser/base/content/abouttbupdate/aboutTBUpdate.xhtml ===================================== @@ -21,19 +21,26 @@ type="text/javascript"/> </head> <body dir="&locale.dir;"> -<div class="two-column-grid"> - <div class="label-column">&aboutTBUpdate.version;</div> - <div id="version-content"/> - - <div class="label-column release-date-cell">&aboutTBUpdate.releaseDate;</div> - <div id="releasedate-content" class="release-date-cell"/> - - <div class="more-info-row"/> - <div class="more-info-row">&aboutTBUpdate.linkPrefix;<a id="infolink">&aboutTBUpdate.linkLabel;</a>&aboutTBUpdate.linkSuffix;</div> - - <div id="releasenotes-label" - class="label-column">&aboutTBUpdate.releaseNotes;</div> - <div id="releasenotes-content"></div> -</div> +  + <div id="version-row"> + <span class="label-column">&aboutTBUpdate.version;</span> + <span class="content"></span> + </div> + <div id="releasedate-row"> + <span class="label-column">&aboutTBUpdate.releaseDate;</span> + <span class="content"></span> + </div> + <div id="fullinfo"> + <p class="content"> + &aboutTBUpdate.linkPrefix;<a id="infolink">&aboutTBUpdate.linkLabel;</a>&aboutTBUpdate.linkSuffix; + </p> + </div> + <section id="releasenotes"> + <h2 class="label-column">&aboutTBUpdate.releaseNotes;</h2> + <div class="content"></div> + </section> </body> </html> View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/4177d7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/4177d7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.6.0esr-12.5-1] fixup! Bug 16940: After update, load local change notes.
by Richard Pospesel (＠richard) 09 Jan '23

09 Jan '23

Richard Pospesel pushed to branch tor-browser-102.6.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 9714187f by Henry Wilkes at 2023-01-09T20:07:59+00:00 fixup! Bug 16940: After update, load local change notes. We make a number of related changed to improve the semantics and accessibility of the about:tbupdate page: + We parse and show the release notes as a bullet list. + We use paragraphs, headings and bullet list to structure content. + We stop using fixed "px" font sizes and use relative sizes instead. + Add a lang="en-US" and dir="ltr" attribute to the english text. - - - - - 4 changed files: - browser/actors/AboutTBUpdateParent.jsm - browser/base/content/abouttbupdate/aboutTBUpdate.css - browser/base/content/abouttbupdate/aboutTBUpdate.js - browser/base/content/abouttbupdate/aboutTBUpdate.xhtml Changes: ===================================== browser/actors/AboutTBUpdateParent.jsm ===================================== @@ -8,7 +8,6 @@ this.EXPORTED_SYMBOLS = ["AboutTBUpdateParent"]; const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm"); -const { NetUtil } = ChromeUtils.import("resource://gre/modules/NetUtil.jsm"); const { AppConstants } = ChromeUtils.import( "resource://gre/modules/AppConstants.jsm" ); @@ -74,41 +73,72 @@ class AboutTBUpdateParent extends JSWindowActorParent { f.append("Docs"); f.append("ChangeLog.txt"); - let s = await IOUtils.readUTF8(f.path); - - // Truncate at the first empty line. - s = s.replace(/[\r\n][\r\n][\s\S]*$/m, ""); - - // Split into first line (version plus releaseDate) and - // remainder (releaseNotes). - // This first match() uses multiline mode with two capture groups: - // first line: (.*$) - // remaining lines: ([\s\S]+) - // [\s\S] matches all characters including end of line. This trick - // is needed because when using JavaScript regex in multiline mode, - // . does not match an end of line character. - let matchArray = s.match(/(.*$)\s*([\s\S]+)/m); - if (matchArray && matchArray.length == 3) { - info.releaseNotes = matchArray[2]; - let line1 = matchArray[1]; - // Extract the version and releaseDate. The first line looks like: - // Tor Browser 8.5 -- May 1 2019 - // The regex uses two capture groups: - // text that does not include a hyphen: (^[^-]*) - // remaining text: (.*$) - // In between we match optional whitespace, one or more hyphens, and - // optional whitespace by using: \s*-+\s* - matchArray = line1.match(/(^[^-]*)\s*-+\s*(.*$)/); - if (matchArray && matchArray.length == 3) { - info.version = matchArray[1]; - info.releaseDate = matchArray[2]; + // NOTE: We load in the entire file, but only use the first few lines + // before the first blank line. + const logLines = (await IOUtils.readUTF8(f.path)) + .replace(/\n\r?\n.*/ms, "") + .split(/\n\r?/); + + // Read the first line to get the version and date. + // Assume everything after the last "-" is the date. + const firstLine = logLines.shift(); + const match = firstLine?.match(/(.*)-+(.*)/); + if (match) { + info.version = match[1].trim(); + info.releaseDate = match[2].trim(); + } else { + // No date. + info.version = firstLine?.trim(); + } + + // We want to read the rest of the release notes as a tree. Each entry + // will contain the text for that line. + // We choose a negative index for the top node of this tree to ensure no + // line will appear less indented. + const topEntry = { indent: -1, children: undefined }; + let prevEntry = topEntry; + + for (let line of logLines) { + const indent = line.match(/^ */)[0]; + line = line.trim(); + if (line.startsWith("*")) { + // Treat as a bullet point. + let entry = { + text: line.replace(/^\*\s/, ""), + indent: indent.length, + }; + let parentEntry; + if (entry.indent > prevEntry.indent) { + // A sub-list of the previous item. + prevEntry.children = []; + parentEntry = prevEntry; + } else { + // Same list or end of sub-list. + // Search for the first parent whose indent comes before ours. + parentEntry = prevEntry.parent; + while (entry.indent <= parentEntry.indent) { + parentEntry = parentEntry.parent; + } + } + entry.parent = parentEntry; + parentEntry.children.push(entry); + prevEntry = entry; + } else if (prevEntry === topEntry) { + // Unexpected, missing bullet point on first line. + // Place as its own bullet point instead, and set as prevEntry for the + // next loop. + prevEntry = { text: line, indent: indent.length, parent: topEntry }; + topEntry.children = [prevEntry]; } else { - info.version = line1; // Match failed: return entire line in version. + // Append to the previous bullet point. + prevEntry.text += ` ${line}`; } - } else { - info.releaseNotes = s; // Only one line: use as releaseNotes. } - } catch (e) {} + + info.releaseNotes = topEntry.children; + } catch (e) { + Cu.reportError(e); + } return info; } ===================================== browser/base/content/abouttbupdate/aboutTBUpdate.css ===================================== @@ -14,61 +14,54 @@ body { font-family: Helvetica, Arial, sans-serif; color: var(--abouttor-text-color); background-color: var(--abouttor-bg-toron-color); - background-attachment: fixed; - background-size: 100% 100%; -} - -a { - color: var(--abouttor-text-color); -} - -.two-column-grid { - display: inline-grid; + margin-block: 40px; + margin-inline: 50px; + display: grid; grid-template-columns: auto auto; - grid-column-gap: 50px; - margin: 10px 0px 0px 50px; + align-items: baseline; + gap: 40px 50px; } -.two-column-grid div { - margin-top: 40px; - align-self: baseline; /* Align baseline of text across the row. */ +body > *:not([hidden]) { + display: contents; } .label-column { - font-size: 14px; - font-weight: 400; + grid-column: 1; } -/* - * Use a reduced top margin to bring the row that contains the - * "visit our website" link closer to the row that precedes it. This - * looks better because the "visit our website" row does not have a - * label in the left column. - */ -div.more-info-row { - margin-top: 5px; - font-size: 14px; +.content { + grid-column: 2; + font-family: monospace; + line-height: 1.4; +} + +.label-column, .content { + margin: 0; + padding: 0; + font-size: 1rem; + font-weight: normal; } -#version-content { - font-size: 50px; - font-weight: 300; +a { + color: inherit; } -body:not([havereleasedate]) .release-date-cell { - display: none; +.no-line-break { + white-space: nowrap; } -#releasedate-content { - font-size: 17px; +ul { + padding-inline: 1em 0; } -#releasenotes-label { - align-self: start; /* Anchor "Release Notes" label at the top. */ +h3, h4 { + font-size: 1.1rem; + font-weight: bold; } -#releasenotes-content { - font-family: monospace; - font-size: 15px; - white-space: pre; +h3.build-system-heading { + font-size: 1.5rem; + font-weight: normal; + margin-block-start: 3em; } ===================================== browser/base/content/abouttbupdate/aboutTBUpdate.js ===================================== @@ -5,23 +5,105 @@ /* eslint-env mozilla/frame-script */ -// aData may contain the following string properties: -// version -// releaseDate -// moreInfoURL -// releaseNotes -function onUpdate(aData) { - document.getElementById("version-content").textContent = aData.version; - if (aData.releaseDate) { - document.body.setAttribute("havereleasedate", "true"); - document.getElementById("releasedate-content").textContent = - aData.releaseDate; +/** + * An object representing a bullet point in the release notes. + * + * typedef {Object} ReleaseBullet + * @property {string} text - The text for this bullet point. + * @property {?Array<ReleaseBullet>} children - A sub-list of bullet points. + */ + +/** + * Fill an element with the given list of release bullet points. + * + * @param {Element} container - The element to fill with bullet points. + * @param {Array<ReleaseBullet>} bulletPoints - The list of bullet points. + * @param {string} [childTag="h3"] - The element tag name to use for direct + * children. Initially, the children are h3 sub-headings. + */ +function fillReleaseNotes(container, bulletPoints, childTag = "h3") { + for (const { text, children } of bulletPoints) { + const childEl = document.createElement(childTag); + // Keep dashes like "[tor-browser]" on the same line by nowrapping the word. + for (const [index, part] of text.split(/(\S+-\S+)/).entries()) { + if (!part) { + continue; + } + const span = document.createElement("span"); + span.textContent = part; + span.classList.toggle("no-line-break", index % 2); + childEl.appendChild(span); + } + container.appendChild(childEl); + if (children) { + if (childTag == "h3" && text.toLowerCase() === "build system") { + // Special case: treat the "Build System" heading's children as + // sub-headings. + childEl.classList.add("build-system-heading"); + fillReleaseNotes(container, children, "h4"); + } else { + const listEl = document.createElement("ul"); + fillReleaseNotes(listEl, children, "li"); + if (childTag == "li") { + // Insert within the "li" element. + childEl.appendChild(listEl); + } else { + container.appendChild(listEl); + } + } + } + } +} + +/** + * Set the content for the specified container, or hide it if we have no + * content. + * + * @template C + * @param {string} containerId - The id for the container. + * @param {?C} content - The content for this container, or a falsey value if + * the container has no content. + * @param {function(contentEl: Elemenet, content: C)} [fillContent] - A function + * to fill the ".content" contentEl with the given 'content'. If unspecified, + * the 'content' will become the contentEl's textContent. + */ +function setContent(containerId, content, fillContent) { + const container = document.getElementById(containerId); + if (!content) { + container.hidden = true; + return; } + const contentEl = container.querySelector(".content"); + // Release notes are only in English. + contentEl.setAttribute("lang", "en-US"); + contentEl.setAttribute("dir", "ltr"); + if (fillContent) { + fillContent(contentEl, content); + } else { + contentEl.textContent = content; + } +} + +/** + * Callback when we receive the update details. + * + * @param {Object} aData - The update details. + * @param {?string} aData.version - The update version. + * @param {?string} aData.releaseDate - The release date. + * @param {?string} aData.moreInfoURL - A URL for more info. + * @param {?Array<ReleaseBullet>} aData.releaseNotes - Release notes as bullet + * points. + */ +function onUpdate(aData) { + setContent("version-row", aData.version); + setContent("releasedate-row", aData.releaseDate); + setContent("releasenotes", aData.releaseNotes, fillReleaseNotes); + if (aData.moreInfoURL) { document.getElementById("infolink").setAttribute("href", aData.moreInfoURL); + } else { + document.getElementById("fullinfo").hidden = true; } - document.getElementById("releasenotes-content").textContent = - aData.releaseNotes; } RPMSendQuery("FetchUpdateData").then(onUpdate); ===================================== browser/base/content/abouttbupdate/aboutTBUpdate.xhtml ===================================== @@ -21,19 +21,26 @@ type="text/javascript"/> </head> <body dir="&locale.dir;"> -<div class="two-column-grid"> - <div class="label-column">&aboutTBUpdate.version;</div> - <div id="version-content"/> - - <div class="label-column release-date-cell">&aboutTBUpdate.releaseDate;</div> - <div id="releasedate-content" class="release-date-cell"/> - - <div class="more-info-row"/> - <div class="more-info-row">&aboutTBUpdate.linkPrefix;<a id="infolink">&aboutTBUpdate.linkLabel;</a>&aboutTBUpdate.linkSuffix;</div> - - <div id="releasenotes-label" - class="label-column">&aboutTBUpdate.releaseNotes;</div> - <div id="releasenotes-content"></div> -</div> +  + <div id="version-row"> + <span class="label-column">&aboutTBUpdate.version;</span> + <span class="content"></span> + </div> + <div id="releasedate-row"> + <span class="label-column">&aboutTBUpdate.releaseDate;</span> + <span class="content"></span> + </div> + <div id="fullinfo"> + <p class="content"> + &aboutTBUpdate.linkPrefix;<a id="infolink">&aboutTBUpdate.linkLabel;</a>&aboutTBUpdate.linkSuffix; + </p> + </div> + <section id="releasenotes"> + <h2 class="label-column">&aboutTBUpdate.releaseNotes;</h2> + <div class="content"></div> + </section> </body> </html> View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9714187… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9714187… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.6.0esr-12.0-1] Bug 41506: Distrust TrustCor root certificates after 2022-11-30.
by Richard Pospesel (＠richard) 09 Jan '23

09 Jan '23

Richard Pospesel pushed to branch tor-browser-102.6.0esr-12.0-1 at The Tor Project / Applications / Tor Browser Commits: 4177d7e9 by hackademix at 2023-01-09T19:39:13+00:00 Bug 41506: Distrust TrustCor root certificates after 2022-11-30. (cherry picked from commit fb7cbedd86fd6960639e87f8ed6692ba4c1d3068) - - - - - 1 changed file: - security/nss/lib/ckfw/builtins/certdata.txt Changes: ===================================== security/nss/lib/ckfw/builtins/certdata.txt ===================================== @@ -15730,8 +15730,14 @@ CKA_VALUE MULTILINE_OCTAL \132\171\054\031 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Wed Nov 30 00:00:00 2022 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\062\062\061\061\063\060\060\060\060\060\060\060\132 +END +# For Email Distrust After: Wed Nov 30 00:00:00 2022 +CKA_NSS_EMAIL_DISTRUST_AFTER MULTILINE_OCTAL +\062\062\061\061\063\060\060\060\060\060\060\060\132 +END # Trust for "TrustCor RootCert CA-1" # Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA @@ -15923,8 +15929,15 @@ CKA_VALUE MULTILINE_OCTAL \326\354\011 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Wed Nov 30 00:00:00 2022 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\062\062\061\061\063\060\060\060\060\060\060\060\132 +END +# For Email Distrust After: Wed Nov 30 00:00:00 2022 +CKA_NSS_EMAIL_DISTRUST_AFTER MULTILINE_OCTAL +\062\062\061\061\063\060\060\060\060\060\060\060\132 +END + # Trust for "TrustCor RootCert CA-2" # Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA @@ -16081,8 +16094,14 @@ CKA_VALUE MULTILINE_OCTAL \264\237\327\346 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Wed Nov 30 00:00:00 2022 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\062\062\061\061\063\060\060\060\060\060\060\060\132 +END +# For Email Distrust After: Wed Nov 30 00:00:00 2022 +CKA_NSS_EMAIL_DISTRUST_AFTER MULTILINE_OCTAL +\062\062\061\061\063\060\060\060\060\060\060\060\132 +END # Trust for "TrustCor ECA-1" # Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4177d7e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4177d7e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.6.0esr-12.5-1] Bug 41506: Distrust TrustCor root certificates after 2022-11-30.
by Richard Pospesel (＠richard) 09 Jan '23

09 Jan '23

Richard Pospesel pushed to branch tor-browser-102.6.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: fb7cbedd by hackademix at 2023-01-09T20:29:33+01:00 Bug 41506: Distrust TrustCor root certificates after 2022-11-30. - - - - - 1 changed file: - security/nss/lib/ckfw/builtins/certdata.txt Changes: ===================================== security/nss/lib/ckfw/builtins/certdata.txt ===================================== @@ -15730,8 +15730,14 @@ CKA_VALUE MULTILINE_OCTAL \132\171\054\031 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Wed Nov 30 00:00:00 2022 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\062\062\061\061\063\060\060\060\060\060\060\060\132 +END +# For Email Distrust After: Wed Nov 30 00:00:00 2022 +CKA_NSS_EMAIL_DISTRUST_AFTER MULTILINE_OCTAL +\062\062\061\061\063\060\060\060\060\060\060\060\132 +END # Trust for "TrustCor RootCert CA-1" # Issuer: CN=TrustCor RootCert CA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA @@ -15923,8 +15929,15 @@ CKA_VALUE MULTILINE_OCTAL \326\354\011 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Wed Nov 30 00:00:00 2022 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\062\062\061\061\063\060\060\060\060\060\060\060\132 +END +# For Email Distrust After: Wed Nov 30 00:00:00 2022 +CKA_NSS_EMAIL_DISTRUST_AFTER MULTILINE_OCTAL +\062\062\061\061\063\060\060\060\060\060\060\060\132 +END + # Trust for "TrustCor RootCert CA-2" # Issuer: CN=TrustCor RootCert CA-2,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA @@ -16081,8 +16094,14 @@ CKA_VALUE MULTILINE_OCTAL \264\237\327\346 END CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE -CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE -CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE +# For Server Distrust After: Wed Nov 30 00:00:00 2022 +CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL +\062\062\061\061\063\060\060\060\060\060\060\060\132 +END +# For Email Distrust After: Wed Nov 30 00:00:00 2022 +CKA_NSS_EMAIL_DISTRUST_AFTER MULTILINE_OCTAL +\062\062\061\061\063\060\060\060\060\060\060\060\132 +END # Trust for "TrustCor ECA-1" # Issuer: CN=TrustCor ECA-1,OU=TrustCor Certificate Authority,O=TrustCor Systems S. de R.L.,L=Panama City,ST=Panama,C=PA View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fb7cbed… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fb7cbed… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.6.0esr-12.5-1] fixup! Bug 10760: Integrate TorButton to TorBrowser core
by Pier Angelo Vendrame (＠pierov) 09 Jan '23

09 Jan '23

Pier Angelo Vendrame pushed to branch tor-browser-102.6.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 4a257dd5 by trinity-1686a at 2023-01-09T17:32:45+00:00 fixup! Bug 10760: Integrate TorButton to TorBrowser core Bug 41066: isolate tor connections based on userContextId - - - - - 1 changed file: - toolkit/torbutton/components/domain-isolator.js Changes: ===================================== toolkit/torbutton/components/domain-isolator.js ===================================== @@ -58,7 +58,11 @@ let tor = {}; // __tor.noncesForDomains__. // A mutable map that records what nonce we are using for each domain. -tor.noncesForDomains = {}; +tor.noncesForDomains = new Map(); + +// __tor.noncesForUserContextId__. +// A mutable map that records what nonce we are using for each tab container. +tor.noncesForUserContextId = new Map(); // __tor.isolationEabled__. // A bool that controls if we use SOCKS auth for isolation or not. @@ -68,23 +72,37 @@ tor.isolationEnabled = true; // Specifies when the current catch-all circuit was first used tor.unknownDirtySince = Date.now(); -// __tor.socksProxyCredentials(originalProxy, domain)__. -// Takes a proxyInfo object (originalProxy) and returns a new proxyInfo -// object with the same properties, except the username is set to the -// the domain, and the password is a nonce. -tor.socksProxyCredentials = function(originalProxy, domain) { +tor.passwordForDomainAndUserContextId = function(domain, userContextId) { // Check if we already have a nonce. If not, create - // one for this domain. - if (!tor.noncesForDomains.hasOwnProperty(domain)) { - tor.noncesForDomains[domain] = tor.nonce(); + // one for this domain and userContextId. + if (!tor.noncesForDomains.has(domain)) { + tor.noncesForDomains.set(domain, tor.nonce()); + } + if (!tor.noncesForUserContextId.has(userContextId)) { + tor.noncesForUserContextId.set(userContextId, tor.nonce()); } + return ( + tor.noncesForDomains.get(domain) + + tor.noncesForUserContextId.get(userContextId) + ); +}; + +// __tor.socksProxyCredentials(originalProxy, domain, userContextId)__. +// Takes a proxyInfo object (originalProxy) and returns a new proxyInfo +// object with the same properties, except the username is set to the +// the domain and userContextId, and the password is a nonce. +tor.socksProxyCredentials = function(originalProxy, domain, userContextId) { let proxy = originalProxy.QueryInterface(Ci.nsIProxyInfo); + let proxyPassword = tor.passwordForDomainAndUserContextId( + domain, + userContextId + ); return mozilla.protocolProxyService.newProxyInfoWithAuth( "socks", proxy.host, proxy.port, - domain, // username - tor.noncesForDomains[domain], // password + `${domain}:${userContextId}`, // username + proxyPassword, "", // aProxyAuthorizationHeader "", // aConnectionIsolationKey proxy.flags, @@ -116,10 +134,21 @@ tor.newCircuitForDomain = function(domain) { if (domain === "") { domain = "--unknown--"; } - tor.noncesForDomains[domain] = tor.nonce(); + tor.noncesForDomains.set(domain, tor.nonce()); + logger.eclog( + 3, + `New domain isolation for ${domain}: ${tor.noncesForDomains.get(domain)}` + ); +}; + +tor.newCircuitForUserContextId = function(userContextId) { + // Re-generate the nonce for the context. + tor.noncesForUserContextId.set(userContextId, tor.nonce()); logger.eclog( 3, - "New domain isolation for " + domain + ": " + tor.noncesForDomains[domain] + `New container isolation for ${userContextId}: ${tor.noncesForUserContextId.get( + userContextId + )}` ); }; @@ -127,8 +156,9 @@ tor.newCircuitForDomain = function(domain) { // Clear the isolation state cache, forcing new circuits to be used for all // subsequent requests. tor.clearIsolation = function() { - // Per-domain nonces are stored in a map, so simply re-initialize the map. - tor.noncesForDomains = {}; + // Per-domain and per contextId nonces are stored in maps, so simply clear them. + tor.noncesForDomains.clear(); + tor.noncesForUserContextId.clear(); // Force a rotation on the next catch-all circuit use by setting the creation // time to the epoch. @@ -137,9 +167,9 @@ tor.clearIsolation = function() { // __tor.isolateCircuitsByDomain()__. // For every HTTPChannel, replaces the default SOCKS proxy with one that authenticates -// to the SOCKS server (the tor client process) with a username (the first party domain) -// and a nonce password. Tor provides a separate circuit for each username+password -// combination. +// to the SOCKS server (the tor client process) with a username (the first party domain +// and userContextId) and a nonce password. Tor provides a separate circuit for each +// username+password combination. tor.isolateCircuitsByDomain = function() { mozilla.registerProxyChannelFilter(function(aChannel, aProxy) { if (!tor.isolationEnabled) { @@ -147,7 +177,8 @@ tor.isolateCircuitsByDomain = function() { } try { let channel = aChannel.QueryInterface(Ci.nsIChannel), - firstPartyDomain = channel.loadInfo.originAttributes.firstPartyDomain; + firstPartyDomain = channel.loadInfo.originAttributes.firstPartyDomain, + userContextId = channel.loadInfo.originAttributes.userContextId; if (firstPartyDomain === "") { firstPartyDomain = "--unknown--"; if (Date.now() - tor.unknownDirtySince > 1000 * 10 * 60) { @@ -161,7 +192,8 @@ tor.isolateCircuitsByDomain = function() { } let replacementProxy = tor.socksProxyCredentials( aProxy, - firstPartyDomain + firstPartyDomain, + userContextId ); logger.eclog( 3, @@ -206,6 +238,9 @@ DomainIsolator.prototype = { newCircuitForDomain(domain) { tor.newCircuitForDomain(domain); }, + newCircuitForUserContextId(userContextId) { + tor.newCircuitForUserContextId(userContextId); + }, enableIsolation() { tor.isolationEnabled = true; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4a257dd… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4a257dd… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-12.0] Bug 40727: Update Snowflake STUN servers in the default bridge line
by Pier Angelo Vendrame (＠pierov) 09 Jan '23

09 Jan '23

Pier Angelo Vendrame pushed to branch maint-12.0 at The Tor Project / Applications / tor-browser-build Commits: b95fc641 by Cecylia Bocovich at 2023-01-09T08:24:38+00:00 Bug 40727: Update Snowflake STUN servers in the default bridge line Removing stun.stunprotocol.org:3478 and stun.altar.com.pl:3478. Also, removing stun.sonetel.com, since it is an alias of stun.sonetel.net. (cherry picked from commit fc89e8b10c3ff30db2079b2fb327d05b2b5f3c80) - - - - - 1 changed file: - projects/common/bridges_list.snowflake.txt Changes: ===================================== projects/common/bridges_list.snowflake.txt ===================================== @@ -1,2 +1,2 @@ -snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn -snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn +snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn +snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40727: Update Snowflake STUN servers in the default bridge line
by Pier Angelo Vendrame (＠pierov) 09 Jan '23

09 Jan '23

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: fc89e8b1 by Cecylia Bocovich at 2023-01-09T08:23:24+00:00 Bug 40727: Update Snowflake STUN servers in the default bridge line Removing stun.stunprotocol.org:3478 and stun.altar.com.pl:3478. Also, removing stun.sonetel.com, since it is an alias of stun.sonetel.net. - - - - - 1 changed file: - projects/common/bridges_list.snowflake.txt Changes: ===================================== projects/common/bridges_list.snowflake.txt ===================================== @@ -1,2 +1,2 @@ -snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn -snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn +snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn +snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… You're receiving this email because of your account on gitlab.torproject.org.

1 0