September 2023 - tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-spec][main] Bug 40057: FF110 Audit
by richard (＠richard) 27 Sep '23

27 Sep '23

richard pushed to branch main at The Tor Project / Applications / tor-browser-spec Commits: 347fe297 by Richard Pospesel at 2023-09-27T22:16:56+00:00 Bug 40057: FF110 Audit - - - - - 1 changed file: - + audits/FF110_AUDIT Changes: ===================================== audits/FF110_AUDIT ===================================== @@ -0,0 +1,82 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: `b89c6dedbd57992efe751d1b585116f2eaa34481` ( `FIREFOX_109_0_1_RELEASE` ) +- End: `250178df19caa1fb25bfa0e35728426cfbde95f8` ( `FIREFOX_110_0_1_RELEASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +--- + +## Application Services: https://github.com/mozilla/application-services.git + +- Start: `102fa0de36a21b1b2f561ba6de557e20d05b7380` ( `v96.3.0` ) +- End: `5755d9ce30ef10248eb55c4b39a522a118ce7d95` ( `v97.1.0` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +### Problematic Commits + +- Create shared remote settings client and port Nimbus to it `1d55a254fb6817c538ce19666cc02196c61170e6` + +## Firefox Android: https://github.com/mozilla-mobile/firefox-android.git + +- Start: `a7e03da7c26d76bea2fb9c77efce9d841d81f4e0` +- End: `bc529747751ab545dba0a90a339f11382d742c97` + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Fenix: https://github.com/mozilla-mobile/fenix.git + +- Start: `efb2198489bbf27e18e434306183667cf4df0526` ( `v110.0b1` ) +- End: `43c570380c5aa091f361018f038fa37cbfa71662` ( `v110.0.1` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Ticket Review ## + +Bugzilla Query: `https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=$(FIREFOX_VERSION)%20Branch&order=priority%2Cbug_severity&limit=0` + +#### Problematic Tickets + +- **Add about:preferences entry for cookie banner handling** https://bugzilla.mozilla.org/show_bug.cgi?id=1800675 + - https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41981 + - **RESOLUTION** disabling for 13.0 and revisiting for the 13.5 alpha series +- **Add Cocoa platform support for paste files** https://bugzilla.mozilla.org/show_bug.cgi?id=1762392 + - https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41982 + - **RESOLUTION** has to deal with pasting into tor-browser, not exfiltration of data out, so we're good here +- **Create a reusable "support-link" widget** https://bugzilla.mozilla.org/show_bug.cgi?id=1770447 + - https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41983 + - **RESOLUTION** not an issue, just a hint to us for future UX work + +## Export +- [ ] Export Report and save to `tor-browser-spec/audits` \ No newline at end of file View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/commit/34… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/commit/34… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-spec][main] Bug 40056: FF109 Audit
by richard (＠richard) 27 Sep '23

27 Sep '23

richard pushed to branch main at The Tor Project / Applications / tor-browser-spec Commits: 651d6cff by Richard Pospesel at 2023-09-27T22:13:38+00:00 Bug 40056: FF109 Audit - - - - - 1 changed file: - + audits/FF109_AUDIT Changes: ===================================== audits/FF109_AUDIT ===================================== @@ -0,0 +1,76 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: `0ae93a27c796bea7836d4b0885c8a1f2c4c18284` ( `FIREFOX_108_0_2_RELEASE` ) +- End: `b89c6dedbd57992efe751d1b585116f2eaa34481` ( `FIREFOX_109_0_1_RELEASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +--- + +## Application Services: https://github.com/mozilla/application-services.git + +- Start: `d8b5a386936aa156f4c6d93e6645a6d2188aa788` ( `v96.2.1` ) +- End: `102fa0de36a21b1b2f561ba6de557e20d05b7380` ( `v96.3.0` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Firefox Android: https://github.com/mozilla-mobile/firefox-android.git + +- Start: `55d34bf82ad051e25f15c0d1ef5fb8b3a32a7522` +- End: `a7e03da7c26d76bea2fb9c77efce9d841d81f4e0` + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Fenix: https://github.com/mozilla-mobile/fenix.git + +- Start: `dc08c68a6cd7932dad599d0713bb3bd3b9f72b57` ( `v109.0b1` ) +- End: `a66807eeb0ff39f96a41a60ac950bd9f31ecf5bd` ( `v109.2.0` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +## Ticket Review ## + +Bugzilla Query: `https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&resolution=FIXED&target_milestone=109%20Branch&order=priority%2Cbug_severity&limit=0` + +#### Problematic Tickets + +- **Re-enable pingsender2** https://bugzilla.mozilla.org/show_bug.cgi?id=1746983 + - https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41969 + - **RESOLUTION** our existing patches are sufficient to keep pingsender away +- **WebRTC bypasses Network settings & proxy.onRequest** https://bugzilla.mozilla.org/show_bug.cgi?id=1790270 + - https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41970 + - **RESOLUTION** nothing to do here, the upstream bug fix is good for us and fixes some proxy leak +## Export +- [ ] Export Report and save to `tor-browser-spec/audits` \ No newline at end of file View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/commit/65… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/commit/65… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.3.0esr-13.0-1] fixup! Firefox preference overrides.
by richard (＠richard) 27 Sep '23

27 Sep '23

richard pushed to branch base-browser-115.3.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: dee4b1e1 by Pier Angelo Vendrame at 2023-09-27T19:51:01+00:00 fixup! Firefox preference overrides. Bug 41496: Pref review for 115/13.0 - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -40,6 +40,8 @@ pref("app.update.promptWaitTime", 3600); pref("app.update.staging.enabled", false); #endif +pref("browser.startup.homepage_override.buildID", "20100101"); + // Disable the "Refresh" prompt that is displayed for stale profiles. pref("browser.disableResetPrompt", true); @@ -47,7 +49,6 @@ pref("browser.disableResetPrompt", true); pref("browser.privatebrowsing.autostart", true); pref("browser.cache.disk.enable", false); pref("permissions.memory_only", true); -pref("network.cookie.lifetimePolicy", 2); pref("security.nocertdb", true); pref("media.aboutwebrtc.hist.enabled", false); @@ -66,7 +67,10 @@ pref("browser.download.enable_spam_prevention", true); // Misc privacy: Disk pref("signon.rememberSignons", false); pref("browser.formfill.enable", false); +pref("signon.formlessCapture.enabled", false); // Added with tor-browser#41496 pref("signon.autofillForms", false); +// Do not store extra data (form, scrollbar positions, cookies, POST data) for +// the session restore functionality. pref("browser.sessionstore.privacy_level", 2); // Use the in-memory media cache and increase its maximum size (#29120) pref("browser.privatebrowsing.forceMediaMemoryCache", true); @@ -80,6 +84,8 @@ pref("browser.pagethumbnails.capturing_disabled", true); // Enable HTTPS-Only mode (tor-browser#19850) pref("dom.security.https_only_mode", true); +// The previous pref automatically sets this to true (see StaticPrefList.yaml), +// but set it anyway only as a defense-in-depth. pref("dom.security.https_only_mode_pbm", true); // tor-browser#22320: Hide referer when comming from a .onion address @@ -118,7 +124,8 @@ pref("security.tls.version.enable-deprecated", false, locked); // Misc privacy: Remote pref("browser.send_pings", false); // Space separated list of URLs that are allowed to send objects (instead of -// only strings) through webchannels. +// only strings) through webchannels. The default for Firefox is some Mozilla +// domains. pref("webchannel.allowObject.urlWhitelist", ""); pref("geo.enabled", false); pref("geo.provider.network.url", ""); @@ -127,6 +134,7 @@ pref("geo.provider.use_corelocation", false); pref("geo.provider.use_gpsd", false); pref("geo.provider.use_geoclue", false); pref("browser.search.suggest.enabled", false); +pref("browser.search.suggest.enabled.private", false); pref("browser.urlbar.suggest.searches", false); pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); pref("browser.urlbar.suggest.quicksuggest.sponsored", false); @@ -143,7 +151,6 @@ pref("browser.safebrowsing.provider.google4.updateURL", ""); pref("browser.safebrowsing.provider.google4.gethashURL", ""); pref("browser.safebrowsing.provider.mozilla.updateURL", ""); pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); -pref("extensions.ui.lastCategory", "addons://list/extension"); pref("datareporting.healthreport.uploadEnabled", false); pref("datareporting.policy.dataSubmissionEnabled", false); // Make sure Unified Telemetry is really disabled, see: #18738. @@ -152,6 +159,9 @@ pref("toolkit.telemetry.unified", false); pref("toolkit.telemetry.enabled", false, locked); pref("toolkit.telemetry.server", "data:,"); pref("toolkit.telemetry.archive.enabled", false); +pref("toolkit.telemetry.newProfilePing.enabled", false); // Added in tor-browser#41496 +pref("toolkit.telemetry.shutdownPingSender.enabled", false); // Added in tor-browser#41496 +pref("toolkit.telemetry.firstShutdownPing.enabled", false); // Added in tor-browser#41496 pref("toolkit.telemetry.updatePing.enabled", false); // Make sure updater telemetry is disabled; see #25909. pref("toolkit.telemetry.bhrPing.enabled", false); pref("toolkit.telemetry.coverage.opt-out", true); @@ -160,6 +170,11 @@ pref("toolkit.coverage.endpoint.base", ""); pref("browser.ping-centre.telemetry", false); pref("browser.tabs.crashReporting.sendReport", false); pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); +// Added in tor-browser#41496 even though false by default +pref("browser.crashReports.unsubmittedCheck.enabled", false); +// Added in tor-browser#41496 even though it shuld be already always disabled +// since we disable MOZ_CRASHREPORTER. +pref("breakpad.reportURL", "data:"); #ifdef XP_WIN // Defense-in-depth: ensure that the Windows default browser agent will // not ping Mozilla if it is somehow present (we omit it at build time). @@ -177,10 +192,8 @@ pref("services.sync.engine.passwords", false); pref("services.sync.engine.prefs", false); pref("services.sync.engine.tabs", false); pref("extensions.getAddons.cache.enabled", false); // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ -pref("browser.search.region", "US"); // The next two prefs disable GeoIP search lookups (#16254) -pref("browser.search.geoip.url", ""); pref("browser.fixup.alternate.enabled", false); // Bug #16783: Prevent .onion fixups -pref("privacy.donottrackheader.enabled", false); // (privacy-browser#17) +pref("privacy.donottrackheader.enabled", false); // (mullvad-browser#17) // Make sure there is no Tracking Protection active in Tor Browser, see: #17898. pref("privacy.trackingprotection.enabled", false); pref("privacy.trackingprotection.pbmode.enabled", false); @@ -200,15 +213,10 @@ pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); pref("browser.newtabpage.activity-stream.showSponsored", false); pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); pref("browser.newtabpage.activity-stream.default.sites", ""); +// Activity Stream telemetry pref("browser.newtabpage.activity-stream.feeds.telemetry", false); pref("browser.newtabpage.activity-stream.telemetry", false); -// tor-browser#41945 - disable automatic cookie banners dismissal until -// we're sure it does not causes fingerprinting risks or other issues. -pref("cookiebanners.service.mode", 0); -pref("cookiebanners.service.mode.privateBrowsing", 0); -pref("cookiebanners.ui.desktop.enabled", false); - // tor-browser#40788: disable AS's calls to home. // Notice that null is between quotes because it is a JSON string. // Keep checked firefox.js to see if new entries are added. @@ -221,6 +229,12 @@ pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiment // Disable fetching asrouter.ftl and related console errors (tor-browser#40763). pref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false); +// tor-browser#41945 - disable automatic cookie banners dismissal until +// we're sure it does not causes fingerprinting risks or other issues. +pref("cookiebanners.service.mode", 0); +pref("cookiebanners.service.mode.privateBrowsing", 0); +pref("cookiebanners.ui.desktop.enabled", false); + // Disable moreFromMozilla pane in the preferences/settings (tor-browser#41292). pref("browser.preferences.moreFromMozilla", false); @@ -228,14 +242,16 @@ pref("browser.preferences.moreFromMozilla", false); pref("extensions.screenshots.disabled", true); pref("extensions.webcompat-reporter.enabled", false); +pref("browser.search.region", "US"); // Disable GeoIP search lookups (#16254) // Disable use of WiFi location information pref("browser.region.network.scan", false); pref("browser.region.network.url", ""); pref("browser.region.local-geocoding", false); -// Bug 40083: Make sure Region.jsm fetching is disabled +// Bug 40083: Make sure Region.sys.mjs fetching is disabled pref("browser.region.update.enabled", false); -// Don't load Mozilla domains in a separate tab process +// Don't load Mozilla domains in a separate privileged tab process +pref("browser.tabs.remote.separatePrivilegedMozillaWebContentProcess", false); pref("browser.tabs.remote.separatedMozillaDomains", ""); // Avoid DNS lookups on search terms @@ -270,12 +286,23 @@ pref("security.pki.crlite_mode", 0); // Disable website password breach alerts pref("signon.management.page.breach-alerts.enabled", false); -// Disable remote "password recipes" +// Disable remote "password recipes". They are a way to improve the UX of the +// password manager by havinc specific heuristics for some sites. +// It needs remote settings and in general we disable the password manager. +// More information about this feature at +// https://bugzilla.mozilla.org/show_bug.cgi?id=1119454 pref("signon.recipes.remoteRecipes.enabled", false); -// Disable ServiceWorkers and push notifications by default +// Disable ServiceWorkers by default. They do not work in PBM in any case. +// See https://bugzilla.mozilla.org/show_bug.cgi?id=1320796 pref("dom.serviceWorkers.enabled", false); +// Push notifications use an online Mozilla service and a persistent ID stored +// in dom.push.userAgentID, so disable them by default. +// See also https://support.mozilla.org/kb/push-notifications-firefox pref("dom.push.enabled", false); +// As a defense in depth measure, also set the push server URL to empty. +// See tor-browser#18801. +pref("dom.push.serverURL", ""); // Fingerprinting // tor-browser#41797: For release builds, lock RFP @@ -292,7 +319,6 @@ pref("privacy.resistFingerprinting", true); pref("webgl.disable-fail-if-major-performance-caveat", true); // tor-browser#16404: disable until we investigate it further (#22333) pref("webgl.enable-webgl2", false); -pref("browser.startup.homepage_override.buildID", "20100101"); pref("browser.link.open_newwindow.restriction", 0); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups) // Prevent scripts from moving and resizing open windows pref("dom.disable_window_move_resize", true); @@ -307,7 +333,9 @@ pref("dom.webmidi.enabled", false); // Bug 41398: Disable Web MIDI API // randomized IDs when this pref is true). // Defense-in-depth (already the default value) from Firefox 119 or 120. pref("media.devices.enumerate.legacy.enabled", false); -pref("dom.w3c_touch_events.enabled", 0); // Bug 10286: Always disable Touch API +// Bug 10286: Always disable Touch API. +// We might need to deepen this topic, see tor-browser#42069. +pref("dom.w3c_touch_events.enabled", 0); pref("dom.vr.enabled", false); // Bug 21607: Disable WebVR for now pref("security.webauth.webauthn", false); // Bug 26614: Disable Web Authentication API for now // Disable SAB, no matter if the sites are cross-origin isolated. @@ -350,6 +378,7 @@ pref("javascript.options.spectre.disable_for_isolated_content", false, locked); pref("privacy.firstparty.isolate", true); // Always enforce first party isolation // tor-browser#40123 and #40308: Disable for now until audit pref("privacy.partition.network_state", false); +// Only accept cookies from the originating site (block third party cookies) pref("network.cookie.cookieBehavior", 1); pref("network.cookie.cookieBehavior.pbmode", 1); pref("network.predictor.enabled", false); // Temporarily disabled. See https://bugs.torproject.org/16633 @@ -365,7 +394,9 @@ pref("privacy.purge_trackers.enabled", false); // Do not allow cross-origin sub-resources to open HTTP authentication // credentials dialogs. Hardens against potential credentials phishing. pref("network.auth.subresource-http-auth-allow", 1); -// Disable sending additional analytics to web servers +// Disable sending additional analytics to web servers. +// This disables navigator.sendBeacon, even though this is discouraged by the +// standard: https://w3c.github.io/beacon/#privacy-and-security pref("beacon.enabled", false); pref("network.dns.disablePrefetch", true); @@ -379,13 +410,19 @@ pref("network.protocol-handler.warn-external.mailto", true); pref("network.protocol-handler.warn-external.news", true); pref("network.protocol-handler.warn-external.nntp", true); pref("network.protocol-handler.warn-external.snews", true); +#ifdef XP_WIN + pref("network.protocol-handler.external.ms-windows-store", false); + pref("network.protocol-handler.warn-external.ms-windows-store", true); +#endif pref("network.proxy.allow_bypass", false, locked); // #40682 // Lock to 'true', which is already the firefox default, to prevent users // from making themselves fingerprintable by disabling. This pref // alters content load order in a page. See tor-browser#24686 pref("network.http.tailing.enabled", true, locked); -// Make sure the varoius http2 settings, buffer sizes, timings, etc are locked to firefox defaults to minimize network performance fingerprinting. See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27128 +// Make sure the varoius http2 settings, buffer sizes, timings, etc are locked +// to firefox defaults to minimize network performance fingerprinting. +// See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27128 pref("network.http.http2.enabled", true, locked); pref("network.http.http2.enabled.deps", true, locked); pref("network.http.http2.enforce-tls-profile", true, locked); @@ -395,13 +432,13 @@ pref("network.http.http2.coalesce-hostnames", true, locked); pref("network.http.http2.persistent-settings", false, locked); pref("network.http.http2.ping-threshold", 58, locked); pref("network.http.http2.ping-timeout", 8, locked); -pref("network.http.http2.send-buffer-size", 131072, locked); +pref("network.http.http2.send-buffer-size", 0, locked); pref("network.http.http2.allow-push", true, locked); pref("network.http.http2.push-allowance", 131072, locked); pref("network.http.http2.pull-allowance", 12582912, locked); pref("network.http.http2.default-concurrent", 100, locked); pref("network.http.http2.default-hpack-buffer", 65536, locked); -pref("network.http.http2.websockets", false, locked); +pref("network.http.http2.websockets", true, locked); pref("network.http.http2.enable-hpack-dump", false, locked); // tor-browser#23044: Make sure we don't have any GIO supported protocols @@ -467,10 +504,6 @@ pref("network.manage-offline-status", false); pref("network.captive-portal-service.enabled", false); pref("network.connectivity-service.enabled", false); pref("captivedetect.canonicalURL", ""); -// As a "defense in depth" measure, configure an empty push server URL (the -// DOM Push features are disabled by default via other prefs). -// See tor-browser#18801. -pref("dom.push.serverURL", ""); #ifdef XP_WIN // tor-browser#41683: Disable the network process on Windows @@ -482,9 +515,7 @@ pref("network.process.enabled", false); // Extension support pref("extensions.autoDisableScopes", 0); -pref("extensions.databaseSchema", 3); pref("extensions.enabledScopes", 5); // AddonManager.SCOPE_PROFILE=1 | AddonManager.SCOPE_APPLICATION=4 -pref("extensions.pendingOperations", false); // We don't know what extensions Mozilla is advertising to our users and we // don't want to have some random Google Analytics script running either on the // about:addons page, see bug 22073, 22900 and 31601. @@ -498,8 +529,8 @@ pref("browser.discovery.enabled", false); pref("extensions.webextensions.restrictedDomains", ""); // Don't give Mozilla-recommended third-party extensions special privileges. pref("extensions.postDownloadThirdPartyPrompt", false); -// tor-browser#41701: Reporting an extension does not work -// disable extension reporting since the request goes to Mozilla and is rejected anyway (HTTP 400) +// tor-browser#41701: Reporting an extension does not work. The request goes to +// Mozilla and is always rejected anyway (HTTP 400). pref("extensions.abuseReport.enabled", false); // We are already providing the languages we support in multi-lingual packages. // Therefore, do not allow download of additional language packs. They are not a @@ -526,10 +557,6 @@ pref("security.certerrors.mitm.priming.enabled", false); // Don't automatically enable enterprise roots, see bug 40166 pref("security.certerrors.mitm.auto_enable_enterprise_roots", false); -// Don't allow any domain overrides access to offscreen rendering, see tor-browser#41135 -pref("gfx.offscreencanvas.domain-enabled", false); -pref("gfx.offscreencanvas.domain-allowlist", ""); - // Disable share menus on Mac and Windows tor-browser#41117 pref("browser.menu.share_url.allow", false, locked); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/dee4b1e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/dee4b1e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.3.0esr-13.0-1] 2 commits: fixup! Bug 40933: Add tor-launcher functionality
by richard (＠richard) 27 Sep '23

27 Sep '23

richard pushed to branch tor-browser-115.3.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 14e1b34c by Pier Angelo Vendrame at 2023-09-27T19:39:39+00:00 fixup! Bug 40933: Add tor-launcher functionality Bug 42131: Check for existing circuits during initialization. - - - - - 4b7f4df4 by Pier Angelo Vendrame at 2023-09-27T19:39:39+00:00 fixup! Bug 40933: Add tor-launcher functionality Bug 42132: Poll for circuit information when we did not collect its data already. - - - - - 2 changed files: - toolkit/components/tor-launcher/TorControlPort.sys.mjs - toolkit/components/tor-launcher/TorProvider.sys.mjs Changes: ===================================== toolkit/components/tor-launcher/TorControlPort.sys.mjs ===================================== @@ -272,6 +272,11 @@ class AsyncSocket { * * @typedef {string} NodeFingerprint */ +/** + * @typedef {object} CircuitInfo + * @property {CircuitID} id + * @property {NodeFingerprint[]} nodes + */ /** * @typedef {object} Bridge * @property {string} transport The transport of the bridge, or vanilla if not @@ -729,12 +734,14 @@ export class TorController { /** * Ask Tor a list of circuits. * - * @returns {string[]} An array with a string for each line + * @returns {CircuitInfo[]} An array with a string for each line */ async getCircuits() { const circuits = await this.#getInfo("circuit-status"); - // TODO: Do more parsing once we move the event parsing to this class! - return circuits.split(/\r?\n/); + return circuits + .split(/\r?\n/) + .map(this.#parseCircBuilt.bind(this)) + .filter(circ => circ); } // Configuration @@ -1022,25 +1029,15 @@ export class TorController { this.#eventHandler.onBootstrapStatus(status); break; case "CIRC": - const builtEvent = - /^(?<ID>[a-zA-Z0-9]{1,16})\sBUILT\s(?<Path>(,?\$([0-9a-fA-F]{40})(?:~[a-zA-Z0-9]{1,19})?)+)/.exec( - data.groups.data - ); + const maybeCircuit = this.#parseCircBuilt(data.groups.data); const closedEvent = /^(?<ID>[a-zA-Z0-9]{1,16})\sCLOSED/.exec( data.groups.data ); - if (builtEvent) { - const fp = /\$([0-9a-fA-F]{40})/g; - const nodes = Array.from(builtEvent.groups.Path.matchAll(fp), g => - g[1].toUpperCase() + if (maybeCircuit) { + this.#eventHandler.onCircuitBuilt( + maybeCircuit.id, + maybeCircuit.nodes ); - // In some cases, we might already receive SOCKS credentials in the - // line. However, this might be a problem with onion services: we get - // also a 4-hop circuit that we likely do not want to show to the - // user, especially because it is used only temporarily, and it would - // need a technical explaination. - // const credentials = this.#parseCredentials(data.groups.data); - this.#eventHandler.onCircuitBuilt(builtEvent.groups.ID, nodes); } else if (closedEvent) { this.#eventHandler.onCircuitClosed(closedEvent.groups.ID); } @@ -1068,7 +1065,7 @@ export class TorController { } } - // Other helpers + // Parsers /** * Parse a bootstrap status line. @@ -1099,15 +1096,32 @@ export class TorController { } /** - * Throw an exception when value is not a string. + * Parse a CIRC BUILT event or a GETINFO circuit-status. * - * @param {any} value The value to check - * @param {string} name The name of the `value` argument + * @param {string} line The line to parse + * @returns {CircuitInfo?} The ID and nodes of the circuit, or null if the + * parsing failed. */ - #expectString(value, name) { - if (typeof value !== "string" && !(value instanceof String)) { - throw new Error(`The ${name} argument is expected to be a string.`); + #parseCircBuilt(line) { + const builtEvent = + /^(?<ID>[a-zA-Z0-9]{1,16})\sBUILT\s(?<Path>(,?\$([0-9a-fA-F]{40})(?:~[a-zA-Z0-9]{1,19})?)+)/.exec( + line + ); + if (!builtEvent) { + return null; } + const fp = /\$([0-9a-fA-F]{40})/g; + const nodes = Array.from(builtEvent.groups.Path.matchAll(fp), g => + g[1].toUpperCase() + ); + // In some cases, we might already receive SOCKS credentials in the + // line. However, this might be a problem with Onion services: we get + // also a 4-hop circuit that we likely do not want to show to the + // user, especially because it is used only temporarily, and it would + // need a technical explaination. + // So we do not try to extract them for now. Otherwise, we could do + // const credentials = this.#parseCredentials(line); + return { id: builtEvent.groups.ID, nodes }; } /** @@ -1146,6 +1160,20 @@ export class TorController { ) ); } + + // Other helpers + + /** + * Throw an exception when value is not a string. + * + * @param {any} value The value to check + * @param {string} name The name of the `value` argument + */ + #expectString(value, name) { + if (typeof value !== "string" && !(value instanceof String)) { + throw new Error(`The ${name} argument is expected to be a string.`); + } + } } /** ===================================== toolkit/components/tor-launcher/TorProvider.sys.mjs ===================================== @@ -137,7 +137,7 @@ export class TorProvider { * built before the new identity but not yet used. If we cleaned the map, we * risked of not having the data about it. * - * @type {Map<CircuitID, NodeFingerprint[]>} + * @type {Map<CircuitID, Promise<NodeFingerprint[]>>} */ #circuits = new Map(); /** @@ -204,6 +204,11 @@ export class TorProvider { logger.debug(`Notifying ${TorProviderTopics.ProcessIsReady}`); Services.obs.notifyObservers(null, TorProviderTopics.ProcessIsReady); + + // If we are using an external Tor daemon, we might need to fetch circuits + // already, in case streams use them. Do not await because we do not want to + // block the intialization on this (it should not fail anyway...). + this.#fetchCircuits(); } /** @@ -799,6 +804,16 @@ export class TorProvider { return crypto.getRandomValues(new Uint8Array(kPasswordLen)); } + /** + * Ask Tor the circuits it already knows to populate our circuit map with the + * circuits that were already open before we started listening for events. + */ + async #fetchCircuits() { + for (const { id, nodes } of await this.#controller.getCircuits()) { + this.onCircuitBuilt(id, nodes); + } + } + // Notification handlers /** @@ -983,18 +998,35 @@ export class TorProvider { * @param {CircuitID} circuitId The ID of the circuit used by the stream * @param {string} username The SOCKS username * @param {string} password The SOCKS password - * @returns */ - onStreamSucceeded(streamId, circuitId, username, password) { + async onStreamSucceeded(streamId, circuitId, username, password) { if (!username || !password) { return; } logger.debug("Stream succeeded event", username, password, circuitId); - const circuit = this.#circuits.get(circuitId); + let circuit = this.#circuits.get(circuitId); if (!circuit) { - logger.error( - "Seen a STREAM SUCCEEDED with an unknown circuit. Not notifying observers." - ); + circuit = new Promise((resolve, reject) => { + this.#controlConnection.getCircuits().then(circuits => { + for (const { id, nodes } of circuits) { + if (id === circuitId) { + resolve(nodes); + return; + } + // Opportunistically collect circuits, since we are iterating them. + this.#circuits.set(id, nodes); + } + logger.error( + `Seen a STREAM SUCCEEDED with circuit ${circuitId}, but Tor did not send information about it.` + ); + reject(); + }); + }); + this.#circuits.set(circuitId, circuit); + } + try { + circuit = await circuit; + } catch { return; } Services.obs.notifyObservers( View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c97861… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c97861… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.3.0esr-13.0-1] 2 commits: fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
by richard (＠richard) 27 Sep '23

27 Sep '23

richard pushed to branch tor-browser-115.3.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 8085f615 by Pier Angelo Vendrame at 2023-09-27T14:55:14+02:00 fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js Bug 41496: Pref review for 115/13.0 - - - - - c978614e by Pier Angelo Vendrame at 2023-09-27T14:55:16+02:00 fixup! Firefox preference overrides. Bug 41496: Pref review for 115/13.0 - - - - - 2 changed files: - browser/app/profile/000-tor-browser.js - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/000-tor-browser.js ===================================== @@ -41,14 +41,19 @@ pref("dom.security.https_only_mode.upgrade_onion", false); // Bug 40423/41137: Disable http/3 // We should re-enable it as soon as Tor gets UDP support -pref("network.http.http3.enabled", false); +pref("network.http.http3.enable", false); // 0 = do not use a second connection, see all.js and #7656 pref("network.http.connection-retry-timeout", 0); #expand pref("torbrowser.version", __BASE_BROWSER_VERSION_QUOTED__); -// Old torbutton pref +// Tor Browser used to be compatible with non-Tor proxies. This feature is not +// available anymore, but this legacy preference can be still used to disable +// first-party domain circuit isolation. +// In general, it should not be used. This use-case is still supported only for +// sites that break with this isolation (and even in that case, its use should +// be reduced to the strictly required time). pref("extensions.torbutton.use_nontor_proxy", false); // Browser home page: @@ -61,8 +66,6 @@ pref("browser.download.showTorWarning", true); pref("extensions.torbutton.pref_fixup_version", 0); // Formerly tor-launcher defaults -// When presenting the setup wizard, first prompt for locale. -pref("intl.locale.matchOS", true); pref("extensions.torlauncher.start_tor", true); pref("extensions.torlauncher.prompt_at_startup", true); @@ -112,7 +115,7 @@ pref("extensions.torlauncher.bridgedb_reflector", "https://moat.torproject.org.g pref("extensions.torlauncher.moat_service", "https://bridges.torproject.org/moat"); pref("extensions.torlauncher.bridgedb_bridge_type", "obfs4"); -// Recommended default bridge type (can be set per localized bundle). +// Recommended default bridge type. // pref("extensions.torlauncher.default_bridge_recommended_type", "obfs3"); // Default bridges. ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -40,6 +40,8 @@ pref("app.update.promptWaitTime", 3600); pref("app.update.staging.enabled", false); #endif +pref("browser.startup.homepage_override.buildID", "20100101"); + // Disable the "Refresh" prompt that is displayed for stale profiles. pref("browser.disableResetPrompt", true); @@ -47,7 +49,6 @@ pref("browser.disableResetPrompt", true); pref("browser.privatebrowsing.autostart", true); pref("browser.cache.disk.enable", false); pref("permissions.memory_only", true); -pref("network.cookie.lifetimePolicy", 2); pref("security.nocertdb", true); pref("media.aboutwebrtc.hist.enabled", false); @@ -66,7 +67,10 @@ pref("browser.download.enable_spam_prevention", true); // Misc privacy: Disk pref("signon.rememberSignons", false); pref("browser.formfill.enable", false); +pref("signon.formlessCapture.enabled", false); // Added with tor-browser#41496 pref("signon.autofillForms", false); +// Do not store extra data (form, scrollbar positions, cookies, POST data) for +// the session restore functionality. pref("browser.sessionstore.privacy_level", 2); // Use the in-memory media cache and increase its maximum size (#29120) pref("browser.privatebrowsing.forceMediaMemoryCache", true); @@ -80,6 +84,8 @@ pref("browser.pagethumbnails.capturing_disabled", true); // Enable HTTPS-Only mode (tor-browser#19850) pref("dom.security.https_only_mode", true); +// The previous pref automatically sets this to true (see StaticPrefList.yaml), +// but set it anyway only as a defense-in-depth. pref("dom.security.https_only_mode_pbm", true); // tor-browser#22320: Hide referer when comming from a .onion address @@ -118,7 +124,8 @@ pref("security.tls.version.enable-deprecated", false, locked); // Misc privacy: Remote pref("browser.send_pings", false); // Space separated list of URLs that are allowed to send objects (instead of -// only strings) through webchannels. +// only strings) through webchannels. The default for Firefox is some Mozilla +// domains. pref("webchannel.allowObject.urlWhitelist", ""); pref("geo.enabled", false); pref("geo.provider.network.url", ""); @@ -127,6 +134,7 @@ pref("geo.provider.use_corelocation", false); pref("geo.provider.use_gpsd", false); pref("geo.provider.use_geoclue", false); pref("browser.search.suggest.enabled", false); +pref("browser.search.suggest.enabled.private", false); pref("browser.urlbar.suggest.searches", false); pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); pref("browser.urlbar.suggest.quicksuggest.sponsored", false); @@ -143,7 +151,6 @@ pref("browser.safebrowsing.provider.google4.updateURL", ""); pref("browser.safebrowsing.provider.google4.gethashURL", ""); pref("browser.safebrowsing.provider.mozilla.updateURL", ""); pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); -pref("extensions.ui.lastCategory", "addons://list/extension"); pref("datareporting.healthreport.uploadEnabled", false); pref("datareporting.policy.dataSubmissionEnabled", false); // Make sure Unified Telemetry is really disabled, see: #18738. @@ -152,6 +159,9 @@ pref("toolkit.telemetry.unified", false); pref("toolkit.telemetry.enabled", false, locked); pref("toolkit.telemetry.server", "data:,"); pref("toolkit.telemetry.archive.enabled", false); +pref("toolkit.telemetry.newProfilePing.enabled", false); // Added in tor-browser#41496 +pref("toolkit.telemetry.shutdownPingSender.enabled", false); // Added in tor-browser#41496 +pref("toolkit.telemetry.firstShutdownPing.enabled", false); // Added in tor-browser#41496 pref("toolkit.telemetry.updatePing.enabled", false); // Make sure updater telemetry is disabled; see #25909. pref("toolkit.telemetry.bhrPing.enabled", false); pref("toolkit.telemetry.coverage.opt-out", true); @@ -160,6 +170,11 @@ pref("toolkit.coverage.endpoint.base", ""); pref("browser.ping-centre.telemetry", false); pref("browser.tabs.crashReporting.sendReport", false); pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); +// Added in tor-browser#41496 even though false by default +pref("browser.crashReports.unsubmittedCheck.enabled", false); +// Added in tor-browser#41496 even though it shuld be already always disabled +// since we disable MOZ_CRASHREPORTER. +pref("breakpad.reportURL", "data:"); #ifdef XP_WIN // Defense-in-depth: ensure that the Windows default browser agent will // not ping Mozilla if it is somehow present (we omit it at build time). @@ -177,10 +192,8 @@ pref("services.sync.engine.passwords", false); pref("services.sync.engine.prefs", false); pref("services.sync.engine.tabs", false); pref("extensions.getAddons.cache.enabled", false); // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ -pref("browser.search.region", "US"); // The next two prefs disable GeoIP search lookups (#16254) -pref("browser.search.geoip.url", ""); pref("browser.fixup.alternate.enabled", false); // Bug #16783: Prevent .onion fixups -pref("privacy.donottrackheader.enabled", false); // (privacy-browser#17) +pref("privacy.donottrackheader.enabled", false); // (mullvad-browser#17) // Make sure there is no Tracking Protection active in Tor Browser, see: #17898. pref("privacy.trackingprotection.enabled", false); pref("privacy.trackingprotection.pbmode.enabled", false); @@ -200,15 +213,10 @@ pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); pref("browser.newtabpage.activity-stream.showSponsored", false); pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); pref("browser.newtabpage.activity-stream.default.sites", ""); +// Activity Stream telemetry pref("browser.newtabpage.activity-stream.feeds.telemetry", false); pref("browser.newtabpage.activity-stream.telemetry", false); -// tor-browser#41945 - disable automatic cookie banners dismissal until -// we're sure it does not causes fingerprinting risks or other issues. -pref("cookiebanners.service.mode", 0); -pref("cookiebanners.service.mode.privateBrowsing", 0); -pref("cookiebanners.ui.desktop.enabled", false); - // tor-browser#40788: disable AS's calls to home. // Notice that null is between quotes because it is a JSON string. // Keep checked firefox.js to see if new entries are added. @@ -221,6 +229,12 @@ pref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiment // Disable fetching asrouter.ftl and related console errors (tor-browser#40763). pref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false); +// tor-browser#41945 - disable automatic cookie banners dismissal until +// we're sure it does not causes fingerprinting risks or other issues. +pref("cookiebanners.service.mode", 0); +pref("cookiebanners.service.mode.privateBrowsing", 0); +pref("cookiebanners.ui.desktop.enabled", false); + // Disable moreFromMozilla pane in the preferences/settings (tor-browser#41292). pref("browser.preferences.moreFromMozilla", false); @@ -228,14 +242,16 @@ pref("browser.preferences.moreFromMozilla", false); pref("extensions.screenshots.disabled", true); pref("extensions.webcompat-reporter.enabled", false); +pref("browser.search.region", "US"); // Disable GeoIP search lookups (#16254) // Disable use of WiFi location information pref("browser.region.network.scan", false); pref("browser.region.network.url", ""); pref("browser.region.local-geocoding", false); -// Bug 40083: Make sure Region.jsm fetching is disabled +// Bug 40083: Make sure Region.sys.mjs fetching is disabled pref("browser.region.update.enabled", false); -// Don't load Mozilla domains in a separate tab process +// Don't load Mozilla domains in a separate privileged tab process +pref("browser.tabs.remote.separatePrivilegedMozillaWebContentProcess", false); pref("browser.tabs.remote.separatedMozillaDomains", ""); // Avoid DNS lookups on search terms @@ -270,12 +286,23 @@ pref("security.pki.crlite_mode", 0); // Disable website password breach alerts pref("signon.management.page.breach-alerts.enabled", false); -// Disable remote "password recipes" +// Disable remote "password recipes". They are a way to improve the UX of the +// password manager by havinc specific heuristics for some sites. +// It needs remote settings and in general we disable the password manager. +// More information about this feature at +// https://bugzilla.mozilla.org/show_bug.cgi?id=1119454 pref("signon.recipes.remoteRecipes.enabled", false); -// Disable ServiceWorkers and push notifications by default +// Disable ServiceWorkers by default. They do not work in PBM in any case. +// See https://bugzilla.mozilla.org/show_bug.cgi?id=1320796 pref("dom.serviceWorkers.enabled", false); +// Push notifications use an online Mozilla service and a persistent ID stored +// in dom.push.userAgentID, so disable them by default. +// See also https://support.mozilla.org/kb/push-notifications-firefox pref("dom.push.enabled", false); +// As a defense in depth measure, also set the push server URL to empty. +// See tor-browser#18801. +pref("dom.push.serverURL", ""); // Fingerprinting // tor-browser#41797: For release builds, lock RFP @@ -292,7 +319,6 @@ pref("privacy.resistFingerprinting", true); pref("webgl.disable-fail-if-major-performance-caveat", true); // tor-browser#16404: disable until we investigate it further (#22333) pref("webgl.enable-webgl2", false); -pref("browser.startup.homepage_override.buildID", "20100101"); pref("browser.link.open_newwindow.restriction", 0); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups) // Prevent scripts from moving and resizing open windows pref("dom.disable_window_move_resize", true); @@ -307,7 +333,9 @@ pref("dom.webmidi.enabled", false); // Bug 41398: Disable Web MIDI API // randomized IDs when this pref is true). // Defense-in-depth (already the default value) from Firefox 119 or 120. pref("media.devices.enumerate.legacy.enabled", false); -pref("dom.w3c_touch_events.enabled", 0); // Bug 10286: Always disable Touch API +// Bug 10286: Always disable Touch API. +// We might need to deepen this topic, see tor-browser#42069. +pref("dom.w3c_touch_events.enabled", 0); pref("dom.vr.enabled", false); // Bug 21607: Disable WebVR for now pref("security.webauth.webauthn", false); // Bug 26614: Disable Web Authentication API for now // Disable SAB, no matter if the sites are cross-origin isolated. @@ -350,6 +378,7 @@ pref("javascript.options.spectre.disable_for_isolated_content", false, locked); pref("privacy.firstparty.isolate", true); // Always enforce first party isolation // tor-browser#40123 and #40308: Disable for now until audit pref("privacy.partition.network_state", false); +// Only accept cookies from the originating site (block third party cookies) pref("network.cookie.cookieBehavior", 1); pref("network.cookie.cookieBehavior.pbmode", 1); pref("network.predictor.enabled", false); // Temporarily disabled. See https://bugs.torproject.org/16633 @@ -365,7 +394,9 @@ pref("privacy.purge_trackers.enabled", false); // Do not allow cross-origin sub-resources to open HTTP authentication // credentials dialogs. Hardens against potential credentials phishing. pref("network.auth.subresource-http-auth-allow", 1); -// Disable sending additional analytics to web servers +// Disable sending additional analytics to web servers. +// This disables navigator.sendBeacon, even though this is discouraged by the +// standard: https://w3c.github.io/beacon/#privacy-and-security pref("beacon.enabled", false); pref("network.dns.disablePrefetch", true); @@ -379,13 +410,19 @@ pref("network.protocol-handler.warn-external.mailto", true); pref("network.protocol-handler.warn-external.news", true); pref("network.protocol-handler.warn-external.nntp", true); pref("network.protocol-handler.warn-external.snews", true); +#ifdef XP_WIN + pref("network.protocol-handler.external.ms-windows-store", false); + pref("network.protocol-handler.warn-external.ms-windows-store", true); +#endif pref("network.proxy.allow_bypass", false, locked); // #40682 // Lock to 'true', which is already the firefox default, to prevent users // from making themselves fingerprintable by disabling. This pref // alters content load order in a page. See tor-browser#24686 pref("network.http.tailing.enabled", true, locked); -// Make sure the varoius http2 settings, buffer sizes, timings, etc are locked to firefox defaults to minimize network performance fingerprinting. See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27128 +// Make sure the varoius http2 settings, buffer sizes, timings, etc are locked +// to firefox defaults to minimize network performance fingerprinting. +// See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27128 pref("network.http.http2.enabled", true, locked); pref("network.http.http2.enabled.deps", true, locked); pref("network.http.http2.enforce-tls-profile", true, locked); @@ -395,13 +432,13 @@ pref("network.http.http2.coalesce-hostnames", true, locked); pref("network.http.http2.persistent-settings", false, locked); pref("network.http.http2.ping-threshold", 58, locked); pref("network.http.http2.ping-timeout", 8, locked); -pref("network.http.http2.send-buffer-size", 131072, locked); +pref("network.http.http2.send-buffer-size", 0, locked); pref("network.http.http2.allow-push", true, locked); pref("network.http.http2.push-allowance", 131072, locked); pref("network.http.http2.pull-allowance", 12582912, locked); pref("network.http.http2.default-concurrent", 100, locked); pref("network.http.http2.default-hpack-buffer", 65536, locked); -pref("network.http.http2.websockets", false, locked); +pref("network.http.http2.websockets", true, locked); pref("network.http.http2.enable-hpack-dump", false, locked); // tor-browser#23044: Make sure we don't have any GIO supported protocols @@ -467,10 +504,6 @@ pref("network.manage-offline-status", false); pref("network.captive-portal-service.enabled", false); pref("network.connectivity-service.enabled", false); pref("captivedetect.canonicalURL", ""); -// As a "defense in depth" measure, configure an empty push server URL (the -// DOM Push features are disabled by default via other prefs). -// See tor-browser#18801. -pref("dom.push.serverURL", ""); #ifdef XP_WIN // tor-browser#41683: Disable the network process on Windows @@ -482,9 +515,7 @@ pref("network.process.enabled", false); // Extension support pref("extensions.autoDisableScopes", 0); -pref("extensions.databaseSchema", 3); pref("extensions.enabledScopes", 5); // AddonManager.SCOPE_PROFILE=1 | AddonManager.SCOPE_APPLICATION=4 -pref("extensions.pendingOperations", false); // We don't know what extensions Mozilla is advertising to our users and we // don't want to have some random Google Analytics script running either on the // about:addons page, see bug 22073, 22900 and 31601. @@ -498,8 +529,8 @@ pref("browser.discovery.enabled", false); pref("extensions.webextensions.restrictedDomains", ""); // Don't give Mozilla-recommended third-party extensions special privileges. pref("extensions.postDownloadThirdPartyPrompt", false); -// tor-browser#41701: Reporting an extension does not work -// disable extension reporting since the request goes to Mozilla and is rejected anyway (HTTP 400) +// tor-browser#41701: Reporting an extension does not work. The request goes to +// Mozilla and is always rejected anyway (HTTP 400). pref("extensions.abuseReport.enabled", false); // We are already providing the languages we support in multi-lingual packages. // Therefore, do not allow download of additional language packs. They are not a @@ -526,10 +557,6 @@ pref("security.certerrors.mitm.priming.enabled", false); // Don't automatically enable enterprise roots, see bug 40166 pref("security.certerrors.mitm.auto_enable_enterprise_roots", false); -// Don't allow any domain overrides access to offscreen rendering, see tor-browser#41135 -pref("gfx.offscreencanvas.domain-enabled", false); -pref("gfx.offscreencanvas.domain-allowlist", ""); - // Disable share menus on Mac and Windows tor-browser#41117 pref("browser.menu.share_url.allow", false, locked); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/eae5ea… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/eae5ea… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-12.5] Bug 40957: Update subkey expiration date for Tor Browser gpg key
by richard (＠richard) 26 Sep '23

26 Sep '23

richard pushed to branch maint-12.5 at The Tor Project / Applications / tor-browser-build Commits: 078300d8 by Nicolas Vigier at 2023-09-26T22:18:45+00:00 Bug 40957: Update subkey expiration date for Tor Browser gpg key - - - - - 1 changed file: - keyring/torbrowser.gpg Changes: ===================================== keyring/torbrowser.gpg ===================================== Binary files a/keyring/torbrowser.gpg and b/keyring/torbrowser.gpg differ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40957: Update subkey expiration date for Tor Browser gpg key
by richard (＠richard) 26 Sep '23

26 Sep '23

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: ed83891d by Nicolas Vigier at 2023-09-26T22:17:44+00:00 Bug 40957: Update subkey expiration date for Tor Browser gpg key - - - - - 1 changed file: - keyring/torbrowser.gpg Changes: ===================================== keyring/torbrowser.gpg ===================================== Binary files a/keyring/torbrowser.gpg and b/keyring/torbrowser.gpg differ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/firefox-android][firefox-android-115.2.1-13.0-1] fixup! Disable features and functionality
by Dan Ballard (＠dan) 26 Sep '23

26 Sep '23

Dan Ballard pushed to branch firefox-android-115.2.1-13.0-1 at The Tor Project / Applications / firefox-android Commits: 533daef0 by clairehurst at 2023-09-26T17:59:27+00:00 fixup! Disable features and functionality - - - - - 3 changed files: - fenix/app/src/main/java/org/mozilla/fenix/settings/quicksettings/QuickSettingsSheetDialogFragment.kt - fenix/app/src/main/java/org/mozilla/fenix/settings/quicksettings/protections/ProtectionsView.kt - fenix/app/src/main/res/layout/quicksettings_protections_panel.xml Changes: ===================================== fenix/app/src/main/java/org/mozilla/fenix/settings/quicksettings/QuickSettingsSheetDialogFragment.kt ===================================== @@ -132,7 +132,8 @@ class QuickSettingsSheetDialogFragment : FenixDialogFragment() { override fun onViewCreated(view: View, savedInstanceState: Bundle?) { super.onViewCreated(view, savedInstanceState) - observeTrackersChange(requireComponents.core.store) +// Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled +// observeTrackersChange(requireComponents.core.store) consumeFrom(quickSettingsStore) { websiteInfoView.update(it.webInfoState) websitePermissionsView.update(it.websitePermissionsState) @@ -190,34 +191,36 @@ class QuickSettingsSheetDialogFragment : FenixDialogFragment() { @VisibleForTesting internal fun provideTabId(): String = args.sessionId - @VisibleForTesting - internal fun observeTrackersChange(store: BrowserStore) { - consumeFlow(store) { flow -> - flow.mapNotNull { state -> - state.findTabOrCustomTab(provideTabId()) - }.ifAnyChanged { tab -> - arrayOf( - tab.trackingProtection.blockedTrackers, - tab.trackingProtection.loadedTrackers, - ) - }.collect { - updateTrackers(it) - } - } - } - - @VisibleForTesting - internal fun updateTrackers(tab: SessionState) { - provideTrackingProtectionUseCases().fetchTrackingLogs( - tab.id, - onSuccess = { trackers -> - protectionsView.updateDetailsSection(trackers.isNotEmpty()) - }, - onError = { - Logger.error("QuickSettingsSheetDialogFragment - fetchTrackingLogs onError", it) - }, - ) - } +// Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled +// @VisibleForTesting +// internal fun observeTrackersChange(store: BrowserStore) { +// consumeFlow(store) { flow -> +// flow.mapNotNull { state -> +// state.findTabOrCustomTab(provideTabId()) +// }.ifAnyChanged { tab -> +// arrayOf( +// tab.trackingProtection.blockedTrackers, +// tab.trackingProtection.loadedTrackers, +// ) +// }.collect { +// updateTrackers(it) +// } +// } +// } + +// Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled +// @VisibleForTesting +// internal fun updateTrackers(tab: SessionState) { +// provideTrackingProtectionUseCases().fetchTrackingLogs( +// tab.id, +// onSuccess = { trackers -> +// protectionsView.updateDetailsSection(trackers.isNotEmpty()) +// }, +// onError = { +// Logger.error("QuickSettingsSheetDialogFragment - fetchTrackingLogs onError", it) +// }, +// ) +// } @VisibleForTesting internal fun provideTrackingProtectionUseCases() = requireComponents.useCases.trackingProtectionUseCases ===================================== fenix/app/src/main/java/org/mozilla/fenix/settings/quicksettings/protections/ProtectionsView.kt ===================================== @@ -54,28 +54,32 @@ class ProtectionsView( * Allows changing what this View displays. */ fun update(state: ProtectionsState) { - bindTrackingProtectionInfo(state.isTrackingProtectionEnabled) +// Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled +// bindTrackingProtectionInfo(state.isTrackingProtectionEnabled) bindCookieBannerProtection(state.cookieBannerUIMode) - binding.trackingProtectionSwitch.isVisible = settings.shouldUseTrackingProtection +// Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled +// binding.trackingProtectionSwitch.isVisible = settings.shouldUseTrackingProtection binding.cookieBannerItem.isVisible = shouldShowCookieBanner && state.cookieBannerUIMode != CookieBannerUIMode.HIDE - - binding.trackingProtectionDetails.setOnClickListener { - interactor.onTrackingProtectionDetailsClicked() - } +// Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled +// binding.trackingProtectionDetails.setOnClickListener { +// interactor.onTrackingProtectionDetailsClicked() +// } } - @VisibleForTesting - internal fun updateDetailsSection(show: Boolean) { - binding.trackingProtectionDetails.isVisible = show - } - - private fun bindTrackingProtectionInfo(isTrackingProtectionEnabled: Boolean) { - binding.trackingProtectionSwitch.isChecked = isTrackingProtectionEnabled - binding.trackingProtectionSwitch.setOnCheckedChangeListener { _, isChecked -> - interactor.onTrackingProtectionToggled(isChecked) - } - } +// Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled +// @VisibleForTesting +// internal fun updateDetailsSection(show: Boolean) { +// binding.trackingProtectionDetails.isVisible = show +// } + +// Removed as part of Bug_42115: Enhanced Tracking Protection can still be enabled +// private fun bindTrackingProtectionInfo(isTrackingProtectionEnabled: Boolean) { +// binding.trackingProtectionSwitch.isChecked = isTrackingProtectionEnabled +// binding.trackingProtectionSwitch.setOnCheckedChangeListener { _, isChecked -> +// interactor.onTrackingProtectionToggled(isChecked) +// } +// } @VisibleForTesting internal val binding = QuicksettingsProtectionsPanelBinding.inflate( ===================================== fenix/app/src/main/res/layout/quicksettings_protections_panel.xml ===================================== @@ -12,36 +12,38 @@ android:layout_width="match_parent" android:layout_height="wrap_content" android:minHeight="@dimen/tracking_protection_item_height" - app:layout_constraintBottom_toTopOf="@id/trackingProtectionSwitch" + app:layout_constraintBottom_toBottomOf="parent" app:layout_constraintTop_toTopOf="parent" /> - <org.mozilla.fenix.trackingprotection.SwitchWithDescription - android:id="@+id/trackingProtectionSwitch" - android:layout_width="match_parent" - android:layout_height="wrap_content" - android:layout_marginTop="16dp" - android:minHeight="@dimen/tracking_protection_item_height" - android:text="@string/preference_enhanced_tracking_protection" - app:layout_constraintBottom_toTopOf="@id/trackingProtectionDetails" - app:layout_constraintTop_toBottomOf="@id/cookieBannerItem" - app:switchDescriptionOff="@string/etp_panel_off" - app:switchDescriptionOn="@string/etp_panel_on" - app:switchIconOff="@drawable/ic_tracking_protection_disabled" - app:switchIconOn="@drawable/ic_tracking_protection_enabled" - app:switchTitle="@string/preference_enhanced_tracking_protection" /> + + + + + + + + + + + + + + + - <TextView - android:id="@+id/trackingProtectionDetails" - style="@style/QuickSettingsText.Icon" - android:layout_width="0dp" - android:layout_height="@dimen/quicksettings_item_height" - android:layout_alignParentEnd="true" - android:gravity="end|center_vertical" - android:text="@string/enhanced_tracking_protection_details" - android:visibility="gone" - app:drawableEndCompat="@drawable/ic_arrowhead_right" - app:layout_constraintBottom_toBottomOf="parent" - app:layout_constraintEnd_toEndOf="parent" - app:layout_constraintStart_toStartOf="parent" /> +  + + + + + + + + + + + + + </androidx.constraintlayout.widget.ConstraintLayout> View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/commit/533… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/commit/533… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] release: new version, 12.5.5
by richard (＠richard) 26 Sep '23

26 Sep '23

richard pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: a5c4e965 by Richard Pospesel at 2023-09-26T17:40:28+00:00 release: new version, 12.5.5 - - - - - 30 changed files: - update_3/release/.htaccess - − update_3/release/12.5.1-12.5.4-linux32-ALL.xml - − update_3/release/12.5.1-12.5.4-linux64-ALL.xml - − update_3/release/12.5.1-12.5.4-macos-ALL.xml - − update_3/release/12.5.1-12.5.4-win32-ALL.xml - − update_3/release/12.5.1-12.5.4-win64-ALL.xml - + update_3/release/12.5.1-12.5.5-linux32-ALL.xml - + update_3/release/12.5.1-12.5.5-linux64-ALL.xml - + update_3/release/12.5.1-12.5.5-macos-ALL.xml - + update_3/release/12.5.1-12.5.5-win32-ALL.xml - + update_3/release/12.5.1-12.5.5-win64-ALL.xml - − update_3/release/12.5.2-12.5.4-linux32-ALL.xml - − update_3/release/12.5.2-12.5.4-linux64-ALL.xml - − update_3/release/12.5.2-12.5.4-macos-ALL.xml - − update_3/release/12.5.2-12.5.4-win32-ALL.xml - − update_3/release/12.5.2-12.5.4-win64-ALL.xml - + update_3/release/12.5.2-12.5.5-linux32-ALL.xml - + update_3/release/12.5.2-12.5.5-linux64-ALL.xml - + update_3/release/12.5.2-12.5.5-macos-ALL.xml - + update_3/release/12.5.2-12.5.5-win32-ALL.xml - + update_3/release/12.5.2-12.5.5-win64-ALL.xml - − update_3/release/12.5.3-12.5.4-linux32-ALL.xml - − update_3/release/12.5.3-12.5.4-linux64-ALL.xml - − update_3/release/12.5.3-12.5.4-macos-ALL.xml - − update_3/release/12.5.3-12.5.4-win32-ALL.xml - − update_3/release/12.5.3-12.5.4-win64-ALL.xml - + update_3/release/12.5.3-12.5.5-linux32-ALL.xml - + update_3/release/12.5.3-12.5.5-linux64-ALL.xml - + update_3/release/12.5.3-12.5.5-macos-ALL.xml - + update_3/release/12.5.3-12.5.5-win32-ALL.xml The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag mb-12.5.5-build1
by richard (＠richard) 26 Sep '23

26 Sep '23

richard pushed new tag mb-12.5.5-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/mb-… You're receiving this email because of your account on gitlab.torproject.org.

1 0