December 2023 - tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build] Pushed new tag mb-13.0.6-build1
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed new tag mb-13.0.6-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/mb-… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-13.0.6-build1
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed new tag tbb-13.0.6-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 41009, 41018: Prepare Tor+Mullvad Browser Stable 13.0.6
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 7e8b7279 by hackademix at 2023-12-04T17:40:53+01:00 Bug 41009,41018: Prepare Tor+Mullvad Browser Stable 13.0.6 - - - - - 9 changed files: - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/allowed_addons.json - projects/browser/config - projects/firefox/config - projects/geckoview/config - projects/manual/config - projects/translation/config - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -1,3 +1,50 @@ +Mullvad Browser 13.0.6 - December 04 2023 + * All Platforms + * Bug 42288: Allow language spoofing in status messages [tor-browser] + * Updated uBlock Origin to 1.54.0 + * Linux + * Bug 17560: Downloaded URLs disk leak on Linux [tor-browser] + * Bug 42306: Tor Browser crashes when extensions popups are opened with Wayland enabled [tor-browser] + * Bug 41017: Disable Nvidia shader cache [tor-browser-build] + * Build System + * All Platforms + * Bug 41027: Remove tb-build-04 and tb-build-05 from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo [tor-browser-build] + * Bug 40936: Revert tor-browser-build#40933 [tor-browser-build] + * Bug 40970: Missing symlink create-blog-post.torbrowser -> create-blog-post symlink [tor-browser-build] + * Bug 40995: Use cdn.stagemole.eu instead of cdn.devmole.eu in download-unsigned-sha256sums-gpg-signatures-from-people-tpo [tor-browser-build] + * Bug 40063: RBM's chroot fails in Fedora [rbm] + * Bug 40064: Using exec on project with no git_url/hg_url is causing warning [rbm] + * Windows + macOS + Linux + * Bug 41031: Add command to unsign .mar files and compare with sha256sums-unsigned-build.txt [tor-browser-build] + * Windows + * Bug 41030: Add command to unsign .exe files and compare with sha256sums-unsigned-build.txt [tor-browser-build] + +Mullvad Browser 13.5a2 - November 27 2023 + * All Platforms + * Updated Firefox to 115.5.0esr + * Updated uBlock Origin to 1.54.0 + * Bug 250: Enable storage.sync to fix broken webextensions [mullvad-browser] + * Bug 254: Rebase Mullvad Browser Alpha to 115.5.0esr [mullvad-browser] + * Bug 42153: Drop dom.enable_resource_timing = false preference [tor-browser] + * Bug 42194: Blank Net Error page on name resolution failure [tor-browser] + * Bug 42276: Rebase Browsers Alpha to 115.5.0esr [tor-browser] + * Bug 42288: Allow language spoofing in status messages [tor-browser] + * Linux + * Bug 17560: Downloaded URLs disk leak on Linux [tor-browser] + * Bug 41017: Disable Nvidia shader cache [tor-browser-build] + * Build System + * All Platforms + * Bug 40884: Script to automate uploading sha256s and signatures to location signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo expects them to be [tor-browser-build] + * Bug 40970: Missing symlink create-blog-post.torbrowser -> create-blog-post symlink [tor-browser-build] + * Bug 41006: Fix typo in finished-signing-clean-linux signer [tor-browser-build] + * Bug 40063: RBM's chroot fails in Fedora [rbm] + * Bug 40064: Using exec on project with no git_url/hg_url is causing warning [rbm] + * macOS + * Bug 41005: Unpack macOS bundle to /var/tmp instead of /tmp in rcodesign-notary-submit step [tor-browser-build] + * Bug 41007: gatekeeper-bundling.sh refers to old .tar.gz archive [tor-browser-build] + * Bug 41014: Update libdmg-hfsplus to drop the OpenSSL patch [tor-browser-build] + * Bug 41020: Opening MacOS dmg file is causing a warning, since 13.0 [tor-browser-build] + Mullvad Browser 13.0.4 - November 16 2023 * All Platforms * Updated Firefox to 115.5.0esr ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,72 @@ +Tor Browser 13.0.6 - December 04 2023 + * All Platforms + * Bug 42288: Allow language spoofing in status messages [tor-browser] + * Windows + macOS + Linux + * Bug 42302: The allowed ports string contains a typo [tor-browser] + * Bug 42231: Improve the network monitor patch for http onion resources [tor-browser] + * Bug 42299: After adding incorrect bridge addres on user cannot go back to the Connection page [tor-browser] + * Linux + * Bug 17560: Downloaded URLs disk leak on Linux [tor-browser] + * Bug 42306: Tor Browser crashes when extensions popups are opened with Wayland enabled [tor-browser] + * Bug 41017: Disable Nvidia shader cache [tor-browser-build] + * Build System + * All Platforms + * Bug 41027: Remove tb-build-04 and tb-build-05 from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo [tor-browser-build] + * Bug 40936: Revert tor-browser-build#40933 [tor-browser-build] + * Bug 40995: Use cdn.stagemole.eu instead of cdn.devmole.eu in download-unsigned-sha256sums-gpg-signatures-from-people-tpo [tor-browser-build] + * Bug 40064: Using exec on project with no git_url/hg_url is causing warning [rbm] + * Windows + macOS + Linux + * Bug 41031: Add command to unsign .mar files and compare with sha256sums-unsigned-build.txt [tor-browser-build] + * Windows + * Bug 41030: Add command to unsign .exe files and compare with sha256sums-unsigned-build.txt [tor-browser-build] + * Android + * Bug 41024: Fix android filenames in Release Prep issue templates [tor-browser-build] + +Tor Browser 13.5a2 - November 27 2023 + * All Platforms + * Updated tor to 0.4.8.9 + * Bug 42153: Drop dom.enable_resource_timing = false preference [tor-browser] + * Bug 42246: Migrate tor connection stuff from browser to toolkit [tor-browser] + * Bug 42261: Update the icon of Startpage search engine [tor-browser] + * Bug 42276: Rebase Browsers Alpha to 115.5.0esr [tor-browser] + * Bug 42277: Enable storage.sync to fix broken webextensions [tor-browser] + * Bug 42288: Allow language spoofing in status messages [tor-browser] + * Bug 42302: The allowed ports string contains a typo [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 115.5.0esr + * Bug 42231: Improve the network monitor patch for http onion resources [tor-browser] + * Bug 42072: YEC 2023 Takeover for Desktop Stable [tor-browser] + * Bug 42188: Donations are asked repeatedly when I click New identity button [tor-browser] + * Bug 42194: Blank Net Error page on name resolution failure [tor-browser] + * Linux + * Bug 17560: Downloaded URLs disk leak on Linux [tor-browser] + * Bug 41017: Disable Nvidia shader cache [tor-browser-build] + * Android + * Updated GeckoView to 115.5.0esr + * Bug 41846: firefox-android esr 115 introduced new nimbus use: they need to be disabled [tor-browser] + * Bug 42074: YEC 2023 Takeover for Android Stable [tor-browser] + * Bug 42258: Replace the current boring "fiery android" icon we use for dev with the cool nightly icon [tor-browser] + * Bug 42259: Remove unused firefox branding from Tor Browser for Android [tor-browser] + * Bug 42260: Add TBB artifacts to .gitignore [tor-browser] + * Bug 42285: Update the gitignore to use the correct paths for tor stuff [tor-browser] + * Bug 42287: Backport security fixes (Android & wontfix) from Firefox 120 to 115.5 - based Tor Browser [tor-browser] + * Build System + * All Platforms + * Update Go to 1.21.4 + * Bug 40884: Script to automate uploading sha256s and signatures to location signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo expects them to be [tor-browser-build] + * Bug 40970: Missing symlink create-blog-post.torbrowser -> create-blog-post symlink [tor-browser-build] + * Bug 41006: Fix typo in finished-signing-clean-linux signer [tor-browser-build] + * Bug 41023: Update lead.png symlink and blog post template in tools/signing/create-blog-post [tor-browser-build] + * Bug 40063: RBM's chroot fails in Fedora [rbm] + * Bug 40064: Using exec on project with no git_url/hg_url is causing warning [rbm] + * macOS + * Bug 41005: Unpack macOS bundle to /var/tmp instead of /tmp in rcodesign-notary-submit step [tor-browser-build] + * Bug 41007: gatekeeper-bundling.sh refers to old .tar.gz archive [tor-browser-build] + * Bug 41014: Update libdmg-hfsplus to drop the OpenSSL patch [tor-browser-build] + * Bug 41020: Opening MacOS dmg file is causing a warning, since 13.0 [tor-browser-build] + * Android + * Bug 41024: Fix android filenames in Release Prep issue templates [tor-browser-build] + Tor Browser 13.0.5 - November 22 2023 * Windows + macOS + Linux * Bug 42072: YEC 2023 Takeover for Desktop Stable [tor-browser] ===================================== projects/browser/allowed_addons.json ===================================== @@ -17,21 +17,18 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/34/9734/13299734/13299734.pn…" } ], - "average_daily_users": 1069317, + "average_daily_users": 1101501, "categories": { - "android": [ - "experimental", - "user-interface" - ], "firefox": [ + "web-development", "appearance", - "web-development" + "other" ] }, "contributions_url": "https://opencollective.com/darkreader?utm_content=product-page-contribute&u…", "created": "2017-09-19T07:03:00Z", "current_version": { - "id": 5650180, + "id": 5654228, "compatibility": { "firefox": { "min": "54.0", @@ -42,7 +39,7 @@ "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/darkreader/versions/56501…", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/darkreader/versions/56542…", "is_strict_compatibility_enabled": false, "license": { "id": 22, @@ -53,22 +50,22 @@ "url": "http://www.opensource.org/license/mit" }, "release_notes": { - "en-US": "- Fixed for Reddit (incorrect CSS comment handling).\n- Fixed working on domains containing `constructor` part.\n- Users' fixes for websites." + "en-US": "- Separated Enabled and Disabled site lists.\n- Regular expressions support in Site List.\n- Fixed automation after computer waking up.\n- Users' fixes for websites." }, - "reviewed": "2023-11-15T18:44:00Z", - "version": "4.9.68", + "reviewed": "2023-11-27T09:24:35Z", + "version": "4.9.70", "files": [ { - "id": 4194520, - "created": "2023-11-13T16:59:09Z", - "hash": "sha256:009b35e2b5e3ad787cc5f5cd75cf995119baaddfd45a00bd045c2098a99cff85", + "id": 4198549, + "created": "2023-11-22T13:10:25Z", + "hash": "sha256:3ccbe247031dd4fcc3d9bd840872ed38e9843729709f92803c234041070588a7", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 676616, + "size": 679785, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4194520/darkreader-4.9.68…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4198549/darkreader-4.9.70…", "permissions": [ "alarms", "contextMenus", @@ -146,7 +143,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-11-15T18:44:00Z", + "last_updated": "2023-11-27T09:24:35Z", "name": { "ar": "Dark Reader", "bn": "Dark Reader", @@ -221,10 +218,10 @@ "category": "recommended" }, "ratings": { - "average": 4.5559, - "bayesian_average": 4.554766454205969, - "count": 5233, - "text_count": 1642 + "average": 4.554, + "bayesian_average": 4.552870632911627, + "count": 5271, + "text_count": 1653 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/reviews/", "requires_payment": false, @@ -321,7 +318,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/versions/", - "weekly_downloads": 39666 + "weekly_downloads": 44692 }, "notes": null }, @@ -337,11 +334,8 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/56/7656/6937656/6937656.png?…" } ], - "average_daily_users": 262050, + "average_daily_users": 264243, "categories": { - "android": [ - "security-privacy" - ], "firefox": [ "privacy-security" ] @@ -553,10 +547,10 @@ "category": "recommended" }, "ratings": { - "average": 4.8089, - "bayesian_average": 4.804287877831421, - "count": 1371, - "text_count": 243 + "average": 4.8061, + "bayesian_average": 4.801493388841497, + "count": 1377, + "text_count": 244 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/reviews/", "requires_payment": false, @@ -641,7 +635,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/versions/", - "weekly_downloads": 4465 + "weekly_downloads": 4281 }, "notes": null }, @@ -657,11 +651,8 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/73/4073/5474073/5474073.png?…" } ], - "average_daily_users": 1180120, + "average_daily_users": 1193283, "categories": { - "android": [ - "security-privacy" - ], "firefox": [ "privacy-security" ] @@ -1181,9 +1172,9 @@ "category": "recommended" }, "ratings": { - "average": 4.7946, - "bayesian_average": 4.7918968335591, - "count": 2332, + "average": 4.7971, + "bayesian_average": 4.794394568610204, + "count": 2341, "text_count": 444 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/reviews/", @@ -1208,7 +1199,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/versions/", - "weekly_downloads": 20900 + "weekly_downloads": 28584 }, "notes": null }, @@ -1224,11 +1215,8 @@ "picture_url": null } ], - "average_daily_users": 7140277, + "average_daily_users": 7361738, "categories": { - "android": [ - "security-privacy" - ], "firefox": [ "privacy-security" ] @@ -1236,7 +1224,7 @@ "contributions_url": "", "created": "2015-04-25T07:26:22Z", "current_version": { - "id": 5644148, + "id": 5654508, "compatibility": { "firefox": { "min": "78.0", @@ -1247,7 +1235,7 @@ "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/ublock-origin/versions/56…", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/ublock-origin/versions/56…", "is_strict_compatibility_enabled": false, "license": { "id": 6, @@ -1258,22 +1246,22 @@ "url": "http://www.gnu.org/licenses/gpl-3.0.html" }, "release_notes": { - "en-US": "See complete release notes for <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/8e97e4fad4a9080cacd692…" rel=\"nofollow\">1.53.0</a>.\n\nFixes / changes\n\n<ul><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/04dc7add7ba2b97b2c9b89…" rel=\"nofollow\">Improve google-ima shim script</a> (by @kzar)</li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/b4a71c78d84ca82dd6abd1…" rel=\"nofollow\">Match <code>type</code> exactly in <code>prevent-addEventListener</code> scriptlet</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/ff70ef00dfe5f67a6928e7…" rel=\"nofollow\">Add filtering expressions for logger output</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/02bf9ee4e085caa28d989f…" rel=\"nofollow\">Add warning against adding custom filters from untrusted sources</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/6c4da5a1939b3db01c9ee3…" rel=\"nofollow\">Consider My filters an untrusted source by default</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/ca1700dc2ee0250b8cf6d8…" rel=\"nofollow\">Add <code>trusted-prune-inbound-object</code> scriptlet</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/ba6f6721dda39f05a31f17…" rel=\"nofollow\">Add <code>dontOverwrite</code> vararg to <code>(trusted-)set-cookie</code> scriptlets</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/35c49cd46c6ee8f6de39a9…" rel=\"nofollow\">Add \"on\" and \"off\" values to set-cookie</a> (by @peace2000)</li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/4927397ea80a4a61cc940c…" rel=\"nofollow\">Fine tune <code>set-local-storage-item</code> as per feedback</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/7fa8961d810dcba3ee585c…" rel=\"nofollow\">Support AdGuard's <code>[trusted-]set-cookie-reload</code> scriptlets</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/349cef9dc278896ca7daa7…" rel=\"nofollow\">Ignore assets older than cached version when fetching from CDNs</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/b0dea07b330af0f97e32e2…" rel=\"nofollow\">Support quoting scriptlet parameters with backticks</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/5d764bfef4a34dddcc078f…" rel=\"nofollow\">Add new static network filter option: <code>urltransform</code></a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/5169835229aef5279e13d7…" rel=\"nofollow\">Support pane: mark lists as obsolete only when update button is clicked</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/3f93ea8084165631352752…" rel=\"nofollow\">Bring <code>header=</code> filter option out of experimental status</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/6f0c547fbe7e39c23f4e0d…" rel=\"nofollow\">Add <code>trusted-click-element</code> scriptlet</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/396bbf79d31a089d9396f0…" rel=\"nofollow\">Add ability to update lists through links with specifically crafted URLs</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/da3831d0dd386383b7c063…" rel=\"nofollow\">Fix overzealous matching in <code>(remove|replace)-node-text</code> scriptlets</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/106e2566988d1f7f89ef4a…" rel=\"nofollow\">Fix <code>no-xhr-if</code> scriptlet for Firefox</a></li><li>[More ...]\n\n<a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/d8295679b79e096909c47f…" rel=\"nofollow\">Commits history since last version</a>.</li></ul>" + "en-US": "See complete release notes for <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/4c736806dc9702f9496c1c…" rel=\"nofollow\">1.54.0</a>.\n\nFixes / changes\n\n<ul><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/30ee045a42c04a557ec92d…" rel=\"nofollow\">Enable path for native <code>has()</code> selector in Firefox</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/26aaa3263afd1e6e450a7f…" rel=\"nofollow\">Allow scriptlets to be injected in <code>about:blank</code></a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/5967388a2432967ee63e77…" rel=\"nofollow\">Fix faulty <code>as</code> vararg in <code>set-constant</code> scriptlet</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/b9a3ce2fd67895cc3fd06f…" rel=\"nofollow\">Add support to redirect to <code>noop.json</code></a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/1a7fcce826cb83449490e3…" rel=\"nofollow\">More improvements to the <code>google-ima</code> shim script</a> (by @kzar)</li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/56d921f7e251fb313a4be0…" rel=\"nofollow\">All exceptions filters are exempt from requiring a trusted source</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/b3b9c520dd7fef26a4f129…" rel=\"nofollow\">Add <code>trusted-set-session-storage-item</code> scriptlet</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/5f347a4a217555ac7ff920…" rel=\"nofollow\">Allow the use of quotes in <code>set-cookie</code> scriptlet </a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/fe9490248b43262e2613b2…" rel=\"nofollow\">Allow the use of quotes in <code>set-(local|session)-storage-item</code></a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/92d58a934e2392a346a587…" rel=\"nofollow\">Add ability to trigger cookie removal on specific events</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/23e952e408915752c90dc3…" rel=\"nofollow\">Ensure CSSTree does not hold a reference onto last parsed string</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/302676f334820cdfe567f7…" rel=\"nofollow\">Lower minimum Expires value to 4h</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/03ac48dee7ecbf33ac2dd4…" rel=\"nofollow\">Properly reset needle length in unserialized buffer</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/d4babab0e0c4b624992f8f…" rel=\"nofollow\">Add additional flags to regional lists</a> (by @DandelionSprout)</li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/a09bd04e017892dd0b0d12…" rel=\"nofollow\">Harden scriptlets which need to serialize function code into string</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/1a5be5c8aa0baa49879f92…" rel=\"nofollow\">Reset <code>g</code> regexes before use in <code>rmnt</code>/<code>rpnt</code> scriptlets</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/f2e3dd373c3a474ca27bad…" rel=\"nofollow\">Apply response filtering according to mime type</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/12cfcbade6a208e02352fd…" rel=\"nofollow\">Add t/f to set-cookie</a> (by @ryanbr)</li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/7856310df6fe39bff4e1b0…" rel=\"nofollow\">Have <code>urltransform=</code> use the same syntax as <code>replace=</code></a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/520b2f8c295d638b0c72f5…" rel=\"nofollow\">Implement network filter option <code>replace=</code></a></li><li>...</li></ul>\n<a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/3f4f5634b3bdd26c8e335f…" rel=\"nofollow\">Commits history since last version</a>" }, - "reviewed": "2023-11-02T12:31:33Z", - "version": "1.53.0", + "reviewed": "2023-11-27T08:08:01Z", + "version": "1.54.0", "files": [ { - "id": 4188488, - "created": "2023-10-31T12:35:52Z", - "hash": "sha256:5403474101f753b5d38c09135e40d82a115afcd01310d78133a4af363462194b", + "id": 4198829, + "created": "2023-11-22T16:24:35Z", + "hash": "sha256:9797160908191710ff0858536ba6dc29ecad9923c30b2ad6d3e5e371d759e44d", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 3593021, + "size": 3630690, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4188488/ublock_origin-1.5…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4198829/ublock_origin-1.5…", "permissions": [ "dns", "menus", @@ -1392,7 +1380,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-11-14T23:15:40Z", + "last_updated": "2023-12-03T21:40:39Z", "name": { "ar": "uBlock Origin", "bg": "uBlock Origin", @@ -1537,10 +1525,10 @@ "category": "recommended" }, "ratings": { - "average": 4.7847, - "bayesian_average": 4.7843208303981575, - "count": 16602, - "text_count": 4329 + "average": 4.7859, + "bayesian_average": 4.785523327278846, + "count": 16777, + "text_count": 4370 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/reviews/", "requires_payment": false, @@ -1603,7 +1591,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/versions/", - "weekly_downloads": 252376 + "weekly_downloads": 215425 }, "notes": null }, @@ -1619,14 +1607,11 @@ "picture_url": null } ], - "average_daily_users": 173964, + "average_daily_users": 175242, "categories": { - "android": [ - "photos-media" - ], "firefox": [ - "games-entertainment", - "photos-music-videos" + "photos-music-videos", + "games-entertainment" ] }, "contributions_url": "", @@ -1718,10 +1703,10 @@ "category": "recommended" }, "ratings": { - "average": 4.4904, - "bayesian_average": 4.485326875429083, - "count": 1146, - "text_count": 428 + "average": 4.4827, + "bayesian_average": 4.477648647741963, + "count": 1154, + "text_count": 431 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/re…", "requires_payment": false, @@ -1743,7 +1728,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/ve…", - "weekly_downloads": 371 + "weekly_downloads": 395 }, "notes": null }, @@ -1759,14 +1744,11 @@ "picture_url": null } ], - "average_daily_users": 87714, + "average_daily_users": 87541, "categories": { - "android": [ - "experimental", - "security-privacy" - ], "firefox": [ - "privacy-security" + "privacy-security", + "other" ] }, "contributions_url": "", @@ -1897,7 +1879,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/versions/", - "weekly_downloads": 1865 + "weekly_downloads": 1612 }, "notes": null }, @@ -1913,15 +1895,12 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/64/9064/12929064/12929064.pn…" } ], - "average_daily_users": 281546, + "average_daily_users": 286382, "categories": { - "android": [ - "photos-media", - "user-interface" - ], "firefox": [ - "photos-music-videos", - "search-tools" + "search-tools", + "appearance", + "photos-music-videos" ] }, "contributions_url": "https://www.paypal.com/donate?hosted_button_id=GLL4UNSNU6SQN&utm_content=pr…", @@ -2133,10 +2112,10 @@ "category": "recommended" }, "ratings": { - "average": 4.655, - "bayesian_average": 4.65048814198261, - "count": 1348, - "text_count": 258 + "average": 4.6517, + "bayesian_average": 4.6472069802370894, + "count": 1358, + "text_count": 262 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/reviews/", "requires_payment": false, @@ -2157,7 +2136,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/versions/", - "weekly_downloads": 5130 + "weekly_downloads": 7018 }, "notes": null }, @@ -2180,13 +2159,11 @@ "picture_url": null } ], - "average_daily_users": 116182, + "average_daily_users": 118255, "categories": { - "android": [ - "other" - ], "firefox": [ - "search-tools" + "search-tools", + "other" ] }, "contributions_url": "", @@ -2463,10 +2440,10 @@ "category": "recommended" }, "ratings": { - "average": 4.3666, - "bayesian_average": 4.362179866443754, - "count": 1271, - "text_count": 356 + "average": 4.3682, + "bayesian_average": 4.363792783638318, + "count": 1282, + "text_count": 360 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/reviews/", "requires_payment": false, @@ -2486,7 +2463,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/versions/", - "weekly_downloads": 32 + "weekly_downloads": 76 }, "notes": null }, @@ -2502,15 +2479,12 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/43/0143/143/143.png?modified…" } ], - "average_daily_users": 313357, + "average_daily_users": 314489, "categories": { - "android": [ - "performance", - "security-privacy" - ], "firefox": [ + "web-development", "privacy-security", - "web-development" + "other" ] }, "contributions_url": "https://www.paypal.com/donate/?hosted_button_id=9ERKTU5MBH4EW&utm_content=p…", @@ -2692,10 +2666,10 @@ "category": "recommended" }, "ratings": { - "average": 4.3968, - "bayesian_average": 4.394142112372486, - "count": 2137, - "text_count": 828 + "average": 4.3987, + "bayesian_average": 4.3960429536167975, + "count": 2147, + "text_count": 830 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/reviews/", "requires_payment": false, @@ -2739,7 +2713,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/", - "weekly_downloads": 8490 + "weekly_downloads": 8814 }, "notes": null }, @@ -2755,15 +2729,12 @@ "picture_url": null } ], - "average_daily_users": 156584, + "average_daily_users": 158614, "categories": { - "android": [ - "performance", - "photos-media" - ], "firefox": [ - "games-entertainment", - "photos-music-videos" + "photos-music-videos", + "other", + "games-entertainment" ] }, "contributions_url": "", @@ -2867,9 +2838,9 @@ "category": "recommended" }, "ratings": { - "average": 3.8631, - "bayesian_average": 3.8590398415336518, - "count": 1191, + "average": 3.8686, + "bayesian_average": 3.8645267887251755, + "count": 1195, "text_count": 432 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/revi…", @@ -2889,7 +2860,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/vers…", - "weekly_downloads": 2791 + "weekly_downloads": 2376 }, "notes": null } ===================================== projects/browser/config ===================================== @@ -91,9 +91,9 @@ input_files: - URL: https://addons.mozilla.org/firefox/downloads/file/4178438/noscript-11.4.28.… name: noscript sha256sum: 54d076b3226d454216117547f6441d2f95af3057d20f726e55d94b0f22573c14 - - URL: https://addons.mozilla.org/firefox/downloads/file/4188488/ublock_origin-1.5… + - URL: https://addons.mozilla.org/firefox/downloads/file/4198829/ublock_origin-1.5… name: ublock-origin - sha256sum: 5403474101f753b5d38c09135e40d82a115afcd01310d78133a4af363462194b + sha256sum: 9797160908191710ff0858536ba6dc29ecad9923c30b2ad6d3e5e371d759e44d enable: '[% c("var/mullvad-browser") %]' - URL: https://cdn.mullvad.net/browser-extension/0.8.4/mullvad-browser-extension-0… name: mullvad-extension ===================================== projects/firefox/config ===================================== @@ -18,7 +18,7 @@ var: firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '13.0' browser_branch: '[% c("var/browser_series") %]-1' - browser_build: 3 + browser_build: 4 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' @@ -86,7 +86,7 @@ targets: mullvadbrowser: git_url: https://gitlab.torproject.org/tpo/applications/mullvad-browser.git var: - browser_build: 2 + browser_build: 3 branding_directory_prefix: 'mb' gitlab_project: https://gitlab.torproject.org/tpo/applications/mullvad-browser updater_url: 'https://cdn.mullvad.net/browser/update_responses/update_1/' ===================================== projects/geckoview/config ===================================== @@ -16,7 +16,7 @@ container: var: geckoview_version: 115.5.0esr browser_branch: 13.0-1 - browser_build: 2 + browser_build: 4 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' ===================================== projects/manual/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 # To update, see doc/how-to-update-the-manual.txt # Remember to update also the package's hash, with the version! -version: 120105 +version: 122062 filename: 'manual-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: ebcf66a4a8f8d0801234203d8e2b8d46744f6c2f + git_hash: d4772b91cee02fffc2a01db61e45311fad4ad767 targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: 94f2dbd69095270431df2d44f5573fc9c68ad240 + git_hash: 677b5d8b72447ef40cd437296802f04894ce9df6 targets: nightly: git_hash: 'tor-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: dfe9edb319cdaf311c11103f3a0efa44ebc95cb4 + git_hash: 76fd869e48f0bd3cb1c7da321ce9e15a482f2a2c compress_tar: 'zst' targets: nightly: ===================================== rbm.conf ===================================== @@ -81,10 +81,10 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '13.0.5' + torbrowser_version: '13.0.6' torbrowser_build: 'build1' torbrowser_incremental_from: - - '13.0.4' + - '13.0.5' - '13.0.1' - '13.0' updater_enabled: 1 @@ -304,6 +304,10 @@ targets: - tr - zh-CN - zh-TW + torbrowser_incremental_from: + - '13.0.4' + - '13.0.1' + - '13.0' torbrowser-testbuild: - testbuild View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-115.5.0esr-13.0-1-build3
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed new tag mullvad-browser-115.5.0esr-13.0-1-build3 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.5.0esr-13.0-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed to branch mullvad-browser-115.5.0esr-13.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 81d88620 by hackademix at 2023-12-04T13:34:12+01:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42306: Prevent crashes and actually clear the clipboard on Wayland - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -155,12 +155,17 @@ const ClipboardPrivacy = { _globalActivation: false, _isPrivateClipboard: false, _hasher: null, + _shuttingDown: false, - _computeClipboardHash(win = Services.ww.activeWindow) { + _createTransferable() { const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( Ci.nsITransferable ); - trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + trans.init(null); + return trans; + }, + _computeClipboardHash() { + const trans = this._createTransferable(); ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); try { Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); @@ -199,16 +204,26 @@ const ClipboardPrivacy = { this._globalActivation = !Services.focus.activeWindow; }, 100); } - const clipboardHash = this._computeClipboardHash(win); - if (clipboardHash !== this._lastClipboardHash) { - this._isPrivateClipboard = - !activation && - (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - lazy.PrivateBrowsingUtils.isWindowPrivate(win)); - this._lastClipboardHash = clipboardHash; - console.log( - `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` - ); + + const checkClipboardContent = () => { + const clipboardHash = this._computeClipboardHash(); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + + if (win.closed) { + checkClipboardContent(); + } else { + // defer clipboard access on DOM events to work-around tor-browser#42306 + lazy.setTimeout(checkClipboardContent, 0); } }; const focusListener = e => @@ -231,18 +246,28 @@ const ClipboardPrivacy = { if ( this._isPrivateClipboard && lazy.PrivateBrowsingUtils.isWindowPrivate(win) && - !( - lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - Array.from(Services.ww.getWindowEnumerator()).find(w => - lazy.PrivateBrowsingUtils.isWindowPrivate(w) - ) - ) + (this._shuttingDown || + !Array.from(Services.ww.getWindowEnumerator()).find( + w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) && + // We need to filter out the HIDDEN WebExtensions window, + // which might be private as well but is not UI-relevant. + !w.location.href.startsWith("chrome://extensions/") + )) ) { // no more private windows, empty private content if needed this.emptyPrivate(); } } }); + + lazy.AsyncShutdown.quitApplicationGranted.addBlocker( + "ClipboardPrivacy: removing private data", + () => { + this._shuttingDown = true; + this.emptyPrivate(); + } + ); }, emptyPrivate() { if ( @@ -253,7 +278,20 @@ const ClipboardPrivacy = { ) && this._lastClipboardHash === this._computeClipboardHash() ) { - Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + // nsIClipboard.emptyClipboard() does nothing in Wayland: + // we'll set an empty string as a work-around. + const trans = this._createTransferable(); + const flavor = "text/plain"; + trans.addDataFlavor(flavor); + const emptyString = Cc["@mozilla.org/supports-string;1"].createInstance( + Ci.nsISupportsString + ); + emptyString.data = ""; + trans.setTransferData(flavor, emptyString); + const { clipboard } = Services, + { kGlobalClipboard } = clipboard; + clipboard.setData(trans, null, kGlobalClipboard); + clipboard.emptyClipboard(kGlobalClipboard); this._lastClipboardHash = null; this._isPrivateClipboard = false; console.log("Private clipboard emptied."); @@ -1994,7 +2032,6 @@ BrowserGlue.prototype = { lazy.UpdateListener.reset(); } }, - () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/81d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/81d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.5.0esr-13.5-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed to branch mullvad-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 1ff67dd6 by hackademix at 2023-12-04T13:31:29+01:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42306: Prevent crashes and actually clear the clipboard on Wayland - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -155,12 +155,17 @@ const ClipboardPrivacy = { _globalActivation: false, _isPrivateClipboard: false, _hasher: null, + _shuttingDown: false, - _computeClipboardHash(win = Services.ww.activeWindow) { + _createTransferable() { const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( Ci.nsITransferable ); - trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + trans.init(null); + return trans; + }, + _computeClipboardHash() { + const trans = this._createTransferable(); ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); try { Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); @@ -199,16 +204,26 @@ const ClipboardPrivacy = { this._globalActivation = !Services.focus.activeWindow; }, 100); } - const clipboardHash = this._computeClipboardHash(win); - if (clipboardHash !== this._lastClipboardHash) { - this._isPrivateClipboard = - !activation && - (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - lazy.PrivateBrowsingUtils.isWindowPrivate(win)); - this._lastClipboardHash = clipboardHash; - console.log( - `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` - ); + + const checkClipboardContent = () => { + const clipboardHash = this._computeClipboardHash(); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + + if (win.closed) { + checkClipboardContent(); + } else { + // defer clipboard access on DOM events to work-around tor-browser#42306 + lazy.setTimeout(checkClipboardContent, 0); } }; const focusListener = e => @@ -231,18 +246,28 @@ const ClipboardPrivacy = { if ( this._isPrivateClipboard && lazy.PrivateBrowsingUtils.isWindowPrivate(win) && - !( - lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - Array.from(Services.ww.getWindowEnumerator()).find(w => - lazy.PrivateBrowsingUtils.isWindowPrivate(w) - ) - ) + (this._shuttingDown || + !Array.from(Services.ww.getWindowEnumerator()).find( + w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) && + // We need to filter out the HIDDEN WebExtensions window, + // which might be private as well but is not UI-relevant. + !w.location.href.startsWith("chrome://extensions/") + )) ) { // no more private windows, empty private content if needed this.emptyPrivate(); } } }); + + lazy.AsyncShutdown.quitApplicationGranted.addBlocker( + "ClipboardPrivacy: removing private data", + () => { + this._shuttingDown = true; + this.emptyPrivate(); + } + ); }, emptyPrivate() { if ( @@ -253,7 +278,20 @@ const ClipboardPrivacy = { ) && this._lastClipboardHash === this._computeClipboardHash() ) { - Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + // nsIClipboard.emptyClipboard() does nothing in Wayland: + // we'll set an empty string as a work-around. + const trans = this._createTransferable(); + const flavor = "text/plain"; + trans.addDataFlavor(flavor); + const emptyString = Cc["@mozilla.org/supports-string;1"].createInstance( + Ci.nsISupportsString + ); + emptyString.data = ""; + trans.setTransferData(flavor, emptyString); + const { clipboard } = Services, + { kGlobalClipboard } = clipboard; + clipboard.setData(trans, null, kGlobalClipboard); + clipboard.emptyClipboard(kGlobalClipboard); this._lastClipboardHash = null; this._isPrivateClipboard = false; console.log("Private clipboard emptied."); @@ -1994,7 +2032,6 @@ BrowserGlue.prototype = { lazy.UpdateListener.reset(); } }, - () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/1ff… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/1ff… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.5.0esr-13.0-1-build4
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed new tag tor-browser-115.5.0esr-13.0-1-build4 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.0-1] fixup! Bug 23247: Communicating security expectations for .onion
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed to branch tor-browser-115.5.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 91e057ca by cypherpunks1 at 2023-12-04T13:06:55+01:00 fixup! Bug 23247: Communicating security expectations for .onion Bug 42231: Improve the network monitor patch for http onion resources - - - - - 2 changed files: - devtools/client/netmonitor/src/components/SecurityState.js - devtools/shared/network-observer/NetworkHelper.sys.mjs Changes: ===================================== devtools/client/netmonitor/src/components/SecurityState.js ===================================== @@ -41,7 +41,7 @@ class SecurityState extends Component { const { securityState, - urlDetails: { isLocal }, + urlDetails: { host, isLocal }, } = item; const iconClassList = ["requests-security-state-icon"]; @@ -50,7 +50,11 @@ class SecurityState extends Component { // Locally delivered files such as http://localhost and file:// paths // are considered to have been delivered securely. - if (isLocal) { + if ( + isLocal || + (host?.endsWith(".onion") && + Services.prefs.getBoolPref("dom.securecontext.allowlist_onions", false)) + ) { realSecurityState = "secure"; } ===================================== devtools/shared/network-observer/NetworkHelper.sys.mjs ===================================== @@ -596,9 +596,6 @@ export var NetworkHelper = { // The request did not contain any security info. if (!securityInfo) { - if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) { - info.state = "secure"; - } return info; } @@ -650,11 +647,7 @@ export var NetworkHelper = { // schemes other than https and wss are subject to // downgrade/etc at the scheme level and should always be // considered insecure - if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) { - info.state = "secure"; - } else { - info.state = "insecure"; - } + info.state = "insecure"; } else if (state & wpl.STATE_IS_SECURE) { // The connection is secure if the scheme is sufficient info.state = "secure"; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/91e057c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/91e057c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 41017: Tell Nvidia drivers not to create the shader cache.
by Pier Angelo Vendrame (＠pierov) 04 Dec '23

04 Dec '23

Pier Angelo Vendrame pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 6a9aac2c by Pier Angelo Vendrame at 2023-12-04T13:03:03+01:00 Bug 41017: Tell Nvidia drivers not to create the shader cache. Nvidia drivers create a shader cache in $HOME/.cache/nvidia by default. However, it can be easily disabled with an environment variable. - - - - - 1 changed file: - projects/browser/RelativeLink/start-browser Changes: ===================================== projects/browser/RelativeLink/start-browser ===================================== @@ -367,6 +367,10 @@ rm -Rf "${HOME}/TorBrowser/Data/fontconfig" # Avoid overwriting user's dconf values. Fixes #27903. export GSETTINGS_BACKEND=memory +# tor-browser-build#41017: Nvidia drivers create a shader cache by default in +# $HOME/.cache/nvidia. We we can easily disable it. +export __GL_SHADER_DISK_CACHE=0 + cd "${HOME}" # We pass all additional command-line arguments we get to Firefox. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.0-1] fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in...
by Pier Angelo Vendrame (＠pierov) 04 Dec '23

04 Dec '23

Pier Angelo Vendrame pushed to branch tor-browser-115.5.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 92139ee5 by Pier Angelo Vendrame at 2023-12-04T12:57:25+01:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 42299: Unbreak about:preferences#connection when invalid bridge lines are supplied We switched to a shared bridge line parser. It might throw if an invalid bridge line is passed, but we do not handle the exception in connectionPane.js. As a result, the page breaks. As a workaround, we can simply ignore the errors, but a better solution would warn the user about that. A bridge card rework is expected to happen in the 13.5 cycle, so I think we can defer a proper fix to that moment. (This should also be the UX of 11.5, 12.0 and 12.5). - - - - - 1 changed file: - browser/components/torpreferences/content/connectionPane.js Changes: ===================================== browser/components/torpreferences/content/connectionPane.js ===================================== @@ -398,7 +398,7 @@ const gConnectionPane = (function () { bridgeSwitch.addEventListener("toggle", () => { TorSettings.bridges.enabled = bridgeSwitch.pressed; TorSettings.saveToPrefs(); - TorSettings.applySettings().then(result => { + TorSettings.applySettings().finally(() => { this._populateBridgeCards(); }); }); @@ -486,7 +486,12 @@ const gConnectionPane = (function () { }); const idString = TorStrings.settings.bridgeId; const id = card.querySelector(selectors.bridges.cardId); - const details = TorParsers.parseBridgeLine(bridgeString); + let details; + try { + details = TorParsers.parseBridgeLine(bridgeString); + } catch (e) { + console.error(`Detected invalid bridge line: ${bridgeString}`, e); + } if (details && details.id !== undefined) { card.setAttribute("data-bridge-id", details.id); } @@ -529,7 +534,7 @@ const gConnectionPane = (function () { bridgeSwitch.pressed && !!strings.length; TorSettings.bridges.bridge_strings = strings.join("\n"); TorSettings.saveToPrefs(); - TorSettings.applySettings().then(result => { + TorSettings.applySettings().finally(() => { this._populateBridgeCards(); }); }); @@ -1021,7 +1026,7 @@ const gConnectionPane = (function () { TorSettings.bridges.builtin_type = ""; } TorSettings.saveToPrefs(); - TorSettings.applySettings().then(result => { + TorSettings.applySettings().finally(() => { this._populateBridgeCards(); }); }, @@ -1036,8 +1041,12 @@ const gConnectionPane = (function () { async saveBridgeSettings(connect) { TorSettings.saveToPrefs(); // FIXME: This can throw if the user adds a bridge manually with invalid - // content. Should be addressed by tor-browser#40552. - await TorSettings.applySettings(); + // content. Should be addressed by tor-browser#41913. + try { + await TorSettings.applySettings(); + } catch (e) { + console.error("Applying settings failed", e); + } this._populateBridgeCards(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/92139ee… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/92139ee… You're receiving this email because of your account on gitlab.torproject.org.

1 0