October 2024 - tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser][tor-browser-115.17.0esr-13.5-1] 6 commits: Bug 1829029: clean up memory reporting for CacheFileIOManager r=necko-reviewers, valentin, a=RyanVM
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed to branch tor-browser-115.17.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 0090727a by Randell Jesup at 2024-10-23T16:34:13+02:00 Bug 1829029: clean up memory reporting for CacheFileIOManager r=necko-reviewers,valentin, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D221350 - - - - - 883dd4a0 by Valentin Gosu at 2024-10-23T22:54:40+02:00 Bug 1914521 - Make nsPartChannel inherit the content disposition of the multipart response a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D223728 Differential Revision: https://phabricator.services.mozilla.com/D224288 - - - - - 857b9ac0 by Andrew McCreight at 2024-10-23T23:17:44+02:00 Bug 1919809 - Always clear mArgumentStorage in Console's Unlink. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D222803 Differential Revision: https://phabricator.services.mozilla.com/D224384 - - - - - 52815ac6 by Paul Zuehlcke at 2024-10-23T23:42:13+02:00 Bug 1920423, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D224349 - - - - - 011ad74a by Andrew McCreight at 2024-10-24T15:07:56+02:00 Bug 1923706 - Pass by value, not reference in CamerasChild::AllocateCapture. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D225121 Differential Revision: https://phabricator.services.mozilla.com/D225363 - - - - - 8e9e58fe by Kagami Sascha Rosylight at 2024-10-24T15:11:06+02:00 Bug 1924154 - Disallow too small record a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D225687 Differential Revision: https://phabricator.services.mozilla.com/D226147 - - - - - 8 changed files: - dom/console/Console.cpp - dom/media/systemservices/CamerasChild.cpp - dom/push/PushCrypto.sys.mjs - netwerk/cache2/CacheFileIOManager.cpp - netwerk/streamconv/converters/nsMultiMixedConv.cpp - netwerk/streamconv/converters/nsMultiMixedConv.h - toolkit/content/widgets/popupnotification.js - toolkit/themes/shared/popupnotification.css Changes: ===================================== dom/console/Console.cpp ===================================== @@ -802,6 +802,7 @@ NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(Console) NS_IMPL_CYCLE_COLLECTION_UNLINK(mDumpFunction) NS_IMPL_CYCLE_COLLECTION_UNLINK_WEAK_REFERENCE tmp->Shutdown(); + tmp->mArgumentStorage.clearAndFree(); NS_IMPL_CYCLE_COLLECTION_UNLINK_END NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(Console) ===================================== dom/media/systemservices/CamerasChild.cpp ===================================== @@ -331,7 +331,7 @@ int CamerasChild::AllocateCapture(CaptureEngine aCapEngine, LOG(("%s", __PRETTY_FUNCTION__)); nsCString unique_id(unique_idUTF8); nsCOMPtr<nsIRunnable> runnable = - mozilla::NewRunnableMethod<CaptureEngine, nsCString, const uint64_t&>( + mozilla::NewRunnableMethod<CaptureEngine, nsCString, uint64_t>( "camera::PCamerasChild::SendAllocateCapture", this, &CamerasChild::SendAllocateCapture, aCapEngine, unique_id, aWindowID); LockAndDispatch<> dispatcher(this, __func__, runnable, -1, mReplyInteger); ===================================== dom/push/PushCrypto.sys.mjs ===================================== @@ -108,6 +108,8 @@ function getEncryptionParams(encryptField) { // aes128gcm scheme. function getCryptoParamsFromPayload(payload) { if (payload.byteLength < 21) { + // The value 21 is from https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 + // | salt (16) | rs (4) | idlen (1) | keyid (idlen) | throw new CryptoError("Truncated header", BAD_CRYPTO); } let rs = @@ -115,8 +117,16 @@ function getCryptoParamsFromPayload(payload) { (payload[17] << 16) | (payload[18] << 8) | payload[19]; + if (rs < 18) { + // https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 + throw new CryptoError( + "Record sizes smaller than 18 are invalid", + BAD_RS_PARAM + ); + } let keyIdLen = payload[20]; if (keyIdLen != 65) { + // https://datatracker.ietf.org/doc/html/rfc8291/#section-4 throw new CryptoError("Invalid sender public key", BAD_DH_PARAM); } if (payload.byteLength <= 21 + keyIdLen) { @@ -171,8 +181,12 @@ export function getCryptoParamsFromHeaders(headers) { throw new CryptoError("Invalid salt parameter", BAD_SALT_PARAM); } var rs = enc.rs ? parseInt(enc.rs, 10) : 4096; - if (isNaN(rs)) { - throw new CryptoError("rs parameter must be a number", BAD_RS_PARAM); + if (isNaN(rs) || rs < 1 || rs > 68719476705) { + // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-encryption-encodin… + throw new CryptoError( + "rs parameter must be a number greater than 1 and smaller than 2^36-31", + BAD_RS_PARAM + ); } return { salt, @@ -791,6 +805,7 @@ class aes128gcmEncoder { // Perform the actual encryption of the payload. async encrypt(key, nonce) { if (this.rs < 18) { + // https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 throw new CryptoError("recordsize is too small", BAD_RS_PARAM); } @@ -869,6 +884,7 @@ class aes128gcmEncoder { createHeader(key) { // layout is "salt|32-bit-int|8-bit-int|key" if (key.byteLength != 65) { + // https://datatracker.ietf.org/doc/html/rfc8291/#section-4 throw new CryptoError("Invalid key length for header", BAD_DH_PARAM); } // the 2 ints ===================================== netwerk/cache2/CacheFileIOManager.cpp ===================================== @@ -4359,13 +4359,15 @@ class SizeOfHandlesRunnable : public Runnable { public: SizeOfHandlesRunnable(mozilla::MallocSizeOf mallocSizeOf, CacheFileHandles const& handles, - nsTArray<CacheFileHandle*> const& specialHandles) + nsTArray<CacheFileHandle*> const& specialHandles, + nsCOMPtr<nsITimer> const& metadataWritesTimer) : Runnable("net::SizeOfHandlesRunnable"), mMonitor("SizeOfHandlesRunnable.mMonitor"), mMonitorNotified(false), mMallocSizeOf(mallocSizeOf), mHandles(handles), mSpecialHandles(specialHandles), + mMetadataWritesTimer(metadataWritesTimer), mSize(0) {} size_t Get(CacheIOThread* thread) { @@ -4397,6 +4399,10 @@ class SizeOfHandlesRunnable : public Runnable { for (uint32_t i = 0; i < mSpecialHandles.Length(); ++i) { mSize += mSpecialHandles[i]->SizeOfIncludingThis(mMallocSizeOf); } + nsCOMPtr<nsISizeOf> sizeOf = do_QueryInterface(mMetadataWritesTimer); + if (sizeOf) { + mSize += sizeOf->SizeOfIncludingThis(mMallocSizeOf); + } mMonitorNotified = true; mon.Notify(); @@ -4404,11 +4410,12 @@ class SizeOfHandlesRunnable : public Runnable { } private: - mozilla::Monitor mMonitor MOZ_UNANNOTATED; + mozilla::Monitor mMonitor; bool mMonitorNotified; mozilla::MallocSizeOf mMallocSizeOf; CacheFileHandles const& mHandles; nsTArray<CacheFileHandle*> const& mSpecialHandles; + nsCOMPtr<nsITimer> const& mMetadataWritesTimer; size_t mSize; }; @@ -4422,10 +4429,11 @@ size_t CacheFileIOManager::SizeOfExcludingThisInternal( if (mIOThread) { n += mIOThread->SizeOfIncludingThis(mallocSizeOf); - // mHandles and mSpecialHandles must be accessed only on the I/O thread, - // must sync dispatch. + // mHandles, mSpecialHandles and mMetadataWritesTimer must be accessed + // only on the I/O thread, must sync dispatch. RefPtr<SizeOfHandlesRunnable> sizeOfHandlesRunnable = - new SizeOfHandlesRunnable(mallocSizeOf, mHandles, mSpecialHandles); + new SizeOfHandlesRunnable(mallocSizeOf, mHandles, mSpecialHandles, + mMetadataWritesTimer); n += sizeOfHandlesRunnable->Get(mIOThread); } @@ -4434,9 +4442,6 @@ size_t CacheFileIOManager::SizeOfExcludingThisInternal( sizeOf = do_QueryInterface(mCacheDirectory); if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); - sizeOf = do_QueryInterface(mMetadataWritesTimer); - if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); - sizeOf = do_QueryInterface(mTrashTimer); if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); ===================================== netwerk/streamconv/converters/nsMultiMixedConv.cpp ===================================== @@ -467,6 +467,12 @@ nsMultiMixedConv::OnStartRequest(nsIRequest* request) { if (NS_SUCCEEDED(rv)) { mRootContentSecurityPolicy = csp; } + nsCString contentDisposition; + rv = httpChannel->GetResponseHeader("content-disposition"_ns, + contentDisposition); + if (NS_SUCCEEDED(rv)) { + mRootContentDisposition = contentDisposition; + } } else { // try asking the channel directly rv = mChannel->GetContentType(contentType); @@ -837,7 +843,11 @@ nsresult nsMultiMixedConv::SendStart() { rv = mPartChannel->SetContentLength(mContentLength); if (NS_FAILED(rv)) return rv; - mPartChannel->SetContentDisposition(mContentDisposition); + if (!mRootContentDisposition.IsEmpty()) { + mPartChannel->SetContentDisposition(mRootContentDisposition); + } else { + mPartChannel->SetContentDisposition(mContentDisposition); + } // Each part of a multipart/replace response can be used // for the top level document. We must inform upper layers ===================================== netwerk/streamconv/converters/nsMultiMixedConv.h ===================================== @@ -150,15 +150,17 @@ class nsMultiMixedConv : public nsIStreamConverter { nsCOMPtr<nsIStreamListener> mFinalListener; // this guy gets the converted // data via his OnDataAvailable() - nsCOMPtr<nsIChannel> - mChannel; // The channel as we get in in OnStartRequest call - RefPtr<nsPartChannel> mPartChannel; // the channel for the given part we're - // processing. one channel per part. + // The channel as we get it in OnStartRequest call + nsCOMPtr<nsIChannel> mChannel; + // the channel for the given part we're + // processing. one channel per part. + RefPtr<nsPartChannel> mPartChannel; nsCOMPtr<nsISupports> mContext; nsCString mContentType; nsCString mContentDisposition; nsCString mContentSecurityPolicy; nsCString mRootContentSecurityPolicy; + nsCString mRootContentDisposition; uint64_t mContentLength{UINT64_MAX}; uint64_t mTotalSent{0}; ===================================== toolkit/content/widgets/popupnotification.js ===================================== @@ -15,7 +15,7 @@ ".popup-notification-description": "popupid,id=descriptionid", ".popup-notification-description > span:first-of-type": "text=label,popupid", - ".popup-notification-description > b:first-of-type": + ".popup-notification-description > .popup-notification-description-name": "text=name,popupid", ".popup-notification-description > span:nth-of-type(2)": "text=endlabel,popupid", @@ -82,7 +82,7 @@  - <description class="popup-notification-description"><html:span></html:span><html:b></html:b><html:span></html:span><html:b></html:b><html:span></html:span></description> + <description class="popup-notification-description"><html:span></html:span><html:b class="popup-notification-description-name"></html:b><html:span></html:span><html:b></html:b><html:span></html:span></description> <description class="popup-notification-hint-text"></description> </vbox> <toolbarbutton class="messageCloseButton close-icon popup-notification-closebutton tabbable" data-l10n-id="close-notification-message"></toolbarbutton> ===================================== toolkit/themes/shared/popupnotification.css ===================================== @@ -52,6 +52,16 @@ popupnotificationcontent { flex: 1 auto; } +/* + * Ensure that host names in PopupNotifications wrap. This targets the "name" + * element in the description container which is the "name" property of the + * PopupNotification. Name is what gets substituted from the l10n string using + * the placeholder <>. + */ +.popup-notification-description-name { + word-break: break-all; +} + .popup-notification-closebutton { margin-inline-end: -8px; margin-top: -8px; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/18d48e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/18d48e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41269: Remove Snowflake pluggable-transport from legacy Windows builds
by morgan (＠morgan) 23 Oct '24

23 Oct '24

morgan pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 88c9740a by Morgan at 2024-10-23T20:20:07+00:00 Bug 41269: Remove Snowflake pluggable-transport from legacy Windows builds - - - - - 3 changed files: - projects/go/config - projects/tor-expert-bundle/build - projects/tor-expert-bundle/config Changes: ===================================== projects/go/config ===================================== @@ -77,7 +77,7 @@ targets: windows: var: GOOS: windows - use_go_1_20: '[% c("origin_project") != "snowflake" %]' + use_go_1_20: 1 windows-i686: var: GOARCH: 386 ===================================== projects/tor-expert-bundle/build ===================================== @@ -14,12 +14,21 @@ cd tor mkdir pluggable_transports && cd pluggable_transports tar -xkf $rootdir/[% c('input_files_by_name/lyrebird') %] +# do not include snowflake-client on Windows targets +[% IF !c("var/windows") -%] tar -xkf $rootdir/[% c('input_files_by_name/snowflake') %] +[% END %] tar -xkf $rootdir/[% c('input_files_by_name/conjure') %] # add per-platform pt extension awk '{gsub(/\$\{pt_extension\}/, "[% c("var/pt_extension") %]"); print}' $rootdir/pt_config.json > pt_config.json +# remove snowflake entires on Windows targets +[% IF c("var/windows") -%] +# remove snowflake pt and bridge entries +jq 'del(.pluggableTransports.snowflake, .bridges.snowflake)' pt_config.json > tmp.pt_config.json && mv tmp.pt_config.json pt_config.json +[% END %] + cd $distdir # package a .aar on android ===================================== projects/tor-expert-bundle/config ===================================== @@ -5,6 +5,10 @@ version: '[% c("var/torbrowser_version") %]' container: use_container: 1 +var: + deps: + - jq + targets: windows: var: @@ -18,6 +22,7 @@ input_files: project: lyrebird - name: snowflake project: snowflake + enable: '[% !c("var/windows") %]' - name: conjure project: conjure - filename: pt_config.json View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Deleted 1 commit: Bug 41279: Add @pierov and @ma1 as new signers
by morgan (＠morgan) 23 Oct '24

23 Oct '24

morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build WARNING: The push did not contain any new commits, but force pushed to delete the commits and changes below. Deleted commits: b6740750 by Nicolas Vigier at 2024-10-23T19:58:28+00:00 Bug 41279: Add @pierov and @ma1 as new signers - - - - - 3 changed files: - tools/signing/machines-setup/setup-signing-machine - + tools/signing/machines-setup/ssh-keys/ma1.pub - + tools/signing/machines-setup/ssh-keys/pierov.pub Changes: ===================================== tools/signing/machines-setup/setup-signing-machine ===================================== @@ -99,6 +99,10 @@ create_user richard signing authorized_keys richard richard.pub create_user morgan signing authorized_keys morgan morgan.pub +create_user ma1 signing +authorized_keys ma1 ma1.pub +create_user pierov signing +authorized_keys pierov pierov.pub # Install rbm deps install_packages libyaml-libyaml-perl libtemplate-perl libdatetime-perl \ ===================================== tools/signing/machines-setup/ssh-keys/ma1.pub ===================================== @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRlfeUcrWLHKiUHkfNe6KKEjO2QY20bk4XDc+rng7ka ma1(a)ma1.maone.net ===================================== tools/signing/machines-setup/ssh-keys/pierov.pub ===================================== @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHitxPcIMVCEcie5XUtMuUQJZQ9fy8k7Z+1vEzBZ8CmF TKey View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41279: Add @pierov and @ma1 as new signers
by morgan (＠morgan) 23 Oct '24

23 Oct '24

morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: b6740750 by Nicolas Vigier at 2024-10-23T19:58:28+00:00 Bug 41279: Add @pierov and @ma1 as new signers - - - - - 3 changed files: - tools/signing/machines-setup/setup-signing-machine - + tools/signing/machines-setup/ssh-keys/ma1.pub - + tools/signing/machines-setup/ssh-keys/pierov.pub Changes: ===================================== tools/signing/machines-setup/setup-signing-machine ===================================== @@ -99,6 +99,10 @@ create_user richard signing authorized_keys richard richard.pub create_user morgan signing authorized_keys morgan morgan.pub +create_user ma1 signing +authorized_keys ma1 ma1.pub +create_user pierov signing +authorized_keys pierov pierov.pub # Install rbm deps install_packages libyaml-libyaml-perl libtemplate-perl libdatetime-perl \ ===================================== tools/signing/machines-setup/ssh-keys/ma1.pub ===================================== @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRlfeUcrWLHKiUHkfNe6KKEjO2QY20bk4XDc+rng7ka ma1(a)ma1.maone.net ===================================== tools/signing/machines-setup/ssh-keys/pierov.pub ===================================== @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHitxPcIMVCEcie5XUtMuUQJZQ9fy8k7Z+1vEzBZ8CmF TKey View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41279: Add @pierov and @ma1 as new signers
by morgan (＠morgan) 23 Oct '24

23 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: a12487a8 by Nicolas Vigier at 2024-10-22T16:35:47+02:00 Bug 41279: Add @pierov and @ma1 as new signers - - - - - 3 changed files: - tools/signing/machines-setup/setup-signing-machine - + tools/signing/machines-setup/ssh-keys/ma1.pub - + tools/signing/machines-setup/ssh-keys/pierov.pub Changes: ===================================== tools/signing/machines-setup/setup-signing-machine ===================================== @@ -99,6 +99,10 @@ create_user richard signing authorized_keys richard richard.pub create_user morgan signing authorized_keys morgan morgan.pub +create_user ma1 signing +authorized_keys ma1 ma1.pub +create_user pierov signing +authorized_keys pierov pierov.pub # Install rbm deps install_packages libyaml-libyaml-perl libtemplate-perl libdatetime-perl \ ===================================== tools/signing/machines-setup/ssh-keys/ma1.pub ===================================== @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRlfeUcrWLHKiUHkfNe6KKEjO2QY20bk4XDc+rng7ka ma1(a)ma1.maone.net ===================================== tools/signing/machines-setup/ssh-keys/pierov.pub ===================================== @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHitxPcIMVCEcie5XUtMuUQJZQ9fy8k7Z+1vEzBZ8CmF TKey View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41278: Hide legacy 13.5 Tor Browser blog posts
by morgan (＠morgan) 23 Oct '24

23 Oct '24

morgan pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: dbde010e by Nicolas Vigier at 2024-10-22T16:08:00+02:00 Bug 41278: Hide legacy 13.5 Tor Browser blog posts - - - - - 1 changed file: - tools/signing/create-blog-post Changes: ===================================== tools/signing/create-blog-post ===================================== @@ -41,6 +41,8 @@ title: $title --- pub_date: $(date +%Y-%m-%d) --- +_discoverable: no +--- author: $blog_publish_user --- categories: View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.4.0esr-14.5-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 23 Oct '24

23 Oct '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser Commits: a9cb8355 by Pier Angelo Vendrame at 2024-10-23T17:58:05+02:00 fixup! Firefox preference overrides. Bug 42125: Set and lock privacy.resistFingerprinting.exemptedDomains. The rationale for locking this is consistency with RFP. Also, set privacy.resistFingerprinting.randomDataOnCanvasExtract as a countermesure to some wrong guides. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -385,10 +385,18 @@ pref("dom.push.serverURL", ""); // Fingerprinting // tor-browser#41797: For release builds, lock RFP +// tor-browser#42125: Set (and lock in release) also exempted domains. #if MOZ_UPDATE_CHANNEL == release pref("privacy.resistFingerprinting", true, locked); +pref("privacy.resistFingerprinting.exemptedDomains", "", locked); +// tor-browser#42125: Some misleading guides suggest to set this to false, but +// the result would be that the canvas is completely white +// (see StaticPrefList.yaml), so lock it to true. +// Might be removed (MozBug 1670447). +pref("privacy.resistFingerprinting.randomDataOnCanvasExtract", true, locked); #else pref("privacy.resistFingerprinting", true); +pref("privacy.resistFingerprinting.exemptedDomains", ""); #endif // tor-browser#18603: failIfMajorPerformanceCaveat is an optional attribute that // can be used when creating a WebGL context if the browser detects that the View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/a9c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/a9c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.4.0esr-14.5-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 23 Oct '24

23 Oct '24

Pier Angelo Vendrame pushed to branch base-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: ebaa959d by Pier Angelo Vendrame at 2024-10-23T17:57:26+02:00 fixup! Firefox preference overrides. Bug 42125: Set and lock privacy.resistFingerprinting.exemptedDomains. The rationale for locking this is consistency with RFP. Also, set privacy.resistFingerprinting.randomDataOnCanvasExtract as a countermesure to some wrong guides. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -385,10 +385,18 @@ pref("dom.push.serverURL", ""); // Fingerprinting // tor-browser#41797: For release builds, lock RFP +// tor-browser#42125: Set (and lock in release) also exempted domains. #if MOZ_UPDATE_CHANNEL == release pref("privacy.resistFingerprinting", true, locked); +pref("privacy.resistFingerprinting.exemptedDomains", "", locked); +// tor-browser#42125: Some misleading guides suggest to set this to false, but +// the result would be that the canvas is completely white +// (see StaticPrefList.yaml), so lock it to true. +// Might be removed (MozBug 1670447). +pref("privacy.resistFingerprinting.randomDataOnCanvasExtract", true, locked); #else pref("privacy.resistFingerprinting", true); +pref("privacy.resistFingerprinting.exemptedDomains", ""); #endif // tor-browser#18603: failIfMajorPerformanceCaveat is an optional attribute that // can be used when creating a WebGL context if the browser detects that the View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ebaa959… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ebaa959… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.4.0esr-14.5-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 23 Oct '24

23 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: cc1f52a5 by Pier Angelo Vendrame at 2024-10-23T14:32:55+02:00 fixup! Firefox preference overrides. Bug 42125: Set and lock privacy.resistFingerprinting.exemptedDomains. The rationale for locking this is consistency with RFP. Also, set privacy.resistFingerprinting.randomDataOnCanvasExtract as a countermesure to some wrong guides. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -385,10 +385,18 @@ pref("dom.push.serverURL", ""); // Fingerprinting // tor-browser#41797: For release builds, lock RFP +// tor-browser#42125: Set (and lock in release) also exempted domains. #if MOZ_UPDATE_CHANNEL == release pref("privacy.resistFingerprinting", true, locked); +pref("privacy.resistFingerprinting.exemptedDomains", "", locked); +// tor-browser#42125: Some misleading guides suggest to set this to false, but +// the result would be that the canvas is completely white +// (see StaticPrefList.yaml), so lock it to true. +// Might be removed (MozBug 1670447). +pref("privacy.resistFingerprinting.randomDataOnCanvasExtract", true, locked); #else pref("privacy.resistFingerprinting", true); +pref("privacy.resistFingerprinting.exemptedDomains", ""); #endif // tor-browser#18603: failIfMajorPerformanceCaveat is an optional attribute that // can be used when creating a WebGL context if the browser detects that the View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/cc1f52a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/cc1f52a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] temporarily disbale the no-update.xml for 13.5.7 (analgous line should come...
by morgan (＠morgan) 22 Oct '24

22 Oct '24

morgan pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: d938943b by Morgan at 2024-10-22T20:06:40+00:00 temporarily disbale the no-update.xml for 13.5.7 (analgous line should come back once 13.5.9 is released) - - - - - 1 changed file: - update_3/release/.htaccess Changes: ===================================== update_3/release/.htaccess ===================================== @@ -13,7 +13,8 @@ RewriteRule ^[^/]+/13\.0.*/.* https://aus1.torproject.org/torbrowser/update_pre1 RewriteRule ^[^/]+/13\.5/.* https://aus1.torproject.org/torbrowser/update_pre14.0/release/$0 [last] RewriteRule ^[^/]+/13\.5\.[0123456]/.* https://aus1.torproject.org/torbrowser/update_pre14.0/release/$0 [last] RewriteRule ^[^/]+/14.0/ no-update.xml [last] -RewriteRule ^[^/]+/13.5.7/ no-update.xml [last] +# Disable this rule for now so 13.5.7 download the appropriate 14.0+13.5.7-.*xml response +# RewriteRule ^[^/]+/13.5.7/ no-update.xml [last] RewriteRule ^Linux_x86-gcc3/13.5.5/ALL 13.5.5-14.0+13.5.7-linux-i686-ALL.xml [last] RewriteRule ^Linux_x86-gcc3/13.5.6/ALL 13.5.6-14.0+13.5.7-linux-i686-ALL.xml [last] RewriteRule ^Linux_x86-gcc3/13.5.7/ALL 13.5.7-14.0+13.5.7-linux-i686-ALL.xml [last] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0