September 2024 - tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] fixup! [android] Modify add-on support
by ma1 (＠ma1) 11 Sep '24

11 Sep '24

ma1 pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 4eb9b64f by hackademix at 2024-09-11T21:59:25+02:00 fixup! [android] Modify add-on support Bug 43097: Use default (non-builtin) extension installation method which works with xpi files. - - - - - 6 changed files: - mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/webextension/GeckoWebExtension.kt - mobile/android/android-components/components/concept/engine/src/main/java/mozilla/components/concept/engine/webextension/WebExtension.kt - mobile/android/android-components/components/support/webextensions/src/main/java/mozilla/components/support/webextensions/WebExtensionSupport.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/addons/InstalledAddonDetailsFragment.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/components/TorBrowserFeatures.kt - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebExtensionController.java Changes: ===================================== mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/webextension/GeckoWebExtension.kt ===================================== @@ -393,6 +393,7 @@ class GeckoWebExtension( override fun isAllowedInPrivateBrowsing(): Boolean { return isBuiltIn() || nativeExtension.metaData.allowedInPrivateBrowsing + || isBundled() } override suspend fun loadIcon(size: Int): Bitmap? { ===================================== mobile/android/android-components/components/concept/engine/src/main/java/mozilla/components/concept/engine/webextension/WebExtension.kt ===================================== @@ -164,6 +164,14 @@ abstract class WebExtension( */ open fun isBuiltIn(): Boolean = Uri.parse(url).scheme == "resource" + /** + * Checks whether or not this extension is bundled with this browser, + * but otherwise behaves as an unprivileged (non built-in) extension, + * except it cannot be disabled or uninstalled from the UI (e.g. + * NoScript in the Tor Browser). + */ + open fun isBundled(): Boolean = id == "{73a6fe31-595d-460b-a920-fcc0f8843232}" + /** * Checks whether or not this extension is enabled. */ ===================================== mobile/android/android-components/components/support/webextensions/src/main/java/mozilla/components/support/webextensions/WebExtensionSupport.kt ===================================== @@ -234,6 +234,7 @@ object WebExtensionSupport { // when the add-on has already been installed, we don't need to show anything // either. val shouldDispatchAction = !installedExtensions.containsKey(extension.id) && !extension.isBuiltIn() + && !extension.isBundled() registerInstalledExtension(store, extension) if (shouldDispatchAction) { store.dispatch( ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/addons/InstalledAddonDetailsFragment.kt ===================================== @@ -44,6 +44,8 @@ class InstalledAddonDetailsFragment : Fragment() { private var _binding: FragmentInstalledAddOnDetailsBinding? = null + private var isBundledAddon = false; + override fun onCreateView( inflater: LayoutInflater, container: ViewGroup?, @@ -51,6 +53,7 @@ class InstalledAddonDetailsFragment : Fragment() { ): View { if (!::addon.isInitialized) { addon = AddonDetailsFragmentArgs.fromBundle(requireNotNull(arguments)).addon + isBundledAddon = installedExtensions[addon.id]?.isBundled() ?: false } setBindingAndBindUI( @@ -148,6 +151,7 @@ class InstalledAddonDetailsFragment : Fragment() { // When the ad-on is blocklisted or not correctly signed, we do not want to enable the toggle switch // because users shouldn't be able to re-enable an add-on in this state. if ( + isBundledAddon || addon.isDisabledAsBlocklisted() || addon.isDisabledAsNotCorrectlySigned() || addon.isDisabledAsIncompatible() @@ -303,6 +307,7 @@ class InstalledAddonDetailsFragment : Fragment() { } private fun bindReportButton() { + binding.reportAddOn.isVisible = !isBundledAddon binding.reportAddOn.setOnClickListener { val shouldCreatePrivateSession = (activity as HomeActivity).browsingModeManager.mode.isPrivate @@ -367,8 +372,7 @@ class InstalledAddonDetailsFragment : Fragment() { } private fun bindRemoveButton() { - val isBuiltin = installedExtensions[addon.id]?.isBuiltIn() ?: false - binding.removeAddOn.isVisible = !isBuiltin + binding.removeAddOn.isVisible = !isBundledAddon binding.removeAddOn.setOnClickListener { setAllInteractiveViewsClickable(binding, false) requireContext().components.addonManager.uninstallAddon( ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/components/TorBrowserFeatures.kt ===================================== @@ -6,12 +6,14 @@ package org.mozilla.fenix.components +import android.os.StrictMode import android.content.Context import kotlinx.coroutines.DelicateCoroutinesApi import kotlinx.coroutines.Dispatchers import kotlinx.coroutines.GlobalScope import kotlinx.coroutines.launch import kotlinx.coroutines.withContext +import java.io.IOException import mozilla.components.concept.engine.webextension.WebExtension import mozilla.components.concept.engine.webextension.WebExtensionRuntime import mozilla.components.support.webextensions.WebExtensionSupport @@ -25,14 +27,39 @@ object TorBrowserFeatures { private const val NOSCRIPT_ID = "{73a6fe31-595d-460b-a920-fcc0f8843232}" private fun installNoScript( + context: Context, runtime: WebExtensionRuntime, onSuccess: ((WebExtension) -> Unit), onError: ((Throwable) -> Unit) ) { + /** + * Copy the xpi from assets to cacheDir, we do not care if the file is later deleted. + */ + val xpiName = "$NOSCRIPT_ID.xpi" + val addonPath = context.cacheDir.resolve(xpiName) + val policy = StrictMode.getThreadPolicy() + try { + context.assets.open("extensions/$xpiName") + .use { inStream -> + // we don't want penaltyDeath() on disk write + StrictMode.setThreadPolicy(StrictMode.ThreadPolicy.LAX) - runtime.installBuiltInWebExtension( - id = NOSCRIPT_ID, - url = "resource://android/assets/extensions/" + NOSCRIPT_ID + ".xpi", + addonPath.outputStream().use { outStream -> + inStream.copyTo(outStream) + } + } + } catch (throwable: IOException) { + onError(throwable) + return + } finally { + StrictMode.setThreadPolicy(policy) + } + + /** + * Install with a file:// URI pointing to the temp location where the addon was copied to. + */ + runtime.installWebExtension( + url = addonPath.toURI().toString(), onSuccess = { extension -> runtime.setAllowedInPrivateBrowsing( extension, @@ -95,6 +122,7 @@ object TorBrowserFeatures { */ if (!settings.noscriptInstalled) { installNoScript( + context, runtime, onSuccess = { settings.noscriptInstalled = true ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebExtensionController.java ===================================== @@ -1166,6 +1166,27 @@ public class WebExtensionController { }); } + private boolean isBundledExtension(final String extensionId) { + return "{73a6fe31-595d-460b-a920-fcc0f8843232}".equals(extensionId); + } + + private boolean promptBypass(final WebExtension extension, final EventCallback callback) { + // allow bundled extensions, e.g. NoScript, to be installed with no prompt + if (isBundledExtension(extension.id)) { + callback.resolveTo( + GeckoResult.allow().map( + allowOrDeny -> { + final GeckoBundle response = new GeckoBundle(1); + response.putBoolean("allow", true); + return response; + } + ) + ); + return true; + } + return false; + } + private void installPrompt(final GeckoBundle message, final EventCallback callback) { final GeckoBundle extensionBundle = message.getBundle("extension"); if (extensionBundle == null @@ -1181,6 +1202,10 @@ public class WebExtensionController { final WebExtension extension = new WebExtension(mDelegateControllerProvider, extensionBundle); + if (promptBypass(extension, callback)) { + return; + } + if (mPromptDelegate == null) { Log.e( LOGTAG, "Tried to install extension " + extension.id + " but no delegate is registered"); @@ -1220,6 +1245,10 @@ public class WebExtensionController { final WebExtension currentExtension = new WebExtension(mDelegateControllerProvider, currentBundle); + if (promptBypass(currentExtension, callback)) { + return; + } + final WebExtension updatedExtension = new WebExtension(mDelegateControllerProvider, updatedBundle); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4eb9b64… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4eb9b64… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] 2 commits: fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 11 Sep '24

11 Sep '24

Pier Angelo Vendrame pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 28593074 by Henry Wilkes at 2024-09-11T11:49:11+02:00 fixup! Firefox preference overrides. Bug 42653: Hide neterror reporting checkbox. - - - - - cb7cdb5f by Henry Wilkes at 2024-09-11T11:49:14+02:00 fixup! Bug 42027: Base Browser migration procedures. Bug 42653: Reset security.xfocsp.errorReporting.automatic. - - - - - 2 changed files: - browser/app/profile/001-base-profile.js - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -212,6 +212,9 @@ pref("browser.tabs.crashReporting.sendReport", false); pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // Added in tor-browser#41496 even though false by default pref("browser.crashReports.unsubmittedCheck.enabled", false); +// Disable checkbox in about:neterror that controls +// security.xfocsp.errorReporting.automatic. See tor-browser#42653. +pref("security.xfocsp.errorReporting.enabled", false); // Added in tor-browser#41496 even though it shuld be already always disabled // since we disable MOZ_CRASHREPORTER. pref("breakpad.reportURL", "data:"); ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -4701,11 +4701,13 @@ BrowserGlue.prototype = { _migrateUIBB() { // Version 1: 13.0a3. Reset layout.css.prefers-color-scheme.content-override // for tor-browser#41739. - // Version 2: 14.0a5:Reset the privacy tracking headers preferences since + // Version 2: 14.0a5: Reset the privacy tracking headers preferences since // the UI is hidden. tor-browser#42777. // Also, do not set // dom.security.https_only_mode_send_http_background_request in // the security level anymore (tor-browser#42149). + // Also, reset security.xfocsp.errorReporting.automatic since we + // hid its neterror checkbox. tor-browser#42653. const MIGRATION_VERSION = 2; const MIGRATION_PREF = "basebrowser.migration.version"; // We do not care whether this is a new or old profile, since in version 1 @@ -4725,10 +4727,11 @@ BrowserGlue.prototype = { "privacy.donottrackheader.enabled", // Telemetry preference for if the user changed the value. "privacy.globalprivacycontrol.was_ever_enabled", - // The last two preferences have no corresponding UI, but are related. + // The next two preferences have no corresponding UI, but are related. "privacy.globalprivacycontrol.functionality.enabled", "privacy.globalprivacycontrol.pbmode.enabled", "dom.security.https_only_mode_send_http_background_request", + "security.xfocsp.errorReporting.automatic", ]) { Services.prefs.clearUserPref(prefName); } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/eda499… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/eda499… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] 2 commits: fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 11 Sep '24

11 Sep '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 7f62dab3 by Henry Wilkes at 2024-09-11T11:49:25+02:00 fixup! Firefox preference overrides. Bug 42653: Hide neterror reporting checkbox. - - - - - 58b09ef5 by Henry Wilkes at 2024-09-11T11:49:26+02:00 fixup! Bug 42027: Base Browser migration procedures. Bug 42653: Reset security.xfocsp.errorReporting.automatic. - - - - - 2 changed files: - browser/app/profile/001-base-profile.js - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -212,6 +212,9 @@ pref("browser.tabs.crashReporting.sendReport", false); pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // Added in tor-browser#41496 even though false by default pref("browser.crashReports.unsubmittedCheck.enabled", false); +// Disable checkbox in about:neterror that controls +// security.xfocsp.errorReporting.automatic. See tor-browser#42653. +pref("security.xfocsp.errorReporting.enabled", false); // Added in tor-browser#41496 even though it shuld be already always disabled // since we disable MOZ_CRASHREPORTER. pref("breakpad.reportURL", "data:"); ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -4683,11 +4683,13 @@ BrowserGlue.prototype = { _migrateUIBB() { // Version 1: 13.0a3. Reset layout.css.prefers-color-scheme.content-override // for tor-browser#41739. - // Version 2: 14.0a5:Reset the privacy tracking headers preferences since + // Version 2: 14.0a5: Reset the privacy tracking headers preferences since // the UI is hidden. tor-browser#42777. // Also, do not set // dom.security.https_only_mode_send_http_background_request in // the security level anymore (tor-browser#42149). + // Also, reset security.xfocsp.errorReporting.automatic since we + // hid its neterror checkbox. tor-browser#42653. const MIGRATION_VERSION = 2; const MIGRATION_PREF = "basebrowser.migration.version"; // We do not care whether this is a new or old profile, since in version 1 @@ -4707,10 +4709,11 @@ BrowserGlue.prototype = { "privacy.donottrackheader.enabled", // Telemetry preference for if the user changed the value. "privacy.globalprivacycontrol.was_ever_enabled", - // The last two preferences have no corresponding UI, but are related. + // The next two preferences have no corresponding UI, but are related. "privacy.globalprivacycontrol.functionality.enabled", "privacy.globalprivacycontrol.pbmode.enabled", "dom.security.https_only_mode_send_http_background_request", + "security.xfocsp.errorReporting.automatic", ]) { Services.prefs.clearUserPref(prefName); } View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/e5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/e5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] 2 commits: fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 11 Sep '24

11 Sep '24

Pier Angelo Vendrame pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 7fa115dd by Henry Wilkes at 2024-09-11T10:10:49+01:00 fixup! Firefox preference overrides. Bug 42653: Hide neterror reporting checkbox. - - - - - 24265a33 by Henry Wilkes at 2024-09-11T10:11:22+01:00 fixup! Bug 42027: Base Browser migration procedures. Bug 42653: Reset security.xfocsp.errorReporting.automatic. - - - - - 2 changed files: - browser/app/profile/001-base-profile.js - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -212,6 +212,9 @@ pref("browser.tabs.crashReporting.sendReport", false); pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // Added in tor-browser#41496 even though false by default pref("browser.crashReports.unsubmittedCheck.enabled", false); +// Disable checkbox in about:neterror that controls +// security.xfocsp.errorReporting.automatic. See tor-browser#42653. +pref("security.xfocsp.errorReporting.enabled", false); // Added in tor-browser#41496 even though it shuld be already always disabled // since we disable MOZ_CRASHREPORTER. pref("breakpad.reportURL", "data:"); ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -4812,11 +4812,13 @@ BrowserGlue.prototype = { _migrateUIBB() { // Version 1: 13.0a3. Reset layout.css.prefers-color-scheme.content-override // for tor-browser#41739. - // Version 2: 14.0a5:Reset the privacy tracking headers preferences since + // Version 2: 14.0a5: Reset the privacy tracking headers preferences since // the UI is hidden. tor-browser#42777. // Also, do not set // dom.security.https_only_mode_send_http_background_request in // the security level anymore (tor-browser#42149). + // Also, reset security.xfocsp.errorReporting.automatic since we + // hid its neterror checkbox. tor-browser#42653. const MIGRATION_VERSION = 2; const MIGRATION_PREF = "basebrowser.migration.version"; // We do not care whether this is a new or old profile, since in version 1 @@ -4836,10 +4838,11 @@ BrowserGlue.prototype = { "privacy.donottrackheader.enabled", // Telemetry preference for if the user changed the value. "privacy.globalprivacycontrol.was_ever_enabled", - // The last two preferences have no corresponding UI, but are related. + // The next two preferences have no corresponding UI, but are related. "privacy.globalprivacycontrol.functionality.enabled", "privacy.globalprivacycontrol.pbmode.enabled", "dom.security.https_only_mode_send_http_background_request", + "security.xfocsp.errorReporting.automatic", ]) { Services.prefs.clearUserPref(prefName); } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/f5f0ab… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/f5f0ab… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] 7 commits: fixup! Bug 18905: Hide unwanted items from help menu
by Pier Angelo Vendrame (＠pierov) 11 Sep '24

11 Sep '24

Pier Angelo Vendrame pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 7d140e5c by Henry Wilkes at 2024-09-11T09:32:40+02:00 fixup! Bug 18905: Hide unwanted items from help menu Bug 42647: Hide the switch device menu item. - - - - - 32c87a46 by Henry Wilkes at 2024-09-11T09:32:49+02:00 fixup! Firefox preference overrides. Bug 42647: Remove unused preference browser.device-migration.help-menu.hidden. - - - - - c5fdc06a by Henry Wilkes at 2024-09-11T09:32:58+02:00 Bug 43109: Hide Firefox Relay from settings. This should remain disabled, see tor-browser#42814. - - - - - 00bb7583 by Henry Wilkes at 2024-09-11T09:33:07+02:00 fixup! Bug 42027: Base Browser migration procedures. Bug 42777: Clear user preferences for GPC and DNT. - - - - - 542ca8e7 by Henry Wilkes at 2024-09-11T09:33:22+02:00 Bug 42777: Hide Website Privacy Preferences. We hide the Website Privacy Preferences section, which controls the "global privacy control" (GPC) and "do not track" (DNT) settings. - - - - - b987575b by Pier Angelo Vendrame at 2024-09-11T09:33:33+02:00 fixup! Bug 40925: Implemented the Security Level component Bug 42149: Do not change HTTPS-Only settings in the security level anymore. That preference does not really belong to the security level. - - - - - eda499b9 by Pier Angelo Vendrame at 2024-09-11T09:33:39+02:00 fixup! Bug 42027: Base Browser migration procedures. Bug 42149: Clear user values for https_only_mode_send_http_background_request since we do not change it with the security level anymore. - - - - - 6 changed files: - browser/app/profile/001-base-profile.js - browser/base/content/browser-menubar.inc - browser/components/BrowserGlue.sys.mjs - browser/components/preferences/privacy.inc.xhtml - browser/components/preferences/privacy.js - toolkit/components/securitylevel/SecurityLevel.sys.mjs Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -20,9 +20,6 @@ pref("browser.aboutwelcome.enabled", false); // Disable the Firefox View tab (tor-browser#41876) pref("browser.tabs.firefox-view", false, locked); -// Disable 'Switching to a new device" help menu item (tor-browser#41774) -pref("browser.device-migration.help-menu.hidden", true); - #if MOZ_UPDATE_CHANNEL == release // tor-browser#42640: Disable Firefox Flame buttond due to unknown interactions with New Identity pref("browser.privatebrowsing.resetPBM.enabled", false, locked); ===================================== browser/base/content/browser-menubar.inc ===================================== @@ -503,6 +503,7 @@ hidden="true"/> <menuitem id="helpSwitchDevice" oncommand="openSwitchingDevicesPage();" + hidden="true" data-l10n-id="menu-help-switch-device" appmenu-data-l10n-id="appmenu-help-switch-device"/> <menuseparator id="aboutSeparator"/> ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -4701,7 +4701,12 @@ BrowserGlue.prototype = { _migrateUIBB() { // Version 1: 13.0a3. Reset layout.css.prefers-color-scheme.content-override // for tor-browser#41739. - const MIGRATION_VERSION = 1; + // Version 2: 14.0a5:Reset the privacy tracking headers preferences since + // the UI is hidden. tor-browser#42777. + // Also, do not set + // dom.security.https_only_mode_send_http_background_request in + // the security level anymore (tor-browser#42149). + const MIGRATION_VERSION = 2; const MIGRATION_PREF = "basebrowser.migration.version"; // We do not care whether this is a new or old profile, since in version 1 // we just quickly clear a user preference, which should not do anything to @@ -4714,6 +4719,20 @@ BrowserGlue.prototype = { "layout.css.prefers-color-scheme.content-override" ); } + if (currentVersion < 2) { + for (const prefName of [ + "privacy.globalprivacycontrol.enabled", + "privacy.donottrackheader.enabled", + // Telemetry preference for if the user changed the value. + "privacy.globalprivacycontrol.was_ever_enabled", + // The last two preferences have no corresponding UI, but are related. + "privacy.globalprivacycontrol.functionality.enabled", + "privacy.globalprivacycontrol.pbmode.enabled", + "dom.security.https_only_mode_send_http_background_request", + ]) { + Services.prefs.clearUserPref(prefName); + } + } Services.prefs.setIntPref(MIGRATION_PREF, MIGRATION_VERSION); }, ===================================== browser/components/preferences/privacy.inc.xhtml ===================================== @@ -358,7 +358,7 @@ </vbox> </vbox> </groupbox> -<groupbox id="nonTechnicalPrivacyGroup" data-category="panePrivacy" data-subcategory="nontechnicalprivacy" hidden="true"> +<groupbox id="nonTechnicalPrivacyGroup" data-category="panePrivacy" data-subcategory="nontechnicalprivacy" data-hidden-from-search="true" hidden="true"> <label id="nonTechnicalPrivacyHeader"><html:h2 data-l10n-id="non-technical-privacy-header"/></label> <vbox id="nonTechnicalPrivacyBox"> <hbox id="globalPrivacyControlBox" flex="1" align="center" hidden="true"> ===================================== browser/components/preferences/privacy.js ===================================== @@ -3039,8 +3039,12 @@ var gPrivacyPane = { }, _updateRelayIntegrationUI() { - document.getElementById("relayIntegrationBox").hidden = - !FirefoxRelay.isAvailable; + // In Base Browser, we always hide the integration checkbox since + // FirefoxRelay should remain disabled. + // See tor-browser#43109 and tor-browser#42814. + // NOTE: FirefoxRelay.isAvailable will be true whenever + // FirefoxRelay.isDisabled is true. + document.getElementById("relayIntegrationBox").hidden = true; document.getElementById("relayIntegration").checked = FirefoxRelay.isAvailable && !FirefoxRelay.isDisabled; }, ===================================== toolkit/components/securitylevel/SecurityLevel.sys.mjs ===================================== @@ -256,17 +256,16 @@ var initializeNoScriptControl = () => { /* eslint-disable */ // prettier-ignore const kSecuritySettings = { - // Preference name : [0, 1-high 2-m 3-m 4-low] - "javascript.options.ion" : [, false, false, false, true ], - "javascript.options.baselinejit" : [, false, false, false, true ], - "javascript.options.native_regexp" : [, false, false, false, true ], - "mathml.disabled" : [, true, true, true, false], - "gfx.font_rendering.graphite.enabled" : [, false, false, false, true ], - "gfx.font_rendering.opentype_svg.enabled" : [, false, false, false, true ], - "svg.disabled" : [, true, false, false, false], - "javascript.options.asmjs" : [, false, false, false, true ], - "javascript.options.wasm" : [, false, false, false, true ], - "dom.security.https_only_mode_send_http_background_request" : [, false, false, false, true ], + // Preference name: [0, 1-high 2-m 3-m 4-low] + "javascript.options.ion": [, false, false, false, true ], + "javascript.options.baselinejit": [, false, false, false, true ], + "javascript.options.native_regexp": [, false, false, false, true ], + "mathml.disabled": [, true, true, true, false], + "gfx.font_rendering.graphite.enabled": [, false, false, false, true ], + "gfx.font_rendering.opentype_svg.enabled": [, false, false, false, true ], + "svg.disabled": [, true, false, false, false], + "javascript.options.asmjs": [, false, false, false, true ], + "javascript.options.wasm": [, false, false, false, true ], }; /* eslint-enable */ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/69a7c0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/69a7c0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] 7 commits: fixup! Bug 18905: Hide unwanted items from help menu
by Pier Angelo Vendrame (＠pierov) 11 Sep '24

11 Sep '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 121e0977 by Henry Wilkes at 2024-09-11T09:34:11+02:00 fixup! Bug 18905: Hide unwanted items from help menu Bug 42647: Hide the switch device menu item. - - - - - 8af90aaa by Henry Wilkes at 2024-09-11T09:34:13+02:00 fixup! Firefox preference overrides. Bug 42647: Remove unused preference browser.device-migration.help-menu.hidden. - - - - - 8479f2af by Henry Wilkes at 2024-09-11T09:34:13+02:00 Bug 43109: Hide Firefox Relay from settings. This should remain disabled, see tor-browser#42814. - - - - - 509487d7 by Henry Wilkes at 2024-09-11T09:34:13+02:00 fixup! Bug 42027: Base Browser migration procedures. Bug 42777: Clear user preferences for GPC and DNT. - - - - - 17e5d5c3 by Henry Wilkes at 2024-09-11T09:34:14+02:00 Bug 42777: Hide Website Privacy Preferences. We hide the Website Privacy Preferences section, which controls the "global privacy control" (GPC) and "do not track" (DNT) settings. - - - - - 1e2a4e09 by Pier Angelo Vendrame at 2024-09-11T09:34:14+02:00 fixup! Bug 40925: Implemented the Security Level component Bug 42149: Do not change HTTPS-Only settings in the security level anymore. That preference does not really belong to the security level. - - - - - e5b3573b by Pier Angelo Vendrame at 2024-09-11T09:34:15+02:00 fixup! Bug 42027: Base Browser migration procedures. Bug 42149: Clear user values for https_only_mode_send_http_background_request since we do not change it with the security level anymore. - - - - - 6 changed files: - browser/app/profile/001-base-profile.js - browser/base/content/browser-menubar.inc - browser/components/BrowserGlue.sys.mjs - browser/components/preferences/privacy.inc.xhtml - browser/components/preferences/privacy.js - toolkit/components/securitylevel/SecurityLevel.sys.mjs Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -20,9 +20,6 @@ pref("browser.aboutwelcome.enabled", false); // Disable the Firefox View tab (tor-browser#41876) pref("browser.tabs.firefox-view", false, locked); -// Disable 'Switching to a new device" help menu item (tor-browser#41774) -pref("browser.device-migration.help-menu.hidden", true); - #if MOZ_UPDATE_CHANNEL == release // tor-browser#42640: Disable Firefox Flame buttond due to unknown interactions with New Identity pref("browser.privatebrowsing.resetPBM.enabled", false, locked); ===================================== browser/base/content/browser-menubar.inc ===================================== @@ -502,6 +502,7 @@ hidden="true"/> <menuitem id="helpSwitchDevice" oncommand="openSwitchingDevicesPage();" + hidden="true" data-l10n-id="menu-help-switch-device" appmenu-data-l10n-id="appmenu-help-switch-device"/> <menuseparator id="aboutSeparator"/> ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -4683,7 +4683,12 @@ BrowserGlue.prototype = { _migrateUIBB() { // Version 1: 13.0a3. Reset layout.css.prefers-color-scheme.content-override // for tor-browser#41739. - const MIGRATION_VERSION = 1; + // Version 2: 14.0a5:Reset the privacy tracking headers preferences since + // the UI is hidden. tor-browser#42777. + // Also, do not set + // dom.security.https_only_mode_send_http_background_request in + // the security level anymore (tor-browser#42149). + const MIGRATION_VERSION = 2; const MIGRATION_PREF = "basebrowser.migration.version"; // We do not care whether this is a new or old profile, since in version 1 // we just quickly clear a user preference, which should not do anything to @@ -4696,6 +4701,20 @@ BrowserGlue.prototype = { "layout.css.prefers-color-scheme.content-override" ); } + if (currentVersion < 2) { + for (const prefName of [ + "privacy.globalprivacycontrol.enabled", + "privacy.donottrackheader.enabled", + // Telemetry preference for if the user changed the value. + "privacy.globalprivacycontrol.was_ever_enabled", + // The last two preferences have no corresponding UI, but are related. + "privacy.globalprivacycontrol.functionality.enabled", + "privacy.globalprivacycontrol.pbmode.enabled", + "dom.security.https_only_mode_send_http_background_request", + ]) { + Services.prefs.clearUserPref(prefName); + } + } Services.prefs.setIntPref(MIGRATION_PREF, MIGRATION_VERSION); }, ===================================== browser/components/preferences/privacy.inc.xhtml ===================================== @@ -358,7 +358,7 @@ </vbox> </vbox> </groupbox> -<groupbox id="nonTechnicalPrivacyGroup" data-category="panePrivacy" data-subcategory="nontechnicalprivacy" hidden="true"> +<groupbox id="nonTechnicalPrivacyGroup" data-category="panePrivacy" data-subcategory="nontechnicalprivacy" data-hidden-from-search="true" hidden="true"> <label id="nonTechnicalPrivacyHeader"><html:h2 data-l10n-id="non-technical-privacy-header"/></label> <vbox id="nonTechnicalPrivacyBox"> <hbox id="globalPrivacyControlBox" flex="1" align="center" hidden="true"> ===================================== browser/components/preferences/privacy.js ===================================== @@ -3041,8 +3041,12 @@ var gPrivacyPane = { }, _updateRelayIntegrationUI() { - document.getElementById("relayIntegrationBox").hidden = - !FirefoxRelay.isAvailable; + // In Base Browser, we always hide the integration checkbox since + // FirefoxRelay should remain disabled. + // See tor-browser#43109 and tor-browser#42814. + // NOTE: FirefoxRelay.isAvailable will be true whenever + // FirefoxRelay.isDisabled is true. + document.getElementById("relayIntegrationBox").hidden = true; document.getElementById("relayIntegration").checked = FirefoxRelay.isAvailable && !FirefoxRelay.isDisabled; }, ===================================== toolkit/components/securitylevel/SecurityLevel.sys.mjs ===================================== @@ -268,17 +268,16 @@ var initializeNoScriptControl = () => { /* eslint-disable */ // prettier-ignore const kSecuritySettings = { - // Preference name : [0, 1-high 2-m 3-m 4-low] - "javascript.options.ion" : [, false, false, false, true ], - "javascript.options.baselinejit" : [, false, false, false, true ], - "javascript.options.native_regexp" : [, false, false, false, true ], - "mathml.disabled" : [, true, true, true, false], - "gfx.font_rendering.graphite.enabled" : [, false, false, false, true ], - "gfx.font_rendering.opentype_svg.enabled" : [, false, false, false, true ], - "svg.disabled" : [, true, false, false, false], - "javascript.options.asmjs" : [, false, false, false, true ], - "javascript.options.wasm" : [, false, false, false, true ], - "dom.security.https_only_mode_send_http_background_request" : [, false, false, false, true ], + // Preference name: [0, 1-high 2-m 3-m 4-low] + "javascript.options.ion": [, false, false, false, true ], + "javascript.options.baselinejit": [, false, false, false, true ], + "javascript.options.native_regexp": [, false, false, false, true ], + "mathml.disabled": [, true, true, true, false], + "gfx.font_rendering.graphite.enabled": [, false, false, false, true ], + "gfx.font_rendering.opentype_svg.enabled": [, false, false, false, true ], + "svg.disabled": [, true, false, false, false], + "javascript.options.asmjs": [, false, false, false, true ], + "javascript.options.wasm": [, false, false, false, true ], }; /* eslint-enable */ View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/a9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/a9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] 2 commits: fixup! Bug 40925: Implemented the Security Level component
by Pier Angelo Vendrame (＠pierov) 11 Sep '24

11 Sep '24

Pier Angelo Vendrame pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 4c041d5b by Pier Angelo Vendrame at 2024-09-11T09:03:32+02:00 fixup! Bug 40925: Implemented the Security Level component Bug 42149: Do not change HTTPS-Only settings in the security level anymore. That preference does not really belong to the security level. - - - - - f5f0ab07 by Pier Angelo Vendrame at 2024-09-11T09:23:10+02:00 fixup! Bug 42027: Base Browser migration procedures. Bug 42149: Clear user values for https_only_mode_send_http_background_request since we do not change it with the security level anymore. - - - - - 2 changed files: - browser/components/BrowserGlue.sys.mjs - toolkit/components/securitylevel/SecurityLevel.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -4812,8 +4812,11 @@ BrowserGlue.prototype = { _migrateUIBB() { // Version 1: 13.0a3. Reset layout.css.prefers-color-scheme.content-override // for tor-browser#41739. - // Version 2: Reset the privacy tracking headers preferences since the UI - // is hidden. tor-browser#42777. + // Version 2: 14.0a5:Reset the privacy tracking headers preferences since + // the UI is hidden. tor-browser#42777. + // Also, do not set + // dom.security.https_only_mode_send_http_background_request in + // the security level anymore (tor-browser#42149). const MIGRATION_VERSION = 2; const MIGRATION_PREF = "basebrowser.migration.version"; // We do not care whether this is a new or old profile, since in version 1 @@ -4836,11 +4839,11 @@ BrowserGlue.prototype = { // The last two preferences have no corresponding UI, but are related. "privacy.globalprivacycontrol.functionality.enabled", "privacy.globalprivacycontrol.pbmode.enabled", + "dom.security.https_only_mode_send_http_background_request", ]) { Services.prefs.clearUserPref(prefName); } } - Services.prefs.setIntPref(MIGRATION_PREF, MIGRATION_VERSION); }, ===================================== toolkit/components/securitylevel/SecurityLevel.sys.mjs ===================================== @@ -256,17 +256,16 @@ var initializeNoScriptControl = () => { /* eslint-disable */ // prettier-ignore const kSecuritySettings = { - // Preference name : [0, 1-high 2-m 3-m 4-low] - "javascript.options.ion" : [, false, false, false, true ], - "javascript.options.baselinejit" : [, false, false, false, true ], - "javascript.options.native_regexp" : [, false, false, false, true ], - "mathml.disabled" : [, true, true, true, false], - "gfx.font_rendering.graphite.enabled" : [, false, false, false, true ], - "gfx.font_rendering.opentype_svg.enabled" : [, false, false, false, true ], - "svg.disabled" : [, true, false, false, false], - "javascript.options.asmjs" : [, false, false, false, true ], - "javascript.options.wasm" : [, false, false, false, true ], - "dom.security.https_only_mode_send_http_background_request" : [, false, false, false, true ], + // Preference name: [0, 1-high 2-m 3-m 4-low] + "javascript.options.ion": [, false, false, false, true ], + "javascript.options.baselinejit": [, false, false, false, true ], + "javascript.options.native_regexp": [, false, false, false, true ], + "mathml.disabled": [, true, true, true, false], + "gfx.font_rendering.graphite.enabled": [, false, false, false, true ], + "gfx.font_rendering.opentype_svg.enabled": [, false, false, false, true ], + "svg.disabled": [, true, false, false, false], + "javascript.options.asmjs": [, false, false, false, true ], + "javascript.options.wasm": [, false, false, false, true ], }; /* eslint-enable */ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/f67ca0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/f67ca0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] 2 commits: fixup! Bug 42027: Base Browser migration procedures.
by Pier Angelo Vendrame (＠pierov) 11 Sep '24

11 Sep '24

Pier Angelo Vendrame pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: c0f033e8 by Henry Wilkes at 2024-09-11T09:02:54+02:00 fixup! Bug 42027: Base Browser migration procedures. Bug 42777: Clear user preferences for GPC and DNT. - - - - - f67ca0ab by Henry Wilkes at 2024-09-11T09:02:55+02:00 Bug 42777: Hide Website Privacy Preferences. We hide the Website Privacy Preferences section, which controls the "global privacy control" (GPC) and "do not track" (DNT) settings. - - - - - 2 changed files: - browser/components/BrowserGlue.sys.mjs - browser/components/preferences/privacy.inc.xhtml Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -4812,7 +4812,9 @@ BrowserGlue.prototype = { _migrateUIBB() { // Version 1: 13.0a3. Reset layout.css.prefers-color-scheme.content-override // for tor-browser#41739. - const MIGRATION_VERSION = 1; + // Version 2: Reset the privacy tracking headers preferences since the UI + // is hidden. tor-browser#42777. + const MIGRATION_VERSION = 2; const MIGRATION_PREF = "basebrowser.migration.version"; // We do not care whether this is a new or old profile, since in version 1 // we just quickly clear a user preference, which should not do anything to @@ -4825,6 +4827,20 @@ BrowserGlue.prototype = { "layout.css.prefers-color-scheme.content-override" ); } + if (currentVersion < 2) { + for (const prefName of [ + "privacy.globalprivacycontrol.enabled", + "privacy.donottrackheader.enabled", + // Telemetry preference for if the user changed the value. + "privacy.globalprivacycontrol.was_ever_enabled", + // The last two preferences have no corresponding UI, but are related. + "privacy.globalprivacycontrol.functionality.enabled", + "privacy.globalprivacycontrol.pbmode.enabled", + ]) { + Services.prefs.clearUserPref(prefName); + } + } + Services.prefs.setIntPref(MIGRATION_PREF, MIGRATION_VERSION); }, ===================================== browser/components/preferences/privacy.inc.xhtml ===================================== @@ -358,7 +358,7 @@ </vbox> </vbox> </groupbox> -<groupbox id="nonTechnicalPrivacyGroup" data-category="panePrivacy" data-subcategory="nontechnicalprivacy" hidden="true"> +<groupbox id="nonTechnicalPrivacyGroup" data-category="panePrivacy" data-subcategory="nontechnicalprivacy" data-hidden-from-search="true" hidden="true"> <label id="nonTechnicalPrivacyHeader"><html:h2 data-l10n-id="non-technical-privacy-header"/></label> <vbox id="nonTechnicalPrivacyBox"> <hbox id="globalPrivacyControlBox" flex="1" align="center" hidden="true"> View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/6b115b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/6b115b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] Bug 43109: Hide Firefox Relay from settings.
by Pier Angelo Vendrame (＠pierov) 11 Sep '24

11 Sep '24

Pier Angelo Vendrame pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 6b115b94 by Henry Wilkes at 2024-09-11T09:02:23+02:00 Bug 43109: Hide Firefox Relay from settings. This should remain disabled, see tor-browser#42814. - - - - - 1 changed file: - browser/components/preferences/privacy.js Changes: ===================================== browser/components/preferences/privacy.js ===================================== @@ -3046,8 +3046,12 @@ var gPrivacyPane = { }, _updateRelayIntegrationUI() { - document.getElementById("relayIntegrationBox").hidden = - !FirefoxRelay.isAvailable; + // In Base Browser, we always hide the integration checkbox since + // FirefoxRelay should remain disabled. + // See tor-browser#43109 and tor-browser#42814. + // NOTE: FirefoxRelay.isAvailable will be true whenever + // FirefoxRelay.isDisabled is true. + document.getElementById("relayIntegrationBox").hidden = true; document.getElementById("relayIntegration").checked = FirefoxRelay.isAvailable && !FirefoxRelay.isDisabled; }, View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/6b115b9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/6b115b9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] 2 commits: fixup! Bug 18905: Hide unwanted items from help menu
by Pier Angelo Vendrame (＠pierov) 11 Sep '24

11 Sep '24

Pier Angelo Vendrame pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 0737d82c by Henry Wilkes at 2024-09-11T06:55:48+00:00 fixup! Bug 18905: Hide unwanted items from help menu Bug 42647: Hide the switch device menu item. - - - - - 0002935b by Henry Wilkes at 2024-09-11T06:55:48+00:00 fixup! Firefox preference overrides. Bug 42647: Remove unused preference browser.device-migration.help-menu.hidden. - - - - - 2 changed files: - browser/app/profile/001-base-profile.js - browser/base/content/browser-menubar.inc Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -20,9 +20,6 @@ pref("browser.aboutwelcome.enabled", false); // Disable the Firefox View tab (tor-browser#41876) pref("browser.tabs.firefox-view", false, locked); -// Disable 'Switching to a new device" help menu item (tor-browser#41774) -pref("browser.device-migration.help-menu.hidden", true); - #if MOZ_UPDATE_CHANNEL == release // tor-browser#42640: Disable Firefox Flame buttond due to unknown interactions with New Identity pref("browser.privatebrowsing.resetPBM.enabled", false, locked); ===================================== browser/base/content/browser-menubar.inc ===================================== @@ -511,6 +511,7 @@ hidden="true"/> <menuitem id="helpSwitchDevice" oncommand="openSwitchingDevicesPage();" + hidden="true" data-l10n-id="menu-help-switch-device" appmenu-data-l10n-id="appmenu-help-switch-device"/> <menuseparator id="aboutSeparator"/> View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/941338… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/941338… You're receiving this email because of your account on gitlab.torproject.org.

1 0