- tbb-commits - lists.torproject.org

[tor-browser-build/master] Bug 29143: fix build of obfs4 in nightly builds
by gk＠torproject.org 24 Jan '19

24 Jan '19

commit f27f11201d86b8bb909bad8b4c04f841b5487ddb Author: Nicolas Vigier <boklm(a)torproject.org> Date: Tue Jan 22 13:31:23 2019 +0100 Bug 29143: fix build of obfs4 in nightly builds --- projects/goptlib/config | 5 +++++ projects/goutls/config | 21 +++++++++++++++++++++ projects/goxcrypto/config | 8 +++++++- projects/goxsys/config | 19 +++++++++++++++++++ projects/goxtext/config | 18 ++++++++++++++++++ projects/obfs4/build | 4 ++++ projects/obfs4/config | 6 ++++++ projects/siphash/config | 2 +- 8 files changed, 81 insertions(+), 2 deletions(-) diff --git a/projects/goptlib/config b/projects/goptlib/config index c083763..2fd51f8 100644 --- a/projects/goptlib/config +++ b/projects/goptlib/config @@ -13,6 +13,11 @@ var: use_container: 1 go_lib: git.torproject.org/pluggable-transports/goptlib.git +targets: + nightly: + version: master + tag_gpg_id: 0 + input_files: - project: container-image - name: go diff --git a/projects/goutls/config b/projects/goutls/config new file mode 100644 index 0000000..bdd5273 --- /dev/null +++ b/projects/goutls/config @@ -0,0 +1,21 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://github.com/refraction-networking/utls +git_hash: a89e7e6da482a5a0db02578fc606ace9ccfbea62 +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' + +build: '[% c("projects/go/var/build_go_lib") %]' + +var: + container: + use_container: 1 + go_lib: github.com/refraction-networking/utls + go_lib_deps: + - goxcrypto + +input_files: + - project: container-image + - name: go + project: go + - name: goxcrypto + project: goxcrypto diff --git a/projects/goxcrypto/config b/projects/goxcrypto/config index b51b578..fe73f93 100644 --- a/projects/goxcrypto/config +++ b/projects/goxcrypto/config @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 version: '[% c("abbrev") %]' git_url: https://go.googlesource.com/crypto -git_hash: 4ed45ec682102c643324fae5dff8dab085b6c300 +git_hash: ff983b9c42bc9fbf91556e191cc8efb585c16908 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' build: '[% c("projects/go/var/build_go_lib") %]' @@ -11,9 +11,13 @@ var: use_container: 1 go_lib: golang.org/x/crypto go_lib_install: + - golang.org/x/crypto/chacha20poly1305 + - golang.org/x/crypto/cryptobyte - golang.org/x/crypto/curve25519 - golang.org/x/crypto/hkdf - golang.org/x/crypto/nacl/secretbox + go_lib_deps: + - goxsys targets: nightly: @@ -23,3 +27,5 @@ input_files: - project: container-image - name: go project: go + - name: goxsys + project: goxsys diff --git a/projects/goxsys/config b/projects/goxsys/config new file mode 100644 index 0000000..64a7213 --- /dev/null +++ b/projects/goxsys/config @@ -0,0 +1,19 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://github.com/golang/sys +git_hash: 11f53e03133963fb11ae0588e08b5e0b85be8be5 +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' + +build: '[% c("projects/go/var/build_go_lib") %]' + +var: + container: + use_container: 1 + go_lib: golang.org/x/sys + go_lib_install: + - golang.org/x/sys/cpu + +input_files: + - project: container-image + - name: go + project: go diff --git a/projects/goxtext/config b/projects/goxtext/config new file mode 100644 index 0000000..fba619f --- /dev/null +++ b/projects/goxtext/config @@ -0,0 +1,18 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://github.com/golang/text +# v0.3.0 +git_hash: f21a4dfb5e38f5895301dc265a8def02365cc3d0 +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' + +build: '[% c("projects/go/var/build_go_lib") %]' + +var: + container: + use_container: 1 + go_lib: golang.org/x/text + +input_files: + - project: container-image + - name: go + project: go diff --git a/projects/obfs4/build b/projects/obfs4/build index 4e42b23..dedd1ef 100644 --- a/projects/obfs4/build +++ b/projects/obfs4/build @@ -11,6 +11,10 @@ tar -C /var/tmp/dist -xf [% c('input_files_by_name/siphash') %] tar -C /var/tmp/dist -xf [% c('input_files_by_name/uniuri') %] tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxcrypto') %] tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxnet') %] +[% IF c("var/nightly") -%] + tar -C /var/tmp/dist -xf [% c('input_files_by_name/goutls') %] + tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxtext') %] +[% END -%] mkdir -p /var/tmp/build tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz diff --git a/projects/obfs4/config b/projects/obfs4/config index 2bae851..2c94f10 100644 --- a/projects/obfs4/config +++ b/projects/obfs4/config @@ -32,3 +32,9 @@ input_files: project: goxcrypto - name: goxnet project: goxnet + - name: goutls + project: goutls + enable: '[% c("var/nightly") %]' + - name: goxtext + project: goxtext + enable: '[% c("var/nightly") %]' diff --git a/projects/siphash/config b/projects/siphash/config index b2cb2a9..7e40bc7 100644 --- a/projects/siphash/config +++ b/projects/siphash/config @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 version: '[% c("abbrev") %]' git_url: https://github.com/dchest/siphash.git -git_hash: 42ba037e748c9062a75e0924705c43b893edefcd +git_hash: 34f201214d993633bb24f418ba11736ab8b55aa7 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' build: '[% c("projects/go/var/build_go_lib") %]'

1 0

[tor-browser/tor-browser-60.4.0esr-8.5-1] Bug 1450449 - Part 1: Add FileProvider. r=jchen
by gk＠torproject.org 24 Jan '19

24 Jan '19

commit e80f96596129a94a39caa8e525affa892077d3b0 Author: Jan Henning <jh+bugzilla(a)buttercookie.de> Date: Sat May 12 22:19:08 2018 +0200 Bug 1450449 - Part 1: Add FileProvider. r=jchen In case we change our thinking on launching of downloaded files and start using content:// URIs for that case as well, we already allow our FileProvider to generate URIs for the whole file system using <root-path>. This is because users can in principle move our download directory to an arbitrary location on the file system as long as it is accessible to Firefox. However not all of these locations (e.g. on a removable SD card) can be specified through the other methods of specifying available files for a FileProvider, so only the <root- path> option remains. MozReview-Commit-ID: 2UStBlU4JsG --HG-- extra : rebase_source : 2c1828e063c1b3e772ac20c415fd34d0da1c24a6 --- mobile/android/app/src/main/res/xml/provider_paths.xml | 10 ++++++++++ mobile/android/base/AndroidManifest.xml.in | 10 ++++++++++ mobile/android/base/AppConstants.java.in | 1 + 3 files changed, 21 insertions(+) diff --git a/mobile/android/app/src/main/res/xml/provider_paths.xml b/mobile/android/app/src/main/res/xml/provider_paths.xml new file mode 100644 index 000000000000..8bdaaac58a1c --- /dev/null +++ b/mobile/android/app/src/main/res/xml/provider_paths.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="utf-8"?> + + +<paths xmlns:android="http://schemas.android.com/apk/res/android"> + <root-path + name="root" + path="." /> +</paths> diff --git a/mobile/android/base/AndroidManifest.xml.in b/mobile/android/base/AndroidManifest.xml.in index 0e5f4edaf814..c7c5ead7f82f 100644 --- a/mobile/android/base/AndroidManifest.xml.in +++ b/mobile/android/base/AndroidManifest.xml.in @@ -383,6 +383,16 @@ android:authorities="@ANDROID_PACKAGE_NAME@.db.searchhistory" android:exported="false"/> + <provider android:name="android.support.v4.content.FileProvider" + tools:replace="android:authorities" + android:authorities="@ANDROID_PACKAGE_NAME@.fileprovider" + android:exported="false" + android:grantUriPermissions="true"> + <meta-data android:name="android.support.FILE_PROVIDER_PATHS" + tools:replace="android:resource" + android:resource="@xml/provider_paths" /> + </provider> + <service android:exported="false" android:name="org.mozilla.gecko.updater.UpdateService" diff --git a/mobile/android/base/AppConstants.java.in b/mobile/android/base/AppConstants.java.in index d676b1e1da12..e16d936b6b0d 100644 --- a/mobile/android/base/AppConstants.java.in +++ b/mobile/android/base/AppConstants.java.in @@ -25,6 +25,7 @@ public class AppConstants { public static final String MANGLED_ANDROID_PACKAGE_NAME = "@MANGLED_ANDROID_PACKAGE_NAME@"; public static final String MOZ_ANDROID_SHARED_FXACCOUNT_TYPE = "@ANDROID_PACKAGE_NAME@_fxaccount"; + public static final String MOZ_FILE_PROVIDER_AUTHORITY = "@ANDROID_PACKAGE_NAME@.fileprovider"; /** * Encapsulates access to compile-time version definitions, allowing

1 0

[tor-browser/tor-browser-60.4.0esr-8.5-1] Bug 1450449 - Part 3: Starting from Nougat, share images via content:// URIs. r=jchen
by gk＠torproject.org 24 Jan '19

24 Jan '19

commit d00611cec519373705b83ed2ac89e1db58532fa2 Author: Jan Henning <jh+bugzilla(a)buttercookie.de> Date: Sat May 12 23:17:38 2018 +0200 Bug 1450449 - Part 3: Starting from Nougat, share images via content:// URIs. r=jchen For sharing images we download the image to a temporary file in our internal storage area. This is a perfect use case for granting temporary access to the file only via a content:// URI instead of directly exposing the real file system path. Since support for content:// URIs by arbitrary other apps might be patchy on older Android versions, though, we only start doing this from Nougat onwards. MozReview-Commit-ID: E2I1t8dZzKj --HG-- extra : rebase_source : 84449c39aed622a995e7e009b8e33d21ff02db23 --- .../org/mozilla/gecko/widget/GeckoActionProvider.java | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/mobile/android/base/java/org/mozilla/gecko/widget/GeckoActionProvider.java b/mobile/android/base/java/org/mozilla/gecko/widget/GeckoActionProvider.java index 056a799f1caa..79854e2931bc 100644 --- a/mobile/android/base/java/org/mozilla/gecko/widget/GeckoActionProvider.java +++ b/mobile/android/base/java/org/mozilla/gecko/widget/GeckoActionProvider.java @@ -8,9 +8,11 @@ package org.mozilla.gecko.widget; import android.app.Activity; import android.net.Uri; import android.support.design.widget.Snackbar; +import android.support.v4.content.FileProvider; import android.util.Base64; import android.view.Menu; +import org.mozilla.gecko.AppConstants; import org.mozilla.gecko.GeckoApp; import org.mozilla.gecko.R; import org.mozilla.gecko.SnackbarBuilder; @@ -328,7 +330,7 @@ public class GeckoActionProvider { os.write(buf); // Only alter the intent when we're sure everything has worked - intent.putExtra(Intent.EXTRA_STREAM, Uri.fromFile(imageFile)); + addFileExtra(intent, imageFile); } else { InputStream is = null; try { @@ -346,7 +348,7 @@ public class GeckoActionProvider { } // Only alter the intent when we're sure everything has worked - intent.putExtra(Intent.EXTRA_STREAM, Uri.fromFile(imageFile)); + addFileExtra(intent, imageFile); } finally { IOUtils.safeStreamClose(is); } @@ -357,4 +359,15 @@ public class GeckoActionProvider { IOUtils.safeStreamClose(os); } } + + private void addFileExtra(final Intent intent, final File file) { + if (AppConstants.Versions.preN) { + intent.putExtra(Intent.EXTRA_STREAM, Uri.fromFile(file)); + } else { + Uri contentUri = FileProvider.getUriForFile(mContext, + AppConstants.MOZ_FILE_PROVIDER_AUTHORITY, file); + intent.putExtra(Intent.EXTRA_STREAM, contentUri); + intent.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); + } + } }

1 0

[tor-browser/tor-browser-60.4.0esr-8.5-1] Bug 1450449 - Part 2: Use content:// URI for capturing images from FilePicker. r=jchen
by gk＠torproject.org 24 Jan '19

24 Jan '19

commit f74197a8e82b67b0351e91e134138f91ae0173d4 Author: Jan Henning <jh+bugzilla(a)buttercookie.de> Date: Sat May 12 23:02:19 2018 +0200 Bug 1450449 - Part 2: Use content:// URI for capturing images from FilePicker. r=jchen Since it is only us and the camera app who have to deal with the content:// URI, it should be safe enough to use content:// URIs on all supported versions. MozReview-Commit-ID: JMIhBRlCiA4 --HG-- extra : rebase_source : 7a19ea138459f4a153a931db1500a0b2cb0649da --- .../base/java/org/mozilla/gecko/FilePicker.java | 4 ++-- .../base/java/org/mozilla/gecko/IntentHelper.java | 19 ++++++++++++++++--- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/mobile/android/base/java/org/mozilla/gecko/FilePicker.java b/mobile/android/base/java/org/mozilla/gecko/FilePicker.java index 91fcaa16d130..c9ea347e6c88 100644 --- a/mobile/android/base/java/org/mozilla/gecko/FilePicker.java +++ b/mobile/android/base/java/org/mozilla/gecko/FilePicker.java @@ -176,7 +176,7 @@ public class FilePicker implements BundleEventListener { if (mimeType.equals("image/*") && hasPermissionsForMimeType(mimeType, availPermissions)) { // We also add a capture intent - Intent intent = IntentHelper.getImageCaptureIntent( + Intent intent = IntentHelper.getImageCaptureIntent(context, new File(Environment.getExternalStorageDirectory(), fileHandler.generateImageName())); addActivities(intent, intents, baseIntents); @@ -201,7 +201,7 @@ public class FilePicker implements BundleEventListener { addActivities(intent, intents, baseIntents); } if (hasPermissionsForMimeType("image/*", availPermissions)) { - intent = IntentHelper.getImageCaptureIntent( + intent = IntentHelper.getImageCaptureIntent(context, new File(Environment.getExternalStorageDirectory(), fileHandler.generateImageName())); addActivities(intent, intents, baseIntents); diff --git a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java index 9f6422263bbe..f2810a92af51 100644 --- a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java +++ b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java @@ -19,6 +19,7 @@ import org.mozilla.gecko.widget.ExternalIntentDuringPrivateBrowsingPromptFragmen import android.annotation.TargetApi; import android.app.Activity; +import android.content.ClipData; import android.content.Context; import android.content.Intent; import android.content.pm.PackageManager; @@ -29,6 +30,7 @@ import android.provider.Browser; import android.provider.MediaStore; import android.support.annotation.Nullable; import android.support.v4.app.FragmentActivity; +import android.support.v4.content.FileProvider; import android.text.TextUtils; import android.util.Log; import android.webkit.MimeTypeMap; @@ -243,10 +245,21 @@ public final class IntentHelper implements BundleEventListener { return new Intent(MediaStore.Audio.Media.RECORD_SOUND_ACTION); } - public static Intent getImageCaptureIntent(final File destinationFile) { + public static Intent getImageCaptureIntent(final Context context, final File destinationFile) { final Intent intent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); - intent.putExtra(MediaStore.EXTRA_OUTPUT, - Uri.fromFile(destinationFile)); + Uri destination = FileProvider.getUriForFile(context, + AppConstants.MOZ_FILE_PROVIDER_AUTHORITY, destinationFile); + intent.putExtra(MediaStore.EXTRA_OUTPUT, destination); + + if (AppConstants.Versions.preLollipop) { + // As per https://github.com/commonsguy/cw-omnibus/blob/master/Camera/FileProvider/ + // app/src/main/java/com/commonsware/android/camcon/MainActivity.java - at least we + // don't have to support anything below Jelly Bean. + ClipData clip = + ClipData.newUri(context.getContentResolver(), null, destination); + intent.setClipData(clip); + } + intent.addFlags(Intent.FLAG_GRANT_WRITE_URI_PERMISSION); return intent; }

1 0

[tor-browser/tor-browser-60.4.0esr-8.5-1] Bug 1450449 - Part 5: Disable file:// URI checks for downloaded files and launching files from Gecko. r=jchen
by gk＠torproject.org 24 Jan '19

24 Jan '19

commit ad9b3c0d704dceab75c2b3f6246740c78d8f7c04 Author: Jan Henning <jh+bugzilla(a)buttercookie.de> Date: Sun May 13 00:07:48 2018 +0200 Bug 1450449 - Part 5: Disable file:// URI checks for downloaded files and launching files from Gecko. r=jchen This is a case where I disagree with Google's stance about content:// URIs. They're perfect for granting access to files that might not even be present on the file system, e.g. virtual files generated on the spot or retrieved from some database, a cloud storage provider's app granting access to files stored in the cloud, etc., as well as for being able to selectively grant access to files conceptually "owned" by a certain app, especially files within the app's private internal storage. However when considering files that don't actually "belong" to any specific app in particular and that are already being stored in a publicly accessible (modulo the READ_EXTERNAL_STORAGE permission, respectively the user granting access through the Storage Access Framework) directory somewhere within the external storage, they also have a number of drawbacks: - While in practice a number of FileProviders will "leak" the true file system path through the content:// URI they generate, the problem remains that there's no way to know for sure whether two content:// URIs received from different apps are in fact referring to the same file or not. In case of our downloads for example, content:// URIs all referring to the same file could in principle be generated * by Firefox itself * by the system Downloads app * by the system file browser app * by any other third-party file browser or similar app that the user might have installed which e.g. will needlessly clutter up any LRU lists other apps might keep. - content:// URIs obviously depend on the generating app still being installed. So even if we fixed bug 1280184, so that uninstalling Firefox would no longer remove the user's downloads, all content:// URIs generated by Firefox re- ferring to those files would become invalid anyway. - Even if the actual file is already sitting in a public directory, when accessing it through the content:// URI the receiving app still needs to explicitly persist the permissions granted for that URI, and there are some signs that you can only persist permissions for a limited number of files. For file:// URIs on the other hand the only limitation on the number of file:// URIS you can remember is the available storage space for storing those URIs, i.e. for practical purposes more or less unlimited. - content:// URIs only grant access to a specific file. If we (or possibly an add-on) started implementing saving of websites as on desktop (i.e. HTML + associated support files instead of a PDF "copy"), then receiving apps couldn't properly open those additional support files (images, style sheets, etc.) when getting a content:// URI to the main HTML file (see https://issuetracker.google.com/issues/77406791) Since we do store downloads in the public Downloads folder on the external storage by default and I believe that conceptually, those files belong to the user and not Firefox specifically, I propose to continue launching downloaded files directly through their file:// URI. To that end, we temporarily disable the corresponding StrictMode restrictions when required and restore them afterwards. MozReview-Commit-ID: LuIYIA5FSGf --HG-- extra : rebase_source : a690b3097fdb03591f25f05a944c9ca3c05ddd04 --- .../org/mozilla/gecko/notifications/NotificationHelper.java | 7 +++++++ .../src/main/java/org/mozilla/gecko/GeckoAppShell.java | 10 +++++++++- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/mobile/android/base/java/org/mozilla/gecko/notifications/NotificationHelper.java b/mobile/android/base/java/org/mozilla/gecko/notifications/NotificationHelper.java index 35366609da49..713e9f9d4b3c 100644 --- a/mobile/android/base/java/org/mozilla/gecko/notifications/NotificationHelper.java +++ b/mobile/android/base/java/org/mozilla/gecko/notifications/NotificationHelper.java @@ -32,6 +32,7 @@ import android.content.pm.PackageManager; import android.content.pm.ResolveInfo; import android.graphics.Bitmap; import android.net.Uri; +import android.os.StrictMode; import android.support.v4.util.SimpleArrayMap; import android.util.Log; @@ -295,8 +296,14 @@ public final class NotificationHelper implements BundleEventListener { // scheme to prevent Fennec from popping up. final Intent viewFileIntent = createIntentIfDownloadCompleted(message); if (builder != null && viewFileIntent != null && mContext != null) { + // Bug 1450449 - Downloaded files already are already in a public directory and aren't + // really owned exclusively by Firefox, so there's no real benefit to using + // content:// URIs here. + StrictMode.VmPolicy prevPolicy = StrictMode.getVmPolicy(); + StrictMode.setVmPolicy(StrictMode.VmPolicy.LAX); final PendingIntent pIntent = PendingIntent.getActivity( mContext, 0, viewFileIntent, PendingIntent.FLAG_UPDATE_CURRENT); + StrictMode.setVmPolicy(prevPolicy); builder.setAutoCancel(true); builder.setContentIntent(pIntent); diff --git a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java index 34ba3315f295..3d21d7bb2f56 100644 --- a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java +++ b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/GeckoAppShell.java @@ -86,6 +86,7 @@ import android.os.Environment; import android.os.Looper; import android.os.ParcelFileDescriptor; import android.os.PowerManager; +import android.os.StrictMode; import android.os.SystemClock; import android.os.Vibrator; import android.provider.Settings; @@ -956,7 +957,14 @@ public class GeckoAppShell if (geckoInterface == null) { return false; } - return geckoInterface.openUriExternal(targetURI, mimeType, packageName, className, action, title); + // Bug 1450449 - Downloaded files already are already in a public directory and aren't + // really owned exclusively by Firefox, so there's no real benefit to using + // content:// URIs here. + StrictMode.VmPolicy prevPolicy = StrictMode.getVmPolicy(); + StrictMode.setVmPolicy(StrictMode.VmPolicy.LAX); + boolean success = geckoInterface.openUriExternal(targetURI, mimeType, packageName, className, action, title); + StrictMode.setVmPolicy(prevPolicy); + return success; } @WrapForJNI(dispatchTo = "gecko")

1 0

[tor-browser/tor-browser-60.4.0esr-8.5-1] Bug 1450449 - Part 4: Starting from Nougat, install updates via content:// URIs. r=jchen
by gk＠torproject.org 24 Jan '19

24 Jan '19

commit 3b926685447ea2056e73d9b3396ea8d5cbdd349f Author: Jan Henning <jh+bugzilla(a)buttercookie.de> Date: Sat May 12 23:34:25 2018 +0200 Bug 1450449 - Part 4: Starting from Nougat, install updates via content:// URIs. r=jchen We download the update APK into the public downloads directory and normally the only relevant app consuming that URI should be the system package installer, but just to be safe we only switch usage from Nougat onward, too. MozReview-Commit-ID: GtoXMJ7NdJ3 --HG-- extra : rebase_source : 1e85f8352b7a59cb3cd2fd3034a0103c8705ff09 --- .../base/java/org/mozilla/gecko/updater/UpdateService.java | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/mobile/android/base/java/org/mozilla/gecko/updater/UpdateService.java b/mobile/android/base/java/org/mozilla/gecko/updater/UpdateService.java index 71e1097711d9..d5093efca6d6 100644 --- a/mobile/android/base/java/org/mozilla/gecko/updater/UpdateService.java +++ b/mobile/android/base/java/org/mozilla/gecko/updater/UpdateService.java @@ -36,6 +36,7 @@ import android.os.Environment; import android.provider.Settings; import android.support.v4.app.NotificationManagerCompat; import android.support.v4.content.ContextCompat; +import android.support.v4.content.FileProvider; import android.support.v4.net.ConnectivityManagerCompat; import android.support.v4.app.NotificationCompat; import android.support.v4.app.NotificationCompat.Builder; @@ -707,8 +708,15 @@ public class UpdateService extends IntentService { } Intent intent = new Intent(Intent.ACTION_VIEW); - intent.setDataAndType(Uri.fromFile(updateFile), "application/vnd.android.package-archive"); - intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + if (AppConstants.Versions.preN) { + intent.setDataAndType(Uri.fromFile(updateFile), "application/vnd.android.package-archive"); + } else { + Uri apkUri = FileProvider.getUriForFile(this, + AppConstants.MOZ_FILE_PROVIDER_AUTHORITY, updateFile); + intent.setDataAndType(apkUri, "application/vnd.android.package-archive"); + intent.addFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); + } + intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); startActivity(intent); }

1 0

[tor-browser/tor-browser-60.4.0esr-8.5-1] Bug 1484472 - Avoid FileUriExposedException in ExternalIntentDuringPrivateBrowsingPromptFragment. r=jchen
by gk＠torproject.org 24 Jan '19

24 Jan '19

commit 17314deba4ef021723dbb67d3e31af33790a5147 Author: Jan Henning <jh+bugzilla(a)buttercookie.de> Date: Wed Aug 22 16:50:04 2018 +0000 Bug 1484472 - Avoid FileUriExposedException in ExternalIntentDuringPrivateBrowsingPromptFragment. r=jchen The fragment is also used to handle intents launched through GeckoAppShell. openUriExternal(), such as e.g. when launching downloaded files from about:downloads. The synchronous code path when not in private browsing is already covered by the code added in bug 1450449, but the async path through the fragment when in private browsing needs to be handled separately. Differential Revision: https://phabricator.services.mozilla.com/D3916 --HG-- extra : moz-landing-system : lando --- .../ExternalIntentDuringPrivateBrowsingPromptFragment.java | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/mobile/android/base/java/org/mozilla/gecko/widget/ExternalIntentDuringPrivateBrowsingPromptFragment.java b/mobile/android/base/java/org/mozilla/gecko/widget/ExternalIntentDuringPrivateBrowsingPromptFragment.java index b4d1e13d9698..6dd8ae92c854 100644 --- a/mobile/android/base/java/org/mozilla/gecko/widget/ExternalIntentDuringPrivateBrowsingPromptFragment.java +++ b/mobile/android/base/java/org/mozilla/gecko/widget/ExternalIntentDuringPrivateBrowsingPromptFragment.java @@ -17,6 +17,7 @@ import android.content.Intent; import android.content.pm.PackageManager; import android.content.pm.ResolveInfo; import android.os.Bundle; +import android.os.StrictMode; import android.support.v4.app.DialogFragment; import android.support.v4.app.FragmentManager; import android.support.v7.app.AlertDialog; @@ -25,9 +26,9 @@ import android.util.Log; import java.util.List; /** - * A DialogFragment to contain a dialog that appears when the user clicks an Intent:// URI during private browsing. The - * dialog appears to notify the user that a clicked link will open in an external application, potentially leaking their - * browsing history. + * A DialogFragment to contain a dialog that appears when the user clicks an Intent:// URI or + * launches a file during private browsing. The dialog appears to notify the user that a clicked + * link will open in an external application, potentially leaking their browsing history. */ public class ExternalIntentDuringPrivateBrowsingPromptFragment extends DialogFragment { private static final String LOGTAG = ExternalIntentDuringPrivateBrowsingPromptFragment.class.getSimpleName(); @@ -50,7 +51,13 @@ public class ExternalIntentDuringPrivateBrowsingPromptFragment extends DialogFra .setTitle(intent.getDataString()) .setPositiveButton(R.string.button_yes, new DialogInterface.OnClickListener() { public void onClick(final DialogInterface dialog, final int id) { + // Bug 1450449 - Downloaded files are already in a public directory and + // aren't really exclusively owned by Firefox, so there's no real benefit + // to using content:// URIs here. + StrictMode.VmPolicy prevPolicy = StrictMode.getVmPolicy(); + StrictMode.setVmPolicy(StrictMode.VmPolicy.LAX); context.startActivity(intent); + StrictMode.setVmPolicy(prevPolicy); } }) .setNegativeButton(R.string.button_no, null /* we do nothing if the user rejects */ );

1 0

[tor-browser/tor-browser-60.4.0esr-8.5-1] Bug 1500906 - Suppress FileUriExposedExceptions when launching helper apps. r=jchen, a=pascalc
by gk＠torproject.org 24 Jan '19

24 Jan '19

commit 394ffba812d69d4b5767376f0f3ff1e303ba26d1 Author: Jan Henning <jh+bitbucket(a)buttercookie.de> Date: Wed Oct 24 21:02:17 2018 +0200 Bug 1500906 - Suppress FileUriExposedExceptions when launching helper apps. r=jchen, a=pascalc Sharing tabs with file:// URIs is not possible, but users can still send them to other apps via the helper app system in the URL bar/context menu. "Intent:Open" and "Intent:OpenForResult" are both sent from Gecko by HelperApps.jsm. The same reasoning as in bug 1450449 applies as to why for publicly accessible files content:// URIs are more trouble than they're worth. Differential Revision: https://phabricator.services.mozilla.com/D9697 --- .../base/java/org/mozilla/gecko/IntentHelper.java | 23 ++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java index f2810a92af51..5b7948f79e04 100644 --- a/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java +++ b/mobile/android/base/java/org/mozilla/gecko/IntentHelper.java @@ -26,6 +26,7 @@ import android.content.pm.PackageManager; import android.content.pm.ResolveInfo; import android.net.Uri; import android.os.Environment; +import android.os.StrictMode; import android.provider.Browser; import android.provider.MediaStore; import android.support.annotation.Nullable; @@ -471,12 +472,18 @@ public final class IntentHelper implements BundleEventListener { } private void open(final GeckoBundle message) { - openUriExternal(message.getString("url", ""), - message.getString("mime", ""), - message.getString("packageName", ""), - message.getString("className", ""), - message.getString("action", ""), - message.getString("title", ""), false); + final StrictMode.VmPolicy prevPolicy = StrictMode.getVmPolicy(); + StrictMode.setVmPolicy(StrictMode.VmPolicy.LAX); + try { + openUriExternal(message.getString("url", ""), + message.getString("mime", ""), + message.getString("packageName", ""), + message.getString("className", ""), + message.getString("action", ""), + message.getString("title", ""), false); + } finally { + StrictMode.setVmPolicy(prevPolicy); + } } private void openForResult(final GeckoBundle message, final EventCallback callback) { @@ -495,10 +502,14 @@ public final class IntentHelper implements BundleEventListener { return; } final ResultHandler handler = new ResultHandler(callback); + final StrictMode.VmPolicy prevPolicy = StrictMode.getVmPolicy(); + StrictMode.setVmPolicy(StrictMode.VmPolicy.LAX); try { ActivityHandlerHelper.startIntentForActivity(activity, intent, handler); } catch (SecurityException e) { Log.w(LOGTAG, "Forbidden to launch activity.", e); + } finally { + StrictMode.setVmPolicy(prevPolicy); } }

1 0

[tor-browser/tor-browser-60.4.0esr-8.5-1] Bug 1480079 - Add REQUEST_INSTALL_PACKAGES permission for all builds; r=jchen
by gk＠torproject.org 24 Jan '19

24 Jan '19

commit 4fe43cba0780a310cea820589ae0dc52837ebef9 Author: Petru Lingurar <petru.lingurar(a)softvision.ro> Date: Tue Aug 7 16:48:29 2018 +0300 Bug 1480079 - Add REQUEST_INSTALL_PACKAGES permission for all builds; r=jchen This permission is needed on API26+ to be able to install app updates but also other downloaded APKs. MozReview-Commit-ID: Lk0uqBAJ5BH --HG-- extra : rebase_source : 5f31cfd06c2205cd2a96ac68ba19b697d49ae75c --- mobile/android/base/FennecManifest_permissions.xml.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mobile/android/base/FennecManifest_permissions.xml.in b/mobile/android/base/FennecManifest_permissions.xml.in index 08c611d0a290..71f07b259135 100644 --- a/mobile/android/base/FennecManifest_permissions.xml.in +++ b/mobile/android/base/FennecManifest_permissions.xml.in @@ -45,6 +45,9 @@ #endif <uses-feature android:name="android.hardware.touchscreen"/> +  + <uses-permission-sdk-23 android:name="android.permission.REQUEST_INSTALL_PACKAGES"/> + #ifdef MOZ_ANDROID_BEAM  <uses-permission android:name="android.permission.NFC"/>

1 0

[tor-browser-build/master] Bug 27531: Add separate LD_LIBRARY_PATH for fteproxy
by gk＠torproject.org 24 Jan '19

24 Jan '19

commit f79412dffd134cb89d463229a5875e53e4274991 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon Jan 14 19:11:20 2019 +0100 Bug 27531: Add separate LD_LIBRARY_PATH for fteproxy --- projects/fteproxy/build | 2 ++ projects/fteproxy/config | 2 ++ projects/fteproxy/fteproxy.wrapper | 10 ++++++++++ projects/libfte/build | 4 ++-- .../Bundle-Data/PTConfigs/linux/torrc-defaults-appendix | 2 +- 5 files changed, 17 insertions(+), 3 deletions(-) diff --git a/projects/fteproxy/build b/projects/fteproxy/build index 310c9a5..6b6a82f 100644 --- a/projects/fteproxy/build +++ b/projects/fteproxy/build @@ -22,6 +22,8 @@ cd /var/tmp/build/[% project %]-[% c('version') %] cp -a fteproxy/defs/*.json $PTDIR/fteproxy/defs rm -Rf $pydir [% ELSE -%] + cp -a $rootdir/fteproxy.wrapper $PTDIR/fteproxy.wrapper + chmod +x $PTDIR/fteproxy.wrapper cp -a bin/fteproxy $PTDIR/fteproxy.bin cp -ra fteproxy $PTDIR/ [% END -%] diff --git a/projects/fteproxy/config b/projects/fteproxy/config index d58095e..06ea149 100644 --- a/projects/fteproxy/config +++ b/projects/fteproxy/config @@ -28,3 +28,5 @@ input_files: - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' enable: '[% c("var/windows") %]' + - filename: fteproxy.wrapper + enable: '[% c("var/linux") %]' diff --git a/projects/fteproxy/fteproxy.wrapper b/projects/fteproxy/fteproxy.wrapper new file mode 100644 index 0000000..ca10086 --- /dev/null +++ b/projects/fteproxy/fteproxy.wrapper @@ -0,0 +1,10 @@ +#!/bin/sh +basedir=$(dirname "$0") +libdir=$(cd "$basedir"/fteproxy-lib ; pwd) +if test -z "$LD_LIBRARY_PATH" +then + export LD_LIBRARY_PATH="$libdir" +else + export LD_LIBRARY_PATH="$libdir:$LD_LIBRARY_PATH" +fi +exec "$basedir/fteproxy.bin" "$@" diff --git a/projects/libfte/build b/projects/libfte/build index 4f3455f..5d62453 100644 --- a/projects/libfte/build +++ b/projects/libfte/build @@ -28,8 +28,8 @@ tar -C $distdir -xf $rootdir/[% c('input_files_by_name/obfsproxy') %] export PYTHON=python2 make cp -ra fte $PTDIR/ - mkdir -p $distdir/TorBrowser/Tor - cp /var/tmp/dist/gmp/lib/libgmp.so.10 $distdir/TorBrowser/Tor/ + mkdir -p $PTDIR/fteproxy-lib + cp /var/tmp/dist/gmp/lib/libgmp.so.10 $PTDIR/fteproxy-lib [% END -%] cp -a {LICENSE,README.md} $DOCSDIR/ cp -a thirdparty/re2/LICENSE $DOCSDIR/LICENSE.re2 diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix b/projects/tor-browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix index 12b8aad..d9988fb 100644 --- a/projects/tor-browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix +++ b/projects/tor-browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix @@ -1,5 +1,5 @@ ## fteproxy configuration -ClientTransportPlugin fte exec ./TorBrowser/Tor/PluggableTransports/fteproxy.bin --managed +ClientTransportPlugin fte exec ./TorBrowser/Tor/PluggableTransports/fteproxy.wrapper --managed ## obfs4proxy configuration ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec ./TorBrowser/Tor/PluggableTransports/obfs4proxy

1 0