March 2025 - tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41385: Copy libstdc++.so.6 only.
by ma1 (＠ma1) 03 Mar '25

03 Mar '25

ma1 pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: 023c79bb by hackademix at 2025-03-03T16:21:10+01:00 Bug 41385: Copy libstdc++.so.6 only. - - - - - 1 changed file: - projects/firefox/build Changes: ===================================== projects/firefox/build ===================================== @@ -333,7 +333,7 @@ END; mkdir -p "$libdest" # Not copying libstdc++.so.* as that dups with the full libstdc++.so.6.0.xx the .6 links to # and libstdc++.so.6.0.28-gdb.py which is also not needed - cp /var/tmp/dist/gcc/[% c("var/libdir") %]/libstdc++.so.* "$libdest" + cp /var/tmp/dist/gcc/[% c("var/libdir") %]/libstdc++.so.6 "$libdest" [% IF c("var/asan") -%] cp /var/tmp/dist/gcc/[% c("var/libdir") %]/libasan.so.* "$libdest" cp /var/tmp/dist/gcc/[% c("var/libdir") %]/libubsan.so.* "$libdest" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41360 (fix): Update legacy version numbers.
by ma1 (＠ma1) 03 Mar '25

03 Mar '25

ma1 pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: f86855dd by hackademix at 2025-03-03T14:18:24+01:00 Bug 41360 (fix): Update legacy version numbers. - - - - - 1 changed file: - rbm.conf Changes: ===================================== rbm.conf ===================================== @@ -88,8 +88,8 @@ var: - '[% IF c("var/mullvad-browser") %]14.0.3[% END %]' mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' - torbrowser_legacy_version: 13.5.12 - torbrowser_legacy_platform_version: 115.20.0 + torbrowser_legacy_version: 13.5.13 + torbrowser_legacy_platform_version: 115.21.0 # By default, we sort the list of installed packages. This allows sharing # containers with identical list of packages, even if they are not listed View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-14.0.7-build1
by ma1 (＠ma1) 03 Mar '25

03 Mar '25

ma1 pushed new tag tbb-14.0.7-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] 3 commits: Disable Go updating to stay on 1.22 for macOS 10.15 compat.
by ma1 (＠ma1) 03 Mar '25

03 Mar '25

ma1 pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: 81c8abba by hackademix at 2025-03-03T10:34:30+01:00 Disable Go updating to stay on 1.22 for macOS 10.15 compat. - - - - - 7de2da28 by hackademix at 2025-03-03T11:35:27+01:00 Bug 41337 (fix) Use strip instead of $STRIP (undefined). - - - - - 3d341fde by hackademix at 2025-03-03T11:35:27+01:00 Bug 41360,41361: Prepare Tor,Mullvad Browsers 14.0.7 - - - - - 10 changed files: - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/firefox/build - projects/firefox/config - projects/geckoview/config - projects/openssl/config - projects/translation/config - projects/zstd/config - rbm.conf - tools/relprep.py Changes: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -1,3 +1,18 @@ +Mullvad Browser 14.0.7 - March 04 2025 + * All Platforms + * Updated Firefox to 128.8.0esr + * Bug 395: Set Mullvad Leta as default search engine [mullvad-browser] + * Bug 398: Rebase Mullvad Browser release onto Firefox 128.8.0esr [mullvad-browser] + * Bug 403: Backport Bugzilla 1915093: Don't prefetch HTTPS RR if proxyDNS is enabled [mullvad-browser] + * Bug 43536: Backport security fixes from Firefox 136 [tor-browser] + * macOS + * Bug 43468: ScreenCaptureKit framework should be a weak link [tor-browser] + * Linux + * Bug 394: Missing package when try to install Mullvad Browser in Debian Trixie [mullvad-browser] + * Build System + * All Platforms + * Bug 41380: Update kick-devmole script to use Mullvad's new GitHub action [tor-browser-build] + Mullvad Browser 14.0.5 - February 04 2025 * All Platforms * Updated Firefox to 128.7.0esr ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,17 @@ +Tor Browser 14.0.7 - March 04 2025 + * All Platforms + * Updated OpenSSL to 3.0.16 + * Bug 43522: Rebase Tor Browser release onto 128.0.8esr [tor-browser] + * Bug 43536: Backport security fixes from Firefox 136 [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 128.8.0esr + * Android + * Updated GeckoView to 128.8.0esr + * Updated Zstandard to 1.5.7 + * Build System + * All Platforms + * Bug 41380: Update kick-devmole script to use Mullvad's new GitHub action [tor-browser-build] + Tor Browser 14.0.6 - February 07 2025 * All Platforms * Updated Tor to 0.4.8.14 ===================================== projects/firefox/build ===================================== @@ -341,7 +341,7 @@ END; # Strip and generate debuginfo for libs for LIB in "$libdest"/*so* do - "$STRIP" "$LIB" + strip "$LIB" done [% END -%] ===================================== projects/firefox/config ===================================== @@ -14,12 +14,12 @@ container: use_container: 1 var: - firefox_platform_version: '128.7.0' + firefox_platform_version: '128.8.0' firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '14.0' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 3 + browser_build: 2 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' ===================================== projects/geckoview/config ===================================== @@ -16,12 +16,12 @@ container: build_apk: 1 var: - firefox_platform_version: '128.7.0' + firefox_platform_version: '128.8.0' geckoview_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '14.0' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 3 + browser_build: 2 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' ===================================== projects/openssl/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 3.0.15 +version: 3.0.16 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -36,5 +36,5 @@ input_files: - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - URL: 'https://github.com/openssl/openssl/releases/download/openssl-[% c("version") %]/openssl-[% c("version") %].tar.gz' - sha256sum: 23c666d0edf20f14249b3d8f0368acaee9ab585b09e1de82107c66e1f3ec9533 + sha256sum: 57e03c50feab5d31b152af2b764f10379aecd8ee92f16c985983ce4a99f7ef86 name: openssl ===================================== projects/translation/config ===================================== @@ -12,19 +12,19 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: 93eddbd3888852c09e130d536fb3c9bd7e4e6f57 + git_hash: 21fed48fc58df9e6c4d9f67b048fcae831df50c9 targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: dd30508387040bf0a1217a1eb9edb80ac21926f2 + git_hash: 100908b702f92bc001b69cdd70f96a6e63134516 targets: nightly: git_hash: 'tor-browser' mullvad-browser: mullvad-browser: '[% INCLUDE build %]' - git_hash: 6a1ef41c664a5185e25ca2c4bbf5d7447bd888a7 + git_hash: d279ce2add9a5bb3fc71f24b55679e3e0706f0eb targets: nightly: git_hash: 'mullvad-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: e4f5825b1125e2c8c2aa8d4fdaa7e002d8f2934a + git_hash: 75d7b65ebdcde2bb5b8788d13a33373fc4084965 compress_tar: 'zst' targets: nightly: ===================================== projects/zstd/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 -version: 1.5.6 +version: 1.5.7 git_url: https://github.com/facebook/zstd.git -git_hash: 794ea1b0afca0f020f4e57b6732332231fb23c70 +git_hash: f8745da6ff1ad1e7bab384bd1f9d742439278e99 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: ===================================== rbm.conf ===================================== @@ -73,18 +73,19 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '14.0.6' + torbrowser_version: '14.0.7' torbrowser_build: 'build1' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. - browser_release_date: '2025/02/06 18:43:58' + browser_release_date: '2025/03/03 09:37:02' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: + - '[% IF c("var/tor-browser") %]14.0.6[% END %]' - 14.0.5 - 14.0.4 - - 14.0.3 + - '[% IF c("var/mullvad-browser") %]14.0.3[% END %]' mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' torbrowser_legacy_version: 13.5.12 ===================================== tools/relprep.py ===================================== @@ -135,7 +135,7 @@ class ReleasePreparation: self.update_zlib() if self.android: self.update_zstd() - self.update_go() + # self.update_go() self.update_manual() self.update_changelogs() View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-128.8.0esr-14.0-1-build2
by ma1 (＠ma1) 03 Mar '25

03 Mar '25

ma1 pushed new tag mullvad-browser-128.8.0esr-14.0-1-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.8.0esr-14.0-1] 5 commits: Bug 1908488 - Improve dialogs. r=android-reviewers,gmalekpour, a=dmeehan [bp]
by ma1 (＠ma1) 03 Mar '25

03 Mar '25

ma1 pushed to branch mullvad-browser-128.8.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 955c81f6 by Tara at 2025-03-03T10:15:09+01:00 Bug 1908488 - Improve dialogs. r=android-reviewers,gmalekpour, a=dmeehan [bp] Differential Revision: https://phabricator.services.mozilla.com/D236606 - - - - - 7377c502 by John Schanck at 2025-03-03T10:15:10+01:00 Bug 1922357 - disallow the fido: URI scheme. a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D237313 Differential Revision: https://phabricator.services.mozilla.com/D238681 - - - - - bddb7190 by Jeff Boek at 2025-03-03T10:15:11+01:00 Bug 1928334 - Handles animating activities a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D238342 Differential Revision: https://phabricator.services.mozilla.com/D238845 - - - - - 43064cfd by Tom Schuster at 2025-03-03T10:15:12+01:00 Bug 1942022 - Improve the about:protections CSP. r=firefox-desktop-core-reviewers ,mossop Differential Revision: https://phabricator.services.mozilla.com/D234507 - - - - - 64d9c395 by Tom Schuster at 2025-03-03T10:15:13+01:00 Bug 1942025 - Improve the about:privatebrowsing CSP. r=firefox-desktop-core-reviewers ,Gijs Differential Revision: https://phabricator.services.mozilla.com/D234508 - - - - - 11 changed files: - browser/components/privatebrowsing/content/aboutPrivateBrowsing.html - browser/components/protections/content/protections.html - mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/GeckoEngineSession.kt - mobile/android/android-components/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/GeckoEngineSessionTest.kt - mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/AppLinksUseCases.kt - mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/AppLinksUseCasesTest.kt - mobile/android/android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/PromptFeature.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/customtabs/ExternalAppBrowserActivity.kt - mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java - mobile/android/geckoview/src/test/java/org/mozilla/gecko/util/IntentUtilsTest.java Changes: ===================================== browser/components/privatebrowsing/content/aboutPrivateBrowsing.html ===================================== @@ -10,7 +10,7 @@ <meta charset="utf-8" /> <meta http-equiv="Content-Security-Policy" - content="default-src chrome: blob:; object-src 'none'" + content="default-src chrome:; img-src chrome: blob:; object-src 'none';" /> <meta name="color-scheme" content="light dark" /> <link rel="icon" href="chrome://browser/skin/privatebrowsing/favicon.svg" /> ===================================== browser/components/protections/content/protections.html ===================================== @@ -8,7 +8,7 @@ <meta charset="utf-8" /> <meta http-equiv="Content-Security-Policy" - content="default-src chrome: blob:; object-src 'none'" + content="default-src chrome:; object-src 'none'" /> <meta name="color-scheme" content="light dark" /> <link rel="localization" href="branding/brand.ftl" /> ===================================== mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/GeckoEngineSession.kt ===================================== @@ -1818,7 +1818,7 @@ class GeckoEngineSession( internal const val ABOUT_BLANK = "about:blank" internal const val JS_SCHEME = "javascript" internal val BLOCKED_SCHEMES = - listOf("file", "resource", JS_SCHEME) // See 1684761 and 1684947 + listOf("file", "resource", "fido", JS_SCHEME) // See 1684761 and 1684947 /** * Provides an ErrorType corresponding to the error code provided. ===================================== mobile/android/android-components/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/GeckoEngineSessionTest.kt ===================================== @@ -631,6 +631,11 @@ class GeckoEngineSessionTest { engineSession.loadUrl("RESOURCE://package/test.text") verify(geckoSession, never()).load(GeckoSession.Loader().uri("resource://package/test.text")) verify(geckoSession, never()).load(GeckoSession.Loader().uri("RESOURCE://package/test.text")) + + engineSession.loadUrl("fido:/12345678") + engineSession.loadUrl("FIDO:/12345678") + verify(geckoSession, never()).load(GeckoSession.Loader().uri("fido:/12345678")) + verify(geckoSession, never()).load(GeckoSession.Loader().uri("FIDO:/12345678")) } @Test ===================================== mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/AppLinksUseCases.kt ===================================== @@ -313,6 +313,7 @@ class AppLinksUseCases( "https", "moz-extension", "moz-safe-about", "resource", "view-source", "ws", "wss", "blob", ) - internal val ALWAYS_DENY_SCHEMES: Set<String> = setOf("jar", "file", "javascript", "data", "about", "content") + internal val ALWAYS_DENY_SCHEMES: Set<String> = + setOf("jar", "file", "javascript", "data", "about", "content", "fido") } } ===================================== mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/AppLinksUseCasesTest.kt ===================================== @@ -47,6 +47,7 @@ class AppLinksUseCasesTest { private val javascriptUrl = "javascript:'hello, world'" private val jarUrl = "jar:file://some/path/test.html" private val contentUrl = "content://media/external_primary/downloads/12345" + private val fidoPath = "fido:12345678" private val fileType = "audio/mpeg" private val layerUrl = "https://example.com" private val layerPackage = "com.example.app" @@ -215,6 +216,15 @@ class AppLinksUseCasesTest { assertFalse(redirect.isRedirect()) } + @Test + fun `A fido url is not an app link`() { + val context = createContext(Triple(fidoPath, appPackage, "")) + val subject = AppLinksUseCases(context, { true }) + + val redirect = subject.interceptedAppLinkRedirect(fidoPath) + assertFalse(redirect.isRedirect()) + } + @Test fun `Will not redirect app link if browser option set to false and scheme is supported`() { val context = createContext(Triple(appUrl, appPackage, "")) ===================================== mobile/android/android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/PromptFeature.kt ===================================== @@ -9,6 +9,7 @@ import android.content.Intent import androidx.annotation.VisibleForTesting import androidx.annotation.VisibleForTesting.Companion.PRIVATE import androidx.core.view.isVisible +import androidx.fragment.app.DialogFragment import androidx.fragment.app.Fragment import androidx.fragment.app.FragmentManager import kotlinx.coroutines.CoroutineScope @@ -1094,7 +1095,15 @@ class PromptFeature private constructor( emitPromptDismissedFact(promptName = promptRequest::class.simpleName.ifNullOrEmpty { "" }) } + @VisibleForTesting + internal fun redirectDialogFragmentIsActive() = + (fragmentManager.findFragmentByTag("SHOULD_OPEN_APP_LINK_PROMPT_DIALOG") as? DialogFragment) != null + private fun canShowThisPrompt(promptRequest: PromptRequest): Boolean { + if (redirectDialogFragmentIsActive()) { + return false + } + return when (promptRequest) { is SingleChoice, is MultipleChoice, ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt ===================================== @@ -798,7 +798,7 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity { return false } - final override fun dispatchTouchEvent(ev: MotionEvent?): Boolean { + override fun dispatchTouchEvent(ev: MotionEvent?): Boolean { ProfilerMarkers.addForDispatchTouchEvent(components.core.engine.profiler, ev) return super.dispatchTouchEvent(ev) } ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/customtabs/ExternalAppBrowserActivity.kt ===================================== @@ -7,6 +7,7 @@ package org.mozilla.fenix.customtabs import android.app.assist.AssistContent import android.net.Uri import android.os.Build +import android.view.MotionEvent import androidx.annotation.RequiresApi import androidx.annotation.VisibleForTesting import mozilla.components.browser.state.selector.findCustomTab @@ -24,6 +25,8 @@ const val EXTRA_IS_SANDBOX_CUSTOM_TAB = "org.mozilla.fenix.customtabs.EXTRA_IS_S */ @Suppress("TooManyFunctions") open class ExternalAppBrowserActivity : HomeActivity() { + var isFinishedAnimating = false + override fun onResume() { super.onResume() @@ -74,4 +77,17 @@ open class ExternalAppBrowserActivity : HomeActivity() { val currentTabUrl = getExternalTab()?.content?.url outContent?.webUri = currentTabUrl?.let { Uri.parse(it) } } + + override fun dispatchTouchEvent(ev: MotionEvent?): Boolean { + if (!isFinishedAnimating) { + return true + } + + return super.dispatchTouchEvent(ev) + } + + override fun onEnterAnimationComplete() { + super.onEnterAnimationComplete() + isFinishedAnimating = true + } } ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java ===================================== @@ -76,6 +76,10 @@ public class IntentUtils { return getSafeIntent(aUri) != null; } + if ("fido".equals(scheme)) { + return false; + } + return true; } ===================================== mobile/android/geckoview/src/test/java/org/mozilla/gecko/util/IntentUtilsTest.java ===================================== @@ -63,4 +63,10 @@ public class IntentUtilsTest { final String uri = "intent:non_scheme_intent#Intent;end"; assertTrue(IntentUtils.isUriSafeForScheme(uri)); } + + @Test + public void unsafeFidoUri() { + final String uri = "fido:/12345678"; + assertFalse(IntentUtils.isUriSafeForScheme(uri)); + } } View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/cd… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/cd… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-128.8.0esr-14.0-1-build2
by ma1 (＠ma1) 03 Mar '25

03 Mar '25

ma1 pushed new tag base-browser-128.8.0esr-14.0-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.8.0esr-14.0-1] 5 commits: Bug 1908488 - Improve dialogs. r=android-reviewers,gmalekpour, a=dmeehan [bp]
by ma1 (＠ma1) 03 Mar '25

03 Mar '25

ma1 pushed to branch base-browser-128.8.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 8ada94b2 by Tara at 2025-03-03T10:09:21+01:00 Bug 1908488 - Improve dialogs. r=android-reviewers,gmalekpour, a=dmeehan [bp] Differential Revision: https://phabricator.services.mozilla.com/D236606 - - - - - ed4eb7c6 by John Schanck at 2025-03-03T10:09:22+01:00 Bug 1922357 - disallow the fido: URI scheme. a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D237313 Differential Revision: https://phabricator.services.mozilla.com/D238681 - - - - - f53d7d49 by Jeff Boek at 2025-03-03T10:09:23+01:00 Bug 1928334 - Handles animating activities a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D238342 Differential Revision: https://phabricator.services.mozilla.com/D238845 - - - - - bc8d56ec by Tom Schuster at 2025-03-03T10:09:24+01:00 Bug 1942022 - Improve the about:protections CSP. r=firefox-desktop-core-reviewers ,mossop Differential Revision: https://phabricator.services.mozilla.com/D234507 - - - - - 276610d2 by Tom Schuster at 2025-03-03T10:09:25+01:00 Bug 1942025 - Improve the about:privatebrowsing CSP. r=firefox-desktop-core-reviewers ,Gijs Differential Revision: https://phabricator.services.mozilla.com/D234508 - - - - - 11 changed files: - browser/components/privatebrowsing/content/aboutPrivateBrowsing.html - browser/components/protections/content/protections.html - mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/GeckoEngineSession.kt - mobile/android/android-components/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/GeckoEngineSessionTest.kt - mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/AppLinksUseCases.kt - mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/AppLinksUseCasesTest.kt - mobile/android/android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/PromptFeature.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/customtabs/ExternalAppBrowserActivity.kt - mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java - mobile/android/geckoview/src/test/java/org/mozilla/gecko/util/IntentUtilsTest.java Changes: ===================================== browser/components/privatebrowsing/content/aboutPrivateBrowsing.html ===================================== @@ -10,7 +10,7 @@ <meta charset="utf-8" /> <meta http-equiv="Content-Security-Policy" - content="default-src chrome: blob:; object-src 'none'" + content="default-src chrome:; img-src chrome: blob:; object-src 'none';" /> <meta name="color-scheme" content="light dark" /> <link rel="icon" href="chrome://browser/skin/privatebrowsing/favicon.svg" /> ===================================== browser/components/protections/content/protections.html ===================================== @@ -8,7 +8,7 @@ <meta charset="utf-8" /> <meta http-equiv="Content-Security-Policy" - content="default-src chrome: blob:; object-src 'none'" + content="default-src chrome:; object-src 'none'" /> <meta name="color-scheme" content="light dark" /> <link rel="localization" href="branding/brand.ftl" /> ===================================== mobile/android/android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/GeckoEngineSession.kt ===================================== @@ -1818,7 +1818,7 @@ class GeckoEngineSession( internal const val ABOUT_BLANK = "about:blank" internal const val JS_SCHEME = "javascript" internal val BLOCKED_SCHEMES = - listOf("file", "resource", JS_SCHEME) // See 1684761 and 1684947 + listOf("file", "resource", "fido", JS_SCHEME) // See 1684761 and 1684947 /** * Provides an ErrorType corresponding to the error code provided. ===================================== mobile/android/android-components/components/browser/engine-gecko/src/test/java/mozilla/components/browser/engine/gecko/GeckoEngineSessionTest.kt ===================================== @@ -631,6 +631,11 @@ class GeckoEngineSessionTest { engineSession.loadUrl("RESOURCE://package/test.text") verify(geckoSession, never()).load(GeckoSession.Loader().uri("resource://package/test.text")) verify(geckoSession, never()).load(GeckoSession.Loader().uri("RESOURCE://package/test.text")) + + engineSession.loadUrl("fido:/12345678") + engineSession.loadUrl("FIDO:/12345678") + verify(geckoSession, never()).load(GeckoSession.Loader().uri("fido:/12345678")) + verify(geckoSession, never()).load(GeckoSession.Loader().uri("FIDO:/12345678")) } @Test ===================================== mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/AppLinksUseCases.kt ===================================== @@ -313,6 +313,7 @@ class AppLinksUseCases( "https", "moz-extension", "moz-safe-about", "resource", "view-source", "ws", "wss", "blob", ) - internal val ALWAYS_DENY_SCHEMES: Set<String> = setOf("jar", "file", "javascript", "data", "about", "content") + internal val ALWAYS_DENY_SCHEMES: Set<String> = + setOf("jar", "file", "javascript", "data", "about", "content", "fido") } } ===================================== mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/AppLinksUseCasesTest.kt ===================================== @@ -47,6 +47,7 @@ class AppLinksUseCasesTest { private val javascriptUrl = "javascript:'hello, world'" private val jarUrl = "jar:file://some/path/test.html" private val contentUrl = "content://media/external_primary/downloads/12345" + private val fidoPath = "fido:12345678" private val fileType = "audio/mpeg" private val layerUrl = "https://example.com" private val layerPackage = "com.example.app" @@ -215,6 +216,15 @@ class AppLinksUseCasesTest { assertFalse(redirect.isRedirect()) } + @Test + fun `A fido url is not an app link`() { + val context = createContext(Triple(fidoPath, appPackage, "")) + val subject = AppLinksUseCases(context, { true }) + + val redirect = subject.interceptedAppLinkRedirect(fidoPath) + assertFalse(redirect.isRedirect()) + } + @Test fun `Will not redirect app link if browser option set to false and scheme is supported`() { val context = createContext(Triple(appUrl, appPackage, "")) ===================================== mobile/android/android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/PromptFeature.kt ===================================== @@ -9,6 +9,7 @@ import android.content.Intent import androidx.annotation.VisibleForTesting import androidx.annotation.VisibleForTesting.Companion.PRIVATE import androidx.core.view.isVisible +import androidx.fragment.app.DialogFragment import androidx.fragment.app.Fragment import androidx.fragment.app.FragmentManager import kotlinx.coroutines.CoroutineScope @@ -1094,7 +1095,15 @@ class PromptFeature private constructor( emitPromptDismissedFact(promptName = promptRequest::class.simpleName.ifNullOrEmpty { "" }) } + @VisibleForTesting + internal fun redirectDialogFragmentIsActive() = + (fragmentManager.findFragmentByTag("SHOULD_OPEN_APP_LINK_PROMPT_DIALOG") as? DialogFragment) != null + private fun canShowThisPrompt(promptRequest: PromptRequest): Boolean { + if (redirectDialogFragmentIsActive()) { + return false + } + return when (promptRequest) { is SingleChoice, is MultipleChoice, ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt ===================================== @@ -798,7 +798,7 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity { return false } - final override fun dispatchTouchEvent(ev: MotionEvent?): Boolean { + override fun dispatchTouchEvent(ev: MotionEvent?): Boolean { ProfilerMarkers.addForDispatchTouchEvent(components.core.engine.profiler, ev) return super.dispatchTouchEvent(ev) } ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/customtabs/ExternalAppBrowserActivity.kt ===================================== @@ -7,6 +7,7 @@ package org.mozilla.fenix.customtabs import android.app.assist.AssistContent import android.net.Uri import android.os.Build +import android.view.MotionEvent import androidx.annotation.RequiresApi import androidx.annotation.VisibleForTesting import mozilla.components.browser.state.selector.findCustomTab @@ -24,6 +25,8 @@ const val EXTRA_IS_SANDBOX_CUSTOM_TAB = "org.mozilla.fenix.customtabs.EXTRA_IS_S */ @Suppress("TooManyFunctions") open class ExternalAppBrowserActivity : HomeActivity() { + var isFinishedAnimating = false + override fun onResume() { super.onResume() @@ -74,4 +77,17 @@ open class ExternalAppBrowserActivity : HomeActivity() { val currentTabUrl = getExternalTab()?.content?.url outContent?.webUri = currentTabUrl?.let { Uri.parse(it) } } + + override fun dispatchTouchEvent(ev: MotionEvent?): Boolean { + if (!isFinishedAnimating) { + return true + } + + return super.dispatchTouchEvent(ev) + } + + override fun onEnterAnimationComplete() { + super.onEnterAnimationComplete() + isFinishedAnimating = true + } } ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java ===================================== @@ -76,6 +76,10 @@ public class IntentUtils { return getSafeIntent(aUri) != null; } + if ("fido".equals(scheme)) { + return false; + } + return true; } ===================================== mobile/android/geckoview/src/test/java/org/mozilla/gecko/util/IntentUtilsTest.java ===================================== @@ -63,4 +63,10 @@ public class IntentUtilsTest { final String uri = "intent:non_scheme_intent#Intent;end"; assertTrue(IntentUtils.isUriSafeForScheme(uri)); } + + @Test + public void unsafeFidoUri() { + final String uri = "fido:/12345678"; + assertFalse(IntentUtils.isUriSafeForScheme(uri)); + } } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/10ea66… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/10ea66… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.21.0esr-13.5-1-build2
by ma1 (＠ma1) 03 Mar '25

03 Mar '25

ma1 pushed new tag tor-browser-115.21.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.21.0esr-13.5-1] 5 commits: Bug 1866661 - Tests, a=dmeehan
by ma1 (＠ma1) 03 Mar '25

03 Mar '25

ma1 pushed to branch tor-browser-115.21.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: dc7ca927 by Emma Zuehlcke at 2025-03-02T22:59:10+01:00 Bug 1866661 - Tests, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D237737 - - - - - 5f732399 by Rob Wu at 2025-03-02T23:50:30+01:00 Bug 1939087 - Truncate long name and log warning a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D233025 Differential Revision: https://phabricator.services.mozilla.com/D236900 - - - - - 4642da84 by Tom Schuster at 2025-03-02T23:55:34+01:00 Bug 1942022 - Improve the about:protections CSP. r=firefox-desktop-core-reviewers ,mossop Differential Revision: https://phabricator.services.mozilla.com/D234507 - - - - - 5d037355 by Tom Schuster at 2025-03-03T00:00:34+01:00 Bug 1942025 - Improve the about:privatebrowsing CSP. r=firefox-desktop-core-reviewers ,Gijs Differential Revision: https://phabricator.services.mozilla.com/D234508 - - - - - 6b0945a7 by Nazım Can Altınova at 2025-03-03T00:11:34+01:00 Bug 1943912 - Do not reset the chunk manager while shutdown a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D235642 Differential Revision: https://phabricator.services.mozilla.com/D237219 - - - - - 10 changed files: - browser/components/privatebrowsing/content/aboutPrivateBrowsing.html - browser/components/protections/content/protections.html - browser/components/protocolhandler/test/browser/browser_registerProtocolHandler_notification.js - toolkit/components/extensions/Extension.sys.mjs - toolkit/components/extensions/schemas/manifest.json - toolkit/components/extensions/test/xpcshell/test_ext_manifest.js - toolkit/mozapps/extensions/internal/XPIInstall.jsm - toolkit/mozapps/extensions/test/xpcshell/test_locale.js - tools/profiler/gecko/ProfilerChild.cpp - tools/profiler/public/ProfilerChild.h Changes: ===================================== browser/components/privatebrowsing/content/aboutPrivateBrowsing.html ===================================== @@ -10,7 +10,7 @@ <meta charset="utf-8" /> <meta http-equiv="Content-Security-Policy" - content="default-src chrome: blob:; object-src 'none'" + content="default-src chrome:; img-src chrome: blob:; object-src 'none';" /> <meta name="color-scheme" content="light dark" /> <link rel="icon" href="chrome://browser/skin/privatebrowsing/favicon.svg" /> ===================================== browser/components/protections/content/protections.html ===================================== @@ -8,7 +8,7 @@ <meta charset="utf-8" /> <meta http-equiv="Content-Security-Policy" - content="default-src chrome: blob:; object-src 'none'" + content="default-src chrome:; object-src 'none'" /> <meta name="color-scheme" content="light dark" /> <link rel="localization" href="branding/brand.ftl" /> ===================================== browser/components/protocolhandler/test/browser/browser_registerProtocolHandler_notification.js ===================================== @@ -6,7 +6,16 @@ const TEST_PATH = getRootDirectory(gTestPath).replace( "chrome://mochitests/content", "https://example.com" ); + +const SECURITY_DELAY = 3000; + add_task(async function () { + // Set a custom, higher security delay for the test to avoid races on slow + // builds. + await SpecialPowers.pushPrefEnv({ + set: [["security.notification_enable_delay", SECURITY_DELAY]], + }); + let notificationValue = "Protocol Registration: web+testprotocol"; let testURI = TEST_PATH + "browser_registerProtocolHandler_notification.html"; @@ -58,4 +67,16 @@ add_task(async function () { let button = buttons[0]; isnot(button.label, null, "We expect the add button to have a label."); todo(button.accesskey, "We expect the add button to have a accesskey."); + + ok(button.disabled, "We expect the button to be disabled initially."); + + let timeoutMS = SECURITY_DELAY + 100; + info(`Wait ${timeoutMS}ms for the button to enable.`); + // eslint-disable-next-line mozilla/no-arbitrary-setTimeout + await new Promise(resolve => setTimeout(resolve, SECURITY_DELAY + 100)); + + ok( + !button.disabled, + "We expect the button to be enabled after the security delay." + ); }); ===================================== toolkit/components/extensions/Extension.sys.mjs ===================================== @@ -1367,6 +1367,17 @@ export class ExtensionData { ); } + // AMO enforces a maximum length of 45 on the name since at least 2017, via + // https://github.com/mozilla/addons-linter/blame/c4507688899aaafe29c522f1b1ae… + // added in https://github.com/mozilla/addons-linter/pull/1169 + // To avoid breaking add-ons that do not go through AMO (e.g. temporarily + // loaded extensions), we enforce the limit by truncating and warning if + // needed, instead enforcing a maxLength on "name" in schemas/manifest.json. + // + // We set the limit to 75, which is a safe limit that matches the CWS, + // see https://bugzilla.mozilla.org/show_bug.cgi?id=1939087#c5 + static EXT_NAME_MAX_LEN = 75; + async initializeAddonTypeAndID() { if (this.type) { // Already initialized. @@ -1486,6 +1497,14 @@ export class ExtensionData { } } + if (manifest.name.length > ExtensionData.EXT_NAME_MAX_LEN) { + // Truncate and warn - see comment in EXT_NAME_MAX_LEN. + manifest.name = manifest.name.slice(0, ExtensionData.EXT_NAME_MAX_LEN); + this.manifestWarning( + `Warning processing "name": must be shorter than ${ExtensionData.EXT_NAME_MAX_LEN}` + ); + } + if ( this.manifestVersion < 3 && manifest.background && ===================================== toolkit/components/extensions/schemas/manifest.json ===================================== @@ -29,6 +29,7 @@ "name": { "type": "string", + "description": "Name must be at least 2, at should be at most 75 characters", "optional": false, "preprocess": "localize" }, ===================================== toolkit/components/extensions/test/xpcshell/test_ext_manifest.js ===================================== @@ -156,6 +156,28 @@ add_task( } ); +add_task(async function test_name_too_long() { + let extension = ExtensionTestUtils.loadExtension({ + manifest: { + // This length is 80, which exceeds ExtensionData.EXT_NAME_MAX_LEN: + name: "123456789_".repeat(8), + }, + }); + await extension.startup(); + equal( + extension.extension.name, + "123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345", + "Name should be truncated" + ); + Assert.deepEqual( + extension.extension.warnings, + ['Reading manifest: Warning processing "name": must be shorter than 75'], + "Expected error message when the name is too long" + ); + + await extension.unload(); +}); + add_task(async function test_simpler_version_format() { const TEST_CASES = [ // Valid cases ===================================== toolkit/mozapps/extensions/internal/XPIInstall.jsm ===================================== @@ -560,6 +560,11 @@ async function loadManifestFromWebManifest(aPackage, aLocation) { contributors: null, locales: [aLocale], }; + if (result.name.length > lazy.ExtensionData.EXT_NAME_MAX_LEN) { + // See comment at EXT_NAME_MAX_LEN in Extension.sys.mjs. + logger.warn(`Truncating add-on name ${addon.id} for locale ${aLocale}`); + result.name = result.name.slice(0, lazy.ExtensionData.EXT_NAME_MAX_LEN); + } return result; } ===================================== toolkit/mozapps/extensions/test/xpcshell/test_locale.js ===================================== @@ -51,6 +51,13 @@ add_task(async function test_1() { description: "name", }, }, + "_locales/es-ES/messages.json": { + name: { + // This length is 80, which exceeds ExtensionData.EXT_NAME_MAX_LEN: + message: "123456789_".repeat(8), + description: "name with 80 chars, should truncate to 75", + }, + }, }, }); @@ -101,3 +108,18 @@ add_task(async function test_6() { await addon.enable(); }); + +add_task(async function test_name_too_long() { + await restartWithLocales(["es-ES"]); + + let addon = await AddonManager.getAddonByID("addon1(a)tests.mozilla.org"); + Assert.notEqual(addon, null); + + Assert.equal( + addon.name, + "123456789_123456789_123456789_123456789_123456789_123456789_123456789_12345", + "Name should be truncated" + ); + + await addon.enable(); +}); ===================================== tools/profiler/gecko/ProfilerChild.cpp ===================================== @@ -139,6 +139,12 @@ void ProfilerChild::SetupChunkManager() { }); } +/* static */ void ProfilerChild::ClearPendingUpdate() { + auto lockedUpdate = sPendingChunkManagerUpdate.Lock(); + lockedUpdate->mProfilerChild = nullptr; + lockedUpdate->mUpdate.Clear(); +} + void ProfilerChild::ResetChunkManager() { if (!mChunkManager) { return; @@ -149,9 +155,7 @@ void ProfilerChild::ResetChunkManager() { mChunkManager->SetUpdateCallback({}); // Clear the pending update. - auto lockedUpdate = sPendingChunkManagerUpdate.Lock(); - lockedUpdate->mProfilerChild = nullptr; - lockedUpdate->mUpdate.Clear(); + ClearPendingUpdate(); // And process a final update right now. ProcessChunkManagerUpdate( ProfileBufferControlledChunkManager::Update(nullptr)); @@ -483,7 +487,7 @@ void ProfilerChild::ActorDestroy(ActorDestroyReason aActorDestroyReason) { } void ProfilerChild::Destroy() { - ResetChunkManager(); + ClearPendingUpdate(); if (!mDestroyed) { Close(); } ===================================== tools/profiler/public/ProfilerChild.h ===================================== @@ -81,6 +81,8 @@ class ProfilerChild final : public PProfilerChild, void ProcessChunkManagerUpdate( ProfileBufferControlledChunkManager::Update&& aUpdate); + static void ClearPendingUpdate(); + static void GatherProfileThreadFunction(void* already_AddRefedParameters); nsCOMPtr<nsIThread> mThread; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/48d984… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/48d984… You're receiving this email because of your account on gitlab.torproject.org.

1 0