- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build][maint-13.5] 2 commits: Bug 41213: Update the update_manual.py script to notify when no changes needed
by Pier Angelo Vendrame (＠pierov) 03 Sep '24

03 Sep '24

Pier Angelo Vendrame pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: b81bc934 by Morgan at 2024-09-03T10:06:30+02:00 Bug 41213: Update the update_manual.py script to notify when no changes needed - - - - - 00df8db4 by Pier Angelo Vendrame at 2024-09-03T10:06:32+02:00 Bug 41208, 41209: Tor, Mullvad Browser 13.5.3 release preparation. Also, disable the check for Go updates in our release preparation script, as the Go version we use is EOL. - - - - - 12 changed files: - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/allowed_addons.json - projects/browser/config - projects/firefox/config - projects/geckoview/config - projects/go/config - projects/manual/config - projects/translation/config - rbm.conf - tools/relprep.py - tools/update_manual.py Changes: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -1,3 +1,81 @@ +Mullvad Browser 13.5.3 - September 03 2024 + * All Platforms + * Updated Firefox to 115.15.0esr + * Updated NoScript to 11.4.35 + * Bug 332: Rebase Mullvad Browser Stable onto 115.15.0esr [mullvad-browser] + * Bug 40056: Ensure that the lazy loading attribute is ignored on script-disabled documents [tor-browser] + * Bug 42686: Backport Mozilla 1885101 [tor-browser] + * Bug 42829: Prevent CSS-based scriptless interaction tracking [tor-browser] + * Bug 43100: Backport security fixes from Firefox 130 [tor-browser] + * Linux + * Bug 43064: Make copy/paste and drag/drop file filtering more specific [tor-browser] + * Build System + * All Platforms + * Bug 41218: Use new Tor Browser gpg subkey for signing stable releases [tor-browser-build] + * Bug 41222: link_old_mar_filenames still referenced in torbrowser-incrementals-{release,alpha}-unsigned [tor-browser-build] + +Mullvad Browser 14.0a3 - August 26 2024 + * All Platforms + * Updated Firefox to 128.2.0esr + * Bug 333: Rebase Mullvad Browser Alpha onto 128.2.0esr [mullvad-browser] + * Bug 40056: Ensure that the lazy loading attribute is ignored on script-disabled documents [tor-browser] + * Bug 41817: Add more color aliases that take dark mode into account [tor-browser] + * Bug 42603: Remove safebrowsing URLs [tor-browser] + * Bug 42611: Set clipboard.imageAsFile.enabled to false [tor-browser] + * Bug 42646: Drop patch for tor-browser#40166 [tor-browser] + * Bug 42665: Drop "Learn More" spacing [tor-browser] + * Linux + * Bug 43064: Make copy/paste and drag/drop file filtering more specific [tor-browser] + * Build System + * All Platforms + * Bug 41013: Add a README to each project [tor-browser-build] + * Bug 41222: link_old_mar_filenames still referenced in torbrowser-incrementals-{release,alpha}-unsigned [tor-browser-build] + +Mullvad Browser 14.0a2 - August 16 2024 + * All Platforms + * Updated Firefox to 128.1.0esr + * Updated NoScript to 11.4.34 + * Updated uBlock Origin to 1.59.0 + * Bug 326: Rebase Mullvad Browser Alpha onto 128.1.0esr [mullvad-browser] + * Bug 42596: Several console errors: Console.maxLogLevelPref used with a non-existing pref: [tor-browser] + * Bug 42641: Move from panel-footer class to moz-button-group [tor-browser] + * Bug 42644: toolbar rules in panelUI-shared.css are unneccessary [tor-browser] + * Bug 42667: Add description-deemphasized class to our additions to about:preferences [tor-browser] + * Bug 42679: Use a more robust approach to hide the "tracking protection" urlbar button [tor-browser] + * Bug 42699: Drop level="top" attribute from panels [tor-browser] + * Bug 42704: Drop the badged="true" attribute from security level button [tor-browser] + * Bug 42705: Update our preferences to account for new line height [tor-browser] + * Bug 42762: Review Mozilla 1498512: Enable by default setSinkId pref [tor-browser] + * Bug 42788: Review Mozilla 1828606: Add Recently Closed tabs to its own page [tor-browser] + * Bug 42789: Review Mozilla 1830157: Add new telemetry probe to determine how often an extension process had to be... [tor-browser] + * Bug 42792: Review Mozilla 1837097: Implement "Show less frequently" behavior for Pocket suggestions [tor-browser] + * Bug 42810: Review Mozilla 1840584: Support autofilling `first name` and `last name` field in a credit card form [tor-browser] + * Bug 42814: Opt out from Firefox relay by default. [tor-browser] + * Bug 42818: Review Mozilla 1841295: Update PocketSuggestions for the final suggestions schema [tor-browser] + * Bug 42835: Filter data transfers containing files [tor-browser] + * Bug 42846: Review Mozilla 1841995: Enable Credit Card Autofill in ES and IT in nightly [tor-browser] + * Bug 42847: Review Mozilla 1841996: Enable Credit Card Autofill in AT, BE, and PL in nightly [tor-browser] + * Bug 42848: Review Mozilla 1841998: Enable Credit Card Autofill for ES,IT,AT,BE and PL locales in release. r=dimi... [tor-browser] + * Bug 42855: Review Mozilla 1843130: Pocket newtab use new recs api for locale list config if new api pref is set [tor-browser] + * Bug 42862: Review Mozilla 1845428: Instrument Translations Panel With Telemetry [tor-browser] + * Bug 42863: Review Mozilla 1847150: Add more TranslationsTelemetry event keys for panel open r=gregtatum, a=dsmith [tor-browser] + * Bug 42864: Review Mozilla 1848845: Pocket newtab migrate existing markets to new API. r=gvn a=RyanVM [tor-browser] + * Bug 42872: Disable translations until audited and solved the UX problems [tor-browser] + * Bug 42886: Review Mozilla 1848048: Add a result menu to disable trending results. r=dao,fluent-reviewers,setting... [tor-browser] + * Bug 42996: Review Mozilla 1517786: Implement and ship CanvasRenderingContext2D.getContextAttributes() [tor-browser] + * Windows + macOS + * Bug 42774: Review Mozilla 1848815: Add a user-facing setting to enable enterprise roots import, and enable it by default [tor-browser] + * Bug 43021: Revert the OS deprecation notification introduced in #42347 [tor-browser] + * Windows + * Bug 43051: windows: remove UI for "open Tor Browser automatically when computer starts" [tor-browser] + * Build System + * All Platforms + * Bug 42799: Do not run lint pipelines on new tag [tor-browser] + * Bug 41204: NoScript isn't added automatically to Mullvad Browser changelogs [tor-browser-build] + * Windows + * Bug 41185: Drop Windows 7 support for 14.0 from build tools [tor-browser-build] + * Bug 41201: Bump the Windows version checked by the installer [tor-browser-build] + Mullvad Browser 13.5.2 - August 06 2024 * All Platforms * Updated Firefox to 115.14.0esr ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,163 @@ +Tor Browser 13.5.3 - September 03 2024 + * All Platforms + * Updated NoScript to 11.4.35 + * Bug 40056: Ensure that the lazy loading attribute is ignored on script-disabled documents [tor-browser] + * Bug 42686: Backport Mozilla 1885101 [tor-browser] + * Bug 42829: Prevent CSS-based scriptless interaction tracking [tor-browser] + * Bug 43084: Rebase Tor Browser Stable onto 115.15.0esr [tor-browser] + * Bug 43100: Backport security fixes from Firefox 130 [tor-browser] + * Bug 41207: Upgrade lyrebird to 0.3.0 [tor-browser-build] + * Windows + macOS + Linux + * Updated Firefox to 115.15.0esr + * Bug 42596: Several console errors: Console.maxLogLevelPref used with a non-existing pref: [tor-browser] + * Bug 42622: Offline state is unreachable in about:torconnect (first bootstrap attempt) [tor-browser] + * Bug 42642: Downloads button warning no longer announced on Orca [tor-browser] + * Bug 42661: Re-run update_emojis.py and update locales [tor-browser] + * Bug 42691: Simplified bridge cards prevent censored users from modifying built-in bridges [tor-browser] + * Bug 42696: Update `mail` icon used in "Find more bridges" [tor-browser] + * Bug 42697: Remove padding to left of `tor-bridges-provider-list` under "Find more bridges" [tor-browser] + * Bug 43059: Drag and Drop issue in new update 13.5.2 [tor-browser] + * Bug 43066: about:torconnect no longer changes the title icon on errors [tor-browser] + * Linux + * Bug 43064: Make copy/paste and drag/drop file filtering more specific [tor-browser] + * Android + * Updated GeckoView to 115.15.0esr + * Build System + * All Platforms + * Updated Go to 1.21.13 + * Bug 41213: Update the update_manual.py script to notify when no changes needed [tor-browser-build] + * Bug 41218: Use new Tor Browser gpg subkey for signing stable releases [tor-browser-build] + * Bug 41222: link_old_mar_filenames still referenced in torbrowser-incrementals-{release,alpha}-unsigned [tor-browser-build] + * Android + * Bug 41206: GeckoView ignores the number of processors [tor-browser-build] + +Tor Browser 14.0a3 - August 26 2024 + * All Platforms + * Bug 40056: Ensure that the lazy loading attribute is ignored on script-disabled documents [tor-browser] + * Bug 42611: Set clipboard.imageAsFile.enabled to false [tor-browser] + * Bug 42646: Drop patch for tor-browser#40166 [tor-browser] + * Bug 42830: Enable WebAudio APIs [tor-browser] + * Bug 43012: Mixed content: browser requests HTTPS images from onion domain accessed via HTTP [tor-browser] + * Bug 43013: security.mixed_content.upgrade_display_content.image is true by default [tor-browser] + * Bug 43074: Pass the browser to TorDomainIsolator.newCircuitForBrowser [tor-browser] + * Bug 43085: Rebase Tor Browser Alpha onto 128.2.0esr [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 128.2.0esr + * Bug 41811: Primary buttons that result in a connection attempt should be purple [tor-browser] + * Bug 41817: Add more color aliases that take dark mode into account [tor-browser] + * Bug 41820: Downloads warning styling improvements (use moz-message-bar) [tor-browser] + * Bug 42212: Fluent migration: onion services [tor-browser] + * Bug 42603: Remove safebrowsing URLs [tor-browser] + * Bug 42665: Drop "Learn More" spacing [tor-browser] + * Bug 43059: Drag and Drop issue in new update 13.5.2 [tor-browser] + * Bug 43066: about:torconnect no longer changes the title icon on errors [tor-browser] + * Bug 43067: Use html:link rather than xml-stylesheet in our dialogs [tor-browser] + * Bug 43071: Make sure "tor-button" elements that are also "primary" still use the tor colors [tor-browser] + * Bug 43081: Remove hard-coded CSS `line-height` [tor-browser] + * Linux + * Bug 43064: Make copy/paste and drag/drop file filtering more specific [tor-browser] + * Android + * Updated GeckoView to 128.2.0esr + * Bug 42386: Remove unused assets to reduce APK size [tor-browser] + * Bug 42590: “Tor browser” text in top left of home fragment/new tab view gets cut off with larger text sizes [tor-browser] + * Bug 43078: Disable Sharing Links to TBA [tor-browser] + * Bug 41223: Tor Browser Alpha version not displayed correctly [tor-browser-build] + * Build System + * All Platforms + * Bug 41013: Add a README to each project [tor-browser-build] + * Bug 41198: Update release-prep issue template to include notifiying anti-censorship team of package name changes for GetTor distributor [tor-browser-build] + * Bug 41222: link_old_mar_filenames still referenced in torbrowser-incrementals-{release,alpha}-unsigned [tor-browser-build] + * Android + * Bug 42480: Use translation CI in android [tor-browser] + +Tor Browser 14.0a2 - August 19 2024 + * All Platforms + * Updated NoScript to 11.4.34 + * Bug 42759: CI: remove localization file names that are in neither 14.0 nor 13.5 branches [tor-browser] + * Bug 42762: Review Mozilla 1498512: Enable by default setSinkId pref [tor-browser] + * Bug 42788: Review Mozilla 1828606: Add Recently Closed tabs to its own page [tor-browser] + * Bug 42789: Review Mozilla 1830157: Add new telemetry probe to determine how often an extension process had to be... [tor-browser] + * Bug 42792: Review Mozilla 1837097: Implement "Show less frequently" behavior for Pocket suggestions [tor-browser] + * Bug 42810: Review Mozilla 1840584: Support autofilling `first name` and `last name` field in a credit card form [tor-browser] + * Bug 42814: Opt out from Firefox relay by default. [tor-browser] + * Bug 42818: Review Mozilla 1841295: Update PocketSuggestions for the final suggestions schema [tor-browser] + * Bug 42835: Filter data transfers containing files [tor-browser] + * Bug 42846: Review Mozilla 1841995: Enable Credit Card Autofill in ES and IT in nightly [tor-browser] + * Bug 42847: Review Mozilla 1841996: Enable Credit Card Autofill in AT, BE, and PL in nightly [tor-browser] + * Bug 42848: Review Mozilla 1841998: Enable Credit Card Autofill for ES,IT,AT,BE and PL locales in release. r=dimi... [tor-browser] + * Bug 42886: Review Mozilla 1848048: Add a result menu to disable trending results. r=dao,fluent-reviewers,setting... [tor-browser] + * Bug 42996: Review Mozilla 1517786: Implement and ship CanvasRenderingContext2D.getContextAttributes() [tor-browser] + * Bug 42999: Rebase Tor Browser Alpha onto 128.1.0esr [tor-browser] + * Bug 43011: Ship only one copy of the MIT license, like upstream. [tor-browser] + * Bug 41207: Upgrade lyrebird to 0.3.0 [tor-browser-build] + * Windows + macOS + Linux + * Updated Firefox to 128.1.0esr + * Bug 42488: ESR 128: Remove role="code" from tor circuit panel [tor-browser] + * Bug 42596: Several console errors: Console.maxLogLevelPref used with a non-existing pref: [tor-browser] + * Bug 42612: Re-implement moz-toggle customizations for ESR 128 [tor-browser] + * Bug 42622: Offline state is unreachable in about:torconnect (first bootstrap attempt) [tor-browser] + * Bug 42629: Tweak `isOnNewTabPage` patch [tor-browser] + * Bug 42641: Move from panel-footer class to moz-button-group [tor-browser] + * Bug 42642: Downloads button warning no longer announced on Orca [tor-browser] + * Bug 42643: downloads panel separator has mismatched margin [tor-browser] + * Bug 42644: toolbar rules in panelUI-shared.css are unneccessary [tor-browser] + * Bug 42661: Re-run update_emojis.py and update locales [tor-browser] + * Bug 42662: Use data-hidden-from-search for hiding the firefox connection settings [tor-browser] + * Bug 42663: Tor Browser "Connection" settings missing a tooltip [tor-browser] + * Bug 42667: Add description-deemphasized class to our additions to about:preferences [tor-browser] + * Bug 42679: Use a more robust approach to hide the "tracking protection" urlbar button [tor-browser] + * Bug 42691: Simplified bridge cards prevent censored users from modifying built-in bridges [tor-browser] + * Bug 42695: Use `--arrowpanel-` variables for tor circuit panel spacing [tor-browser] + * Bug 42696: Update `mail` icon used in "Find more bridges" [tor-browser] + * Bug 42697: Remove padding to left of `tor-bridges-provider-list` under "Find more bridges" [tor-browser] + * Bug 42699: Drop level="top" attribute from panels [tor-browser] + * Bug 42700: Remove !nodes condition from gTorCircuitPanel._updateCurrentBrowser [tor-browser] + * Bug 42704: Drop the badged="true" attribute from security level button [tor-browser] + * Bug 42705: Update our preferences to account for new line height [tor-browser] + * Bug 42713: Some --in-content CSS variables were renamed/removed [tor-browser] + * Bug 42806: Use the `lh` CSS unit [tor-browser] + * Bug 42855: Review Mozilla 1843130: Pocket newtab use new recs api for locale list config if new api pref is set [tor-browser] + * Bug 42862: Review Mozilla 1845428: Instrument Translations Panel With Telemetry [tor-browser] + * Bug 42863: Review Mozilla 1847150: Add more TranslationsTelemetry event keys for panel open r=gregtatum, a=dsmith [tor-browser] + * Bug 42864: Review Mozilla 1848845: Pocket newtab migrate existing markets to new API. r=gvn a=RyanVM [tor-browser] + * Bug 42872: Disable translations until audited and solved the UX problems [tor-browser] + * Windows + macOS + * Bug 42774: Review Mozilla 1848815: Add a user-facing setting to enable enterprise roots import, and enable it by default [tor-browser] + * Bug 43021: Revert the OS deprecation notification introduced in #42347 [tor-browser] + * Windows + * Bug 43051: windows: remove UI for "open Tor Browser automatically when computer starts" [tor-browser] + * Android + * Updated GeckoView to 128.1.0esr + * Bug 43048: Firefox logo on splash [tor-browser] + * Bug 43050: Center text in connect buttons [tor-browser] + * Bug 43057: fenix/.../search/list.json failing linting [tor-browser] + * Build System + * All Platforms + * Updated Go to 1.23.0 + * Bug 42799: Do not run lint pipelines on new tag [tor-browser] + * Bug 43014: Add purgecaches to the dev build [tor-browser] + * Bug 41203: Tor Blog generation script uses the wrong url scheme for alpha releases [tor-browser-build] + * Bug 41213: Update the update_manual.py script to notify when no changes needed [tor-browser-build] + * Windows + macOS + Linux + * Bug 42668: Drop torconnect rule in eslint-plugin-mozilla [tor-browser] + * Windows + * Bug 41185: Drop Windows 7 support for 14.0 from build tools [tor-browser-build] + * Bug 41201: Bump the Windows version checked by the installer [tor-browser-build] + * macOS + * Bug 41202: 14.0a1 fails to run on macOS because of invalid signature [tor-browser-build] + * Android + * Bug 40544: Bump Java 8 version to something more recent [tor-browser-build] + * Bug 41123: Drop the firefox-android project [tor-browser-build] + * Bug 41171: Switch Android containers to Debian bookworm [tor-browser-build] + * Bug 41172: Refactor the android-toolchain project [tor-browser-build] + * Bug 41178: Force IPv4 when downloading in fix_gradle_deps.py [tor-browser-build] + * Bug 41200: Remove allowed_addons.json and the related tools [tor-browser-build] + * Bug 41206: GeckoView ignores the number of processors [tor-browser-build] + * Bug 41210: Use tor-expert-bundle-aar in geckoview/build_apk [tor-browser-build] + * Bug 41211: The Android license file is not deterministic anymore [tor-browser-build] + * Bug 41214: Update geckoview/config to be more like firefox/config [tor-browser-build] + * Bug 41217: Update realprep.py script to handle Firefox 128-based Tor Browser Android [tor-browser-build] + Tor Browser 13.5.2 - August 06 2024 * All Platforms * Updated NoScript to 11.4.31 ===================================== projects/browser/allowed_addons.json ===================================== @@ -17,7 +17,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/34/9734/13299734/13299734.pn…" } ], - "average_daily_users": 1062942, + "average_daily_users": 1140698, "categories": { "firefox": [ "web-development", @@ -28,7 +28,7 @@ "contributions_url": "https://opencollective.com/darkreader?utm_content=product-page-contribute&u…", "created": "2017-09-19T07:03:00Z", "current_version": { - "id": 5773678, + "id": 5796944, "compatibility": { "firefox": { "min": "78.0", @@ -39,7 +39,7 @@ "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/darkreader/versions/57736…", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/darkreader/versions/57969…", "is_strict_compatibility_enabled": false, "license": { "id": 22, @@ -50,22 +50,22 @@ "url": "http://www.opensource.org/license/mit" }, "release_notes": { - "en-US": "- Fixed breaking browser panels.\n- Users' fixes for websites." + "en-US": "- Removed www part from website URLs.\n- Fixed colors for static site fixes.\n- Apply ignored image selectors for gradients.\n- Users' fixes for websites." }, - "reviewed": "2024-07-16T11:27:36Z", - "version": "4.9.88", + "reviewed": "2024-08-27T12:16:01Z", + "version": "4.9.89", "files": [ { - "id": 4317971, - "created": "2024-07-11T15:11:33Z", - "hash": "sha256:7a965d5880be9fbf8be81a106acd1968263b1acc2db0add580b30f2dd71954b3", + "id": 4341235, + "created": "2024-08-23T02:07:01Z", + "hash": "sha256:f4a5b4d5966d99cc68b31a9d2072cdb6388efefa9d45746f03d76e3c897c49be", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 760271, + "size": 764773, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4317971/darkreader-4.9.88…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4341235/darkreader-4.9.89…", "permissions": [ "alarms", "contextMenus", @@ -143,7 +143,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2024-07-16T11:27:36Z", + "last_updated": "2024-08-27T12:16:01Z", "name": { "ar": "Dark Reader", "bn": "Dark Reader", @@ -218,10 +218,10 @@ "category": "recommended" }, "ratings": { - "average": 4.5269, - "bayesian_average": 4.525815223921681, - "count": 5739, - "text_count": 1804 + "average": 4.5268, + "bayesian_average": 4.5257181938569415, + "count": 5794, + "text_count": 1817 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/reviews/", "requires_payment": false, @@ -318,7 +318,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/versions/", - "weekly_downloads": 25548 + "weekly_downloads": 28794 }, "notes": null }, @@ -334,7 +334,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/56/7656/6937656/6937656.png?…" } ], - "average_daily_users": 230082, + "average_daily_users": 244616, "categories": { "firefox": [ "privacy-security" @@ -547,10 +547,10 @@ "category": "recommended" }, "ratings": { - "average": 4.7949, - "bayesian_average": 4.790282607671637, - "count": 1443, - "text_count": 261 + "average": 4.7952, + "bayesian_average": 4.790572428009504, + "count": 1450, + "text_count": 262 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/reviews/", "requires_payment": false, @@ -635,7 +635,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/versions/", - "weekly_downloads": 2877 + "weekly_downloads": 3185 }, "notes": null }, @@ -651,7 +651,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/73/4073/5474073/5474073.png?…" } ], - "average_daily_users": 1136011, + "average_daily_users": 1207093, "categories": { "firefox": [ "privacy-security" @@ -1170,10 +1170,10 @@ "category": "recommended" }, "ratings": { - "average": 4.802, - "bayesian_average": 4.799309951845924, - "count": 2485, - "text_count": 468 + "average": 4.803, + "bayesian_average": 4.800307318873676, + "count": 2498, + "text_count": 472 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/reviews/", "requires_payment": false, @@ -1197,7 +1197,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/versions/", - "weekly_downloads": 24264 + "weekly_downloads": 25580 }, "notes": null }, @@ -1213,7 +1213,7 @@ "picture_url": null } ], - "average_daily_users": 7289146, + "average_daily_users": 7837121, "categories": { "firefox": [ "privacy-security" @@ -1378,7 +1378,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2024-08-04T00:20:19Z", + "last_updated": "2024-09-02T23:55:23Z", "name": { "ar": "uBlock Origin", "bg": "uBlock Origin", @@ -1523,10 +1523,10 @@ "category": "recommended" }, "ratings": { - "average": 4.7899, - "bayesian_average": 4.789532490230483, - "count": 18145, - "text_count": 4731 + "average": 4.7904, + "bayesian_average": 4.7900338967513205, + "count": 18333, + "text_count": 4783 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/reviews/", "requires_payment": false, @@ -1589,7 +1589,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/versions/", - "weekly_downloads": 181340 + "weekly_downloads": 193211 }, "notes": null }, @@ -1605,7 +1605,7 @@ "picture_url": null } ], - "average_daily_users": 139258, + "average_daily_users": 167408, "categories": { "firefox": [ "photos-music-videos", @@ -1701,9 +1701,9 @@ "category": "recommended" }, "ratings": { - "average": 4.4534, - "bayesian_average": 4.448586650864945, - "count": 1266, + "average": 4.4543, + "bayesian_average": 4.449467320720743, + "count": 1270, "text_count": 492 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/re…", @@ -1726,7 +1726,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/ve…", - "weekly_downloads": 298 + "weekly_downloads": 384 }, "notes": null }, @@ -1742,7 +1742,7 @@ "picture_url": null } ], - "average_daily_users": 59459, + "average_daily_users": 61260, "categories": { "firefox": [ "privacy-security", @@ -1852,9 +1852,9 @@ ], "promoted": null, "ratings": { - "average": 4.3842, - "bayesian_average": 4.369517578761636, - "count": 406, + "average": 4.3857, + "bayesian_average": 4.370975076736403, + "count": 407, "text_count": 115 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/reviews/", @@ -1877,7 +1877,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/versions/", - "weekly_downloads": 753 + "weekly_downloads": 347 }, "notes": null }, @@ -1893,7 +1893,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/64/9064/12929064/12929064.pn…" } ], - "average_daily_users": 326393, + "average_daily_users": 347042, "categories": { "firefox": [ "search-tools", @@ -2110,10 +2110,10 @@ "category": "recommended" }, "ratings": { - "average": 4.6219, - "bayesian_average": 4.6176979770105095, - "count": 1518, - "text_count": 304 + "average": 4.6212, + "bayesian_average": 4.617005841441428, + "count": 1531, + "text_count": 306 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/reviews/", "requires_payment": false, @@ -2136,7 +2136,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/versions/", - "weekly_downloads": 5989 + "weekly_downloads": 6345 }, "notes": null }, @@ -2159,7 +2159,7 @@ "picture_url": null } ], - "average_daily_users": 96492, + "average_daily_users": 112925, "categories": { "firefox": [ "search-tools", @@ -2440,10 +2440,10 @@ "category": "recommended" }, "ratings": { - "average": 4.3832, - "bayesian_average": 4.378875614124495, - "count": 1383, - "text_count": 388 + "average": 4.3856, + "bayesian_average": 4.381265145234359, + "count": 1390, + "text_count": 391 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/reviews/", "requires_payment": false, @@ -2463,7 +2463,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/versions/", - "weekly_downloads": 20 + "weekly_downloads": 28 }, "notes": null }, @@ -2479,7 +2479,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/43/0143/143/143.png?modified…" } ], - "average_daily_users": 267004, + "average_daily_users": 278811, "categories": { "firefox": [ "privacy-security", @@ -2489,7 +2489,7 @@ "contributions_url": "https://www.paypal.com/donate/?hosted_button_id=9ERKTU5MBH4EW&utm_content=p…", "created": "2005-05-13T10:51:32Z", "current_version": { - "id": 5776342, + "id": 5799020, "compatibility": { "firefox": { "min": "59.0", @@ -2500,7 +2500,7 @@ "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/noscript/versions/5776342", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/noscript/versions/5799020", "is_strict_compatibility_enabled": false, "license": { "id": 13, @@ -2511,22 +2511,22 @@ "url": "http://www.gnu.org/licenses/gpl-2.0.html" }, "release_notes": { - "en-US": "v 11.4.31\n============================================================\nx [L10n] Updated fr, is, ru, zh_CN\nx Improved release tooling\nx [nscl] Updated to latest NoScript Commons Library\nx NoScript Options/Appearance/Show synthetic placeholders\n for invisible capability probes (issue #369)\nx [nscl] Make placeholders easier to style per type\nx Prevent duplicate synthetic placeholders for invisible\n capability probes (issue #369)" + "en-US": "v 11.4.35\n============================================================\nx Improved lazy_load capability (optimization and\n notification)\nx [nscl] Slight optimization of NOSCRIPT element emulation\n loop\nx Automatically add extra capabilities to policyTypesMap\nx Gracefully handle new capabilities still unknown to the\n settings host (e.g. Tor/Mullvad browser), if any\nx Configurable \"lazy_load\" capability (see\n <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/b3e6aa3e27d1f746591f0a…" rel=\"nofollow\">https://github.com/whatwg/html/issues/5250</a>)\nx Prefetch all CSS subresources (1st party included) in\n private contexts where both unchecked_css and scripting\n capabilities are disabled\nx Forcibly neutralize lazy loading attributes when scripting\n is disabled\nx [nscl] Restored SyncMessage compatibility with Firefox 78\n and below\nx Lock nscl version on stable releases\nx [L10n] Updated de, fr, tr, ru, uk, zh_CN" }, - "reviewed": "2024-07-18T11:49:53Z", - "version": "11.4.31", + "reviewed": "2024-08-28T15:03:34Z", + "version": "11.4.35", "files": [ { - "id": 4320635, - "created": "2024-07-16T10:04:58Z", - "hash": "sha256:b22c007534471a8fb74378e970ba79a536a44f88d81ad3852273b82a466d10c7", + "id": 4343311, + "created": "2024-08-26T22:32:41Z", + "hash": "sha256:a448e4c2e0eb7ca5fb1b6d3189bc586b91a7ee6facecdd0424f1bfbf2b3016fb", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 954922, + "size": 956549, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4320635/noscript-11.4.31.…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4343311/noscript-11.4.35.…", "permissions": [ "contextMenus", "storage", @@ -2593,7 +2593,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2024-08-03T21:50:17Z", + "last_updated": "2024-08-28T15:03:34Z", "name": { "de": "NoScript", "el": "NoScript", @@ -2665,10 +2665,10 @@ "category": "recommended" }, "ratings": { - "average": 4.3984, - "bayesian_average": 4.39573419526929, - "count": 2254, - "text_count": 864 + "average": 4.4063, + "bayesian_average": 4.4036255442284284, + "count": 2267, + "text_count": 865 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/reviews/", "requires_payment": false, @@ -2712,7 +2712,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/", - "weekly_downloads": 7147 + "weekly_downloads": 8229 }, "notes": null }, @@ -2728,7 +2728,7 @@ "picture_url": null } ], - "average_daily_users": 133156, + "average_daily_users": 151659, "categories": { "firefox": [ "photos-music-videos", @@ -2739,7 +2739,7 @@ "contributions_url": "", "created": "2011-07-15T10:42:41Z", "current_version": { - "id": 5625141, + "id": 5800440, "compatibility": { "firefox": { "min": "113.0", @@ -2750,7 +2750,7 @@ "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/youtube-high-definition/v…", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/youtube-high-definition/v…", "is_strict_compatibility_enabled": false, "license": { "id": 12, @@ -2761,25 +2761,26 @@ "url": "http://www.gnu.org/licenses/lgpl-3.0.html" }, "release_notes": { - "en-US": "Manifest v3 Support" + "en-US": "Manifest V3 Support" }, - "reviewed": "2023-09-21T07:50:10Z", - "version": "118.0.5", + "reviewed": "2024-09-02T15:21:14Z", + "version": "118.0.9", "files": [ { - "id": 4169481, - "created": "2023-09-18T12:22:43Z", - "hash": "sha256:66d24520820ea01056219751f4c42bf49cb7c0a295eb53e63cf28d603ea42d50", + "id": 4344731, + "created": "2024-08-29T15:35:24Z", + "hash": "sha256:99195aac88a26aa194ace2f0075d9b4e7710ac3f0c700d18ad3db57b656ee517", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 216452, + "size": 216788, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4169481/youtube_high_defi…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4344731/youtube_high_defi…", "permissions": [ "storage", - "*://*.youtube.com/*" + "*://*.youtube.com/*", + "*://*.youtube-nocookie.com/*" ], "optional_permissions": [], "host_permissions": [ @@ -2808,7 +2809,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-09-21T07:50:10Z", + "last_updated": "2024-09-02T15:21:14Z", "name": { "en-US": "YouTube High Definition", "zh-TW": "YouTube High Definition" @@ -2837,10 +2838,10 @@ "category": "recommended" }, "ratings": { - "average": 3.8445, - "bayesian_average": 3.8405068135224973, - "count": 1273, - "text_count": 461 + "average": 3.8397, + "bayesian_average": 3.835705118967834, + "count": 1279, + "text_count": 462 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/revi…", "requires_payment": false, @@ -2859,7 +2860,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/vers…", - "weekly_downloads": 1652 + "weekly_downloads": 2616 }, "notes": null } ===================================== projects/browser/config ===================================== @@ -104,9 +104,9 @@ input_files: enable: '[% ! c("var/android") %]' - filename: Bundle-Data enable: '[% ! c("var/android") %]' - - URL: https://addons.mozilla.org/firefox/downloads/file/4320635/noscript-11.4.31.… + - URL: https://addons.mozilla.org/firefox/downloads/file/4343311/noscript-11.4.35.… name: noscript - sha256sum: b22c007534471a8fb74378e970ba79a536a44f88d81ad3852273b82a466d10c7 + sha256sum: a448e4c2e0eb7ca5fb1b6d3189bc586b91a7ee6facecdd0424f1bfbf2b3016fb - URL: https://addons.mozilla.org/firefox/downloads/file/4328681/ublock_origin-1.5… name: ublock-origin sha256sum: 1db9c676a07d141f8d36dbbc24f9e3d64a6cc2340dbfc6c848bc4395f96cfb14 ===================================== projects/firefox/config ===================================== @@ -14,12 +14,12 @@ container: use_container: 1 var: - firefox_platform_version: 115.14.0 + firefox_platform_version: 115.15.0 firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '13.5' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 2 + browser_build: 3 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' @@ -103,6 +103,7 @@ targets: mullvadbrowser: git_url: https://gitlab.torproject.org/tpo/applications/mullvad-browser.git var: + browser_build: 2 branding_directory_prefix: 'mb' gitlab_project: https://gitlab.torproject.org/tpo/applications/mullvad-browser updater_url: 'https://cdn.mullvad.net/browser/update_responses/update_1/' ===================================== projects/geckoview/config ===================================== @@ -14,9 +14,9 @@ container: use_container: 1 var: - geckoview_version: 115.14.0esr + geckoview_version: 115.15.0esr browser_branch: 13.5-1 - browser_build: 2 + browser_build: 3 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' ===================================== projects/go/config ===================================== @@ -7,7 +7,7 @@ container: var: use_go_1_20: 0 - go_1_21: 1.21.12 + go_1_21: 1.21.13 go_1_20: 1.20.14 no_crosscompile: 1 setup: | @@ -131,7 +131,7 @@ input_files: enable: '[% ! c("var/linux") %]' - URL: 'https://go.dev/dl/go[% c("var/go_1_21") %].src.tar.gz' name: go - sha256sum: 30e68af27bc1f1df231e3ab74f3d17d3b8d52a089c79bcaab573b4f1b807ed4f + sha256sum: 71fb31606a1de48d129d591e8717a63e0c5565ffba09a24ea9f899a13214c34d enable: '[% !c("var/use_go_1_20") %]' - URL: 'https://go.dev/dl/go[% c("var/go_1_20") %].src.tar.gz' name: go ===================================== projects/manual/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 # To update, see doc/how-to-update-the-manual.txt # Remember to update also the package's hash, with the version! -version: 186657 +version: 199081 filename: 'manual-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -23,6 +23,6 @@ input_files: - project: container-image - URL: 'https://build-sources.tbb.torproject.org/manual_[% c("version") %].zip' name: manual - sha256sum: c73bb6c97eebe22947b0e9e076838e3c4994da24f3e6e16b7621831afd2006a8 + sha256sum: 12507ba43e5e4a4c4eb8e276f11c9d693d1e0fc4715753c87cd7166649c0da6b - filename: packagemanual.py name: package_script ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: 64b325861da514cd681533dcd368b351d2eb5f6c + git_hash: daed2afc487d1b20efc17feb153156524c6f714b targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: 36af545865b83e790019195095544d9eec133a49 + git_hash: 6374e3b09c0894b8452fa1ba0b99c807722fc805 targets: nightly: git_hash: 'tor-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: f00df5aeab6ef1bc592c6798db46ba6083283d00 + git_hash: f1585565f1635f18ab20a2fbdea4fdd72aa6c533 compress_tar: 'zst' targets: nightly: ===================================== rbm.conf ===================================== @@ -73,18 +73,18 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '13.5.2' + torbrowser_version: '13.5.3' torbrowser_build: 'build1' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. - browser_release_date: '2024/08/05 09:00:00' + browser_release_date: '2024/09/03 07:30:00' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: + - 13.5.2 - 13.5.1 - '13.5' - - 13.0.16 mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' # By default, we sort the list of installed packages. This allows sharing ===================================== tools/relprep.py ===================================== @@ -139,7 +139,9 @@ class ReleasePreparation: self.update_zlib() if self.android: self.update_zstd() - self.update_go() + # Do not update Go anymore: 1.21.x is not listed anymore in + # the download page as it is EOL as of August 13, 2024. + # self.update_go() self.update_manual() self.update_changelogs() ===================================== tools/update_manual.py ===================================== @@ -94,7 +94,8 @@ def update_manual(auth_token, base_path): return update_config(base_path, pipeline_id, sha256) - if __name__ == "__main__": if update_manual(load_token(), Path(__file__).parent.parent): print("Manual config updated, remember to stage it!") + else: + print("Manual already latest") View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.15.0esr-13.5-1-build3
by Pier Angelo Vendrame (＠pierov) 03 Sep '24

03 Sep '24

Pier Angelo Vendrame pushed new tag tor-browser-115.15.0esr-13.5-1-build3 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.15.0esr-13.5-1] 2 commits: Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in...
by Pier Angelo Vendrame (＠pierov) 03 Sep '24

03 Sep '24

Pier Angelo Vendrame pushed to branch tor-browser-115.15.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: b81d3724 by Anna Weine at 2024-09-03T09:11:27+02:00 Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in params and crv in alg are the same r=keeler https://treeherder.mozilla.org/jobs?repo=try&revision=ed7936b105dea8e58… Differential Revision: https://phabricator.services.mozilla.com/D217273 - - - - - 76781561 by Sam Foster at 2024-09-03T09:11:36+02:00 Bug 1909099 - Always clean up old session restore and sync log files. r=markh,sessionstore-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D217520 - - - - - 5 changed files: - dom/crypto/WebCryptoTask.cpp - dom/crypto/test/test-vectors.js - dom/crypto/test/test_WebCrypto_ECDH.html - dom/crypto/test/test_WebCrypto_ECDSA.html - services/common/logmanager.sys.mjs Changes: ===================================== dom/crypto/WebCryptoTask.cpp ===================================== @@ -1777,7 +1777,8 @@ class ImportEcKeyTask : public ImportKeyTask { return; } - if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW)) { + if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW) || + mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { RootedDictionary<EcKeyImportParams> params(aCx); mEarlyRv = Coerce(aCx, params, aAlgorithm); if (NS_FAILED(mEarlyRv) || !params.mNamedCurve.WasPassed()) { @@ -1882,11 +1883,21 @@ class ImportEcKeyTask : public ImportKeyTask { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } - // Extract 'crv' parameter from JWKs. + // Checking the 'crv' consistency if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { - if (!NormalizeToken(mJwk.mCrv.Value(), mNamedCurve)) { + // the curve stated in 'crv field' + nsString namedCurveFromCrv; + if (!NormalizeToken(mJwk.mCrv.Value(), namedCurveFromCrv)) { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } + + // https://w3c.github.io/webcrypto/#ecdh-operations + // https://w3c.github.io/webcrypto/#ecdsa-operations + // If namedCurve is not equal to the namedCurve member of + // normalizedAlgorithm (mNamedCurve in our case), throw a DataError. + if (!mNamedCurve.Equals(namedCurveFromCrv)) { + return NS_ERROR_DOM_DATA_ERR; + } } return NS_OK; } ===================================== dom/crypto/test/test-vectors.js ===================================== @@ -901,6 +901,13 @@ let tv = { y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", }, + jwk_different_crv: { + kty: "EC", + crv: "P-521", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + // The crv parameter is missing. jwk_missing_crv: { kty: "EC", @@ -1017,6 +1024,18 @@ let tv = { }, }, + // An ECDSA key in JWK format, which an "crv" field doesn't match the alg's crv. + ecdsa_jwk_crv_mismatch: { + pub_jwk: { + kty: "EC", + crv: "P-256", + alg: "ECDSA", + + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + }, + ecdsa_bad: { pub_jwk: { kty: "EC", ===================================== dom/crypto/test/test_WebCrypto_ECDH.html ===================================== @@ -152,12 +152,24 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDH import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-521"}; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -182,7 +194,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-384)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-384"}; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -207,7 +219,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-521)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-521" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -232,7 +244,7 @@ TestArray.addTest( "JWK import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -277,7 +289,7 @@ TestArray.addTest( "PKCS8 import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH", namedCurve: "P-256" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; function doExportPriv(x) { return crypto.subtle.exportKey("pkcs8", x); @@ -296,7 +308,7 @@ TestArray.addTest( "Test that importing bad JWKs fails", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var tvs = tv.ecdh_p256_negative; function doTryImport(jwk) { @@ -306,6 +318,7 @@ TestArray.addTest( } doTryImport(tvs.jwk_bad_crv)() + .then(error(that), doTryImport(tvs.jwk_different_crv)) .then(error(that), doTryImport(tvs.jwk_missing_crv)) .then(error(that), doTryImport(tvs.jwk_missing_x)) .then(error(that), doTryImport(tvs.jwk_missing_y)) @@ -349,7 +362,7 @@ TestArray.addTest( "Derive an HMAC key from two ECDH keys and test sign/verify", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-521" }; var algDerived = { name: "HMAC", hash: {name: "SHA-1"} }; var pubKey, privKey; @@ -391,6 +404,28 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Derive an HKDF key from two ECDH keys and derive an HMAC key from that", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + + async function doTest() { + let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveKey"]); + let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, []); + let ecdhAlg = { name: "ECDH", public: pubKey }; + let hkdfAlg = { name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array() }; + let hkdfKey = await crypto.subtle.deriveKey(ecdhAlg, privKey, hkdfAlg, false, ["deriveKey"]); + let hmacAlg = { name: "HMAC", hash: "SHA-256" }; + let hmacKey = await crypto.subtle.deriveKey(hkdfAlg, hkdfKey, hmacAlg, false, ["sign"]); + return crypto.subtle.sign("HMAC", hmacKey, new Uint8Array()); + } + const expected = util.hex2abv("acf62832fa93469824cd997593bc963b28a68e6f73f4516bbe51b35942fe9811"); + doTest().then(memcmp_complete(that, expected), error(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "SPKI import/export of public ECDH keys (P-256)", @@ -433,7 +468,7 @@ TestArray.addTest( "SPKI/JWK import ECDH keys (P-256) and derive a known secret", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } ===================================== dom/crypto/test/test_WebCrypto_ECDSA.html ===================================== @@ -91,7 +91,7 @@ TestArray.addTest( "ECDSA JWK import and reject a known-bad signature", function() { var that = this; - var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; function doVerify(x) { return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig_tampered, @@ -141,6 +141,18 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDSA import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "Verify that ECDSA import fails with a known-bad public key", ===================================== services/common/logmanager.sys.mjs ===================================== @@ -363,12 +363,7 @@ LogManager.prototype = { filename, this._log ); - // It's not completely clear to markh why we only do log cleanups - // for errors, but for now the Sync semantics have been copied... - // (one theory is that only cleaning up on error makes it less - // likely old error logs would be removed, but that's not true if - // there are occasional errors - let's address this later!) - if (reason == this.ERROR_LOG_WRITTEN && !this._cleaningUpFileLogs) { + if (!this._cleaningUpFileLogs) { this._log.trace("Running cleanup."); try { await this.cleanupLogs(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/fdbe54… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/fdbe54… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 453f6361 by Pier Angelo Vendrame at 2024-09-03T04:24:19+00:00 fixup! Firefox preference overrides. Bug 40147: Re-enable Picture-in-Picture mode. Media capabilities are already protected by RFP. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -425,7 +425,6 @@ pref("dom.netinfo.enabled", false); pref("network.http.referer.defaultPolicy", 2); // Bug 32948: Make referer behavior consistent regardless of private browing mode status pref("network.http.referer.defaultPolicy.pbmode", 2); pref("network.http.referer.XOriginTrimmingPolicy", 2); // Bug 17228: Force trim referer to scheme+host+port in cross-origin requests -pref("media.videocontrols.picture-in-picture.enabled", false); // Bug 40148: disable until audited in #40147 // Bug 40463: Disable Windows SSO pref("network.http.windows-sso.enabled", false, locked); // tor-browser#40424 View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/453… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/453… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 59b4e929 by Pier Angelo Vendrame at 2024-09-03T04:21:15+00:00 fixup! Firefox preference overrides. Bug 40147: Re-enable Picture-in-Picture mode. Media capabilities are already protected by RFP. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -425,7 +425,6 @@ pref("dom.netinfo.enabled", false); pref("network.http.referer.defaultPolicy", 2); // Bug 32948: Make referer behavior consistent regardless of private browing mode status pref("network.http.referer.defaultPolicy.pbmode", 2); pref("network.http.referer.XOriginTrimmingPolicy", 2); // Bug 17228: Force trim referer to scheme+host+port in cross-origin requests -pref("media.videocontrols.picture-in-picture.enabled", false); // Bug 40148: disable until audited in #40147 // Bug 40463: Disable Windows SSO pref("network.http.windows-sso.enabled", false, locked); // tor-browser#40424 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/59b4e92… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/59b4e92… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 7ec83a57 by Pier Angelo Vendrame at 2024-09-03T04:16:56+00:00 fixup! Firefox preference overrides. Bug 40147: Re-enable Picture-in-Picture mode. Media capabilities are already protected by RFP. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -425,7 +425,6 @@ pref("dom.netinfo.enabled", false); pref("network.http.referer.defaultPolicy", 2); // Bug 32948: Make referer behavior consistent regardless of private browing mode status pref("network.http.referer.defaultPolicy.pbmode", 2); pref("network.http.referer.XOriginTrimmingPolicy", 2); // Bug 17228: Force trim referer to scheme+host+port in cross-origin requests -pref("media.videocontrols.picture-in-picture.enabled", false); // Bug 40148: disable until audited in #40147 // Bug 40463: Disable Windows SSO pref("network.http.windows-sso.enabled", false, locked); // tor-browser#40424 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7ec83a5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7ec83a5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 02 Sep '24

02 Sep '24

Pier Angelo Vendrame pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: d5811acf by Morgan at 2024-09-02T18:23:47+02:00 fixup! Firefox preference overrides. Bug 42735: Disable recent search suggestions; fix type in comment - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -171,7 +171,7 @@ pref("browser.urlbar.suggest.trending", false); pref("browser.urlbar.trending.featureGate", false); // tor-browser#42792: Explicitly turn off Pocket suggestions in the URL bar. pref("browser.urlbar.pocket.featureGate", false); -// tor-browser#41691: Hide "Firefox Suggets" in the UI +// tor-browser#41691: Hide "Firefox Suggest" in the UI pref("browser.urlbar.groupLabels.enabled", false); pref("browser.safebrowsing.malware.enabled", false); pref("browser.safebrowsing.phishing.enabled", false); @@ -187,6 +187,10 @@ pref("browser.safebrowsing.provider.mozilla.updateURL", ""); pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); pref("datareporting.healthreport.uploadEnabled", false); pref("datareporting.policy.dataSubmissionEnabled", false); +// tor-browser#42735: Disable recent search suggestions +pref("browser.urlbar.recentsearches.featureGate", false); +pref("browser.urlbar.suggest.recentsearches", false); + // Make sure Unified Telemetry is really disabled, see: #18738. pref("toolkit.telemetry.unified", false); // This needs to be locked, or nightly builds will automatically lock it to true View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d5811ac… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d5811ac… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 02 Sep '24

02 Sep '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 03170f93 by Morgan at 2024-09-02T18:24:00+02:00 fixup! Firefox preference overrides. Bug 42735: Disable recent search suggestions; fix type in comment - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -171,7 +171,7 @@ pref("browser.urlbar.suggest.trending", false); pref("browser.urlbar.trending.featureGate", false); // tor-browser#42792: Explicitly turn off Pocket suggestions in the URL bar. pref("browser.urlbar.pocket.featureGate", false); -// tor-browser#41691: Hide "Firefox Suggets" in the UI +// tor-browser#41691: Hide "Firefox Suggest" in the UI pref("browser.urlbar.groupLabels.enabled", false); pref("browser.safebrowsing.malware.enabled", false); pref("browser.safebrowsing.phishing.enabled", false); @@ -187,6 +187,10 @@ pref("browser.safebrowsing.provider.mozilla.updateURL", ""); pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); pref("datareporting.healthreport.uploadEnabled", false); pref("datareporting.policy.dataSubmissionEnabled", false); +// tor-browser#42735: Disable recent search suggestions +pref("browser.urlbar.recentsearches.featureGate", false); +pref("browser.urlbar.suggest.recentsearches", false); + // Make sure Unified Telemetry is really disabled, see: #18738. pref("toolkit.telemetry.unified", false); // This needs to be locked, or nightly builds will automatically lock it to true View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/031… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/031… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 02 Sep '24

02 Sep '24

Pier Angelo Vendrame pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 44186d33 by Morgan at 2024-09-02T16:22:24+00:00 fixup! Firefox preference overrides. Bug 42735: Disable recent search suggestions; fix type in comment - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -171,7 +171,7 @@ pref("browser.urlbar.suggest.trending", false); pref("browser.urlbar.trending.featureGate", false); // tor-browser#42792: Explicitly turn off Pocket suggestions in the URL bar. pref("browser.urlbar.pocket.featureGate", false); -// tor-browser#41691: Hide "Firefox Suggets" in the UI +// tor-browser#41691: Hide "Firefox Suggest" in the UI pref("browser.urlbar.groupLabels.enabled", false); pref("browser.safebrowsing.malware.enabled", false); pref("browser.safebrowsing.phishing.enabled", false); @@ -187,6 +187,10 @@ pref("browser.safebrowsing.provider.mozilla.updateURL", ""); pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); pref("datareporting.healthreport.uploadEnabled", false); pref("datareporting.policy.dataSubmissionEnabled", false); +// tor-browser#42735: Disable recent search suggestions +pref("browser.urlbar.recentsearches.featureGate", false); +pref("browser.urlbar.suggest.recentsearches", false); + // Make sure Unified Telemetry is really disabled, see: #18738. pref("toolkit.telemetry.unified", false); // This needs to be locked, or nightly builds will automatically lock it to true View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/44186d3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/44186d3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 02 Sep '24

02 Sep '24

Pier Angelo Vendrame pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: ce72462c by Pier Angelo Vendrame at 2024-09-02T15:41:51+02:00 fixup! Firefox preference overrides. Fixed syntax error. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -291,7 +291,7 @@ pref("extensions.screenshots.disabled", true); pref("extensions.webcompat-reporter.enabled", false); // Disable contentRelevancy component (which itself is gated on Nimbus) (tor-browser#42867) -pref("toolkit.contentRelevancy.enabled", false; +pref("toolkit.contentRelevancy.enabled", false); pref("toolkit.contentRelevancy.ingestEnabled", false); pref("toolkit.contentRelevancy.log", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ce72462… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ce72462… You're receiving this email because of your account on gitlab.torproject.org.

1 0