- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.5-1] Bug 42194: Fix blank net error page on failed DNS resolution with active proxy.
by ma1 (＠ma1) 07 Nov '23

07 Nov '23

ma1 pushed to branch tor-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: aa90395e by hackademix at 2023-11-07T12:56:55+01:00 Bug 42194: Fix blank net error page on failed DNS resolution with active proxy. - - - - - 1 changed file: - toolkit/actors/NetErrorChild.sys.mjs Changes: ===================================== toolkit/actors/NetErrorChild.sys.mjs ===================================== @@ -140,12 +140,15 @@ export class NetErrorChild extends RemotePageChild { shortDesc.appendChild(span); }, }; - - Services.uriFixup.checkHost( - info.fixedURI, - onLookupCompleteListener, - this.document.nodePrincipal.originAttributes - ); + try { + Services.uriFixup.checkHost( + info.fixedURI, + onLookupCompleteListener, + this.document.nodePrincipal.originAttributes + ); + } catch (e) { + // DNS resolution may fail synchronously if forbidden by proxy + } } // Get the header from the http response of the failed channel. This function View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/aa90395… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/aa90395… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher] Deleted branch AsciiWolf-metainfo-fix
by asciiwolf (＠asciiwolf) 07 Nov '23

07 Nov '23

asciiwolf deleted branch AsciiWolf-metainfo-fix at The Tor Project / Applications / torbrowser-launcher -- You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher][main] Use a proper rDNS ID in AppStream metainfo
by boklm (＠boklm) 07 Nov '23

07 Nov '23

boklm pushed to branch main at The Tor Project / Applications / torbrowser-launcher Commits: 34bdd4d0 by AsciiWolf at 2023-11-02T18:12:06+01:00 Use a proper rDNS ID in AppStream metainfo - - - - - 1 changed file: - share/metainfo/torbrowser.appdata.xml → share/metainfo/org.torproject.torbrowser-launcher.metainfo.xml Changes: ===================================== share/metainfo/torbrowser.appdata.xml → share/metainfo/org.torproject.torbrowser-launcher.metainfo.xml ===================================== @@ -1,7 +1,8 @@ <?xml version="1.0" encoding="UTF-8"?>  <component type="desktop-application"> - <id>torbrowser.desktop</id> + <id>org.torproject.torbrowser-launcher</id> + <launchable type="desktop-id">torbrowser.desktop</launchable> <metadata_license>CC0-1.0</metadata_license> <project_license>MIT</project_license> <name>Tor Browser Launcher</name> View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.0-1] 2 commits: fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
by richard (＠richard) 06 Nov '23

06 Nov '23

richard pushed to branch tor-browser-115.4.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: f83bd860 by Henry Wilkes at 2023-11-06T23:18:21+00:00 fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser Bug 42184: Make torconnect redirect compatible with blank home page. - - - - - f0ddec98 by Henry Wilkes at 2023-11-06T23:18:28+00:00 fixup! Bug 40597: Implement TorSettings module Bug 42184: Split out URI fixup logic to fixupURIs and simplify. This method is used in TorConnectParent to fixup the home page preference. - - - - - 4 changed files: - browser/components/torconnect/TorConnectChild.sys.mjs - browser/components/torconnect/TorConnectParent.sys.mjs - browser/components/torconnect/content/aboutTorConnect.js - browser/modules/TorConnect.sys.mjs Changes: ===================================== browser/components/torconnect/TorConnectChild.sys.mjs ===================================== @@ -2,4 +2,78 @@ import { RemotePageChild } from "resource://gre/actors/RemotePageChild.sys.mjs"; -export class TorConnectChild extends RemotePageChild {} +export class TorConnectChild extends RemotePageChild { + /** + * Whether we have redirected the page (after bootstrapping) or not. + * + * @type {boolean} + */ + #redirected = false; + + /** + * If bootstrapping is complete, or TorConnect is disabled, we redirect the + * page. + */ + async #maybeRedirect() { + if (await this.sendQuery("torconnect:should-show")) { + // Enabled and not yet bootstrapped. + return; + } + if (this.#redirected) { + return; + } + this.#redirected = true; + + const redirect = new URLSearchParams( + new URL(this.contentWindow.document.location.href).search + ).get("redirect"); + + // Fallback in error cases: + let replaceURI = "about:tor"; + try { + const url = new URL( + redirect + ? decodeURIComponent(redirect) + : // NOTE: We expect no redirect when address is entered manually, or + // about:torconnect is opened from preferences or urlbar. + // Go to the home page. + await this.sendQuery("torconnect:home-page") + ); + // Do not allow javascript URI. See tor-browser#41766 + if ( + ["about:", "file:", "https:", "http:"].includes(url.protocol) || + // Allow blank page. See tor-browser#42184. + // Blank page's are given as a chrome URL rather than "about:blank". + url.href === "chrome://browser/content/blanktab.html" + ) { + replaceURI = url.href; + } else { + console.error(`Scheme is not allowed "${redirect}"`); + } + } catch { + console.error(`Invalid redirect URL "${redirect}"`); + } + + // Replace the destination to prevent "about:torconnect" entering the + // history. + // NOTE: This is done here, in the window actor, rather than in content + // because we have the privilege to redirect to a "chrome:" uri here (for + // when the HomePage is set to be blank). + this.contentWindow.location.replace(replaceURI); + } + + actorCreated() { + super.actorCreated(); + // about:torconnect could need to be immediately redirected. E.g. if it is + // reached after bootstrapping. + this.#maybeRedirect(); + } + + receiveMessage(message) { + super.receiveMessage(message); + + if (message.name === "torconnect:state-change") { + this.#maybeRedirect(); + } + } +} ===================================== browser/components/torconnect/TorConnectParent.sys.mjs ===================================== @@ -1,5 +1,7 @@ // Copyright (c) 2021, The Tor Project, Inc. +import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs"; + const { TorStrings } = ChromeUtils.import("resource:///modules/TorStrings.jsm"); import { InternetStatus, @@ -15,6 +17,12 @@ import { const BroadcastTopic = "about-torconnect:broadcast"; +const lazy = {}; + +XPCOMUtils.defineLazyModuleGetters(lazy, { + HomePage: "resource:///modules/HomePage.jsm", +}); + /* This object is basically a marshalling interface between the TorConnect module and a particular about:torconnect page @@ -167,6 +175,11 @@ export class TorConnectParent extends JSWindowActorParent { async receiveMessage(message) { switch (message.name) { + case "torconnect:should-show": + return Promise.resolve(TorConnect.shouldShowTorConnect); + case "torconnect:home-page": + // If there are multiple home pages, just load the first one. + return Promise.resolve(TorConnect.fixupURIs(lazy.HomePage.get())[0]); case "torconnect:set-quickstart": TorSettings.quickstart.enabled = message.data; TorSettings.saveToPrefs().applySettings(); ===================================== browser/components/torconnect/content/aboutTorConnect.js ===================================== @@ -136,10 +136,6 @@ class AboutTorConnect { tryBridgeButton: document.querySelector(this.selectors.buttons.tryBridge), }); - // a redirect url can be passed as a query parameter for the page to - // forward us to once bootstrap completes (otherwise the window will just close) - redirect = null; - uiState = { currentState: UIStates.ConnectToTor, allowAutomaticLocation: true, @@ -425,11 +421,6 @@ class AboutTorConnect { this.setLongText(TorStrings.settings.torPreferencesDescription); this.setProgress("", showProgressbar, 100); this.hideButtons(); - - // redirects page to the requested redirect url, removes about:torconnect - // from the page stack, so users cannot accidentally go 'back' to the - // now unresponsive page - window.location.replace(this.redirect); } update_Disabled(state) { @@ -822,23 +813,6 @@ class AboutTorConnect { } async init() { - // if the user gets here manually or via the button in the urlbar - // then we will redirect to about:tor - this.redirect = "about:tor"; - - // see if a user has a final destination after bootstrapping - let params = new URLSearchParams(new URL(document.location.href).search); - if (params.has("redirect")) { - try { - const redirect = new URL(decodeURIComponent(params.get("redirect"))); - if (/^(?:https?|about):$/.test(redirect.protocol)) { - this.redirect = redirect.href; - } - } catch (e) { - console.error(e, `Invalid redirect URL "${params.get("redirect")}"!`); - } - } - let args = await RPMSendQuery("torconnect:get-init-args"); // various constants ===================================== browser/modules/TorConnect.sys.mjs ===================================== @@ -1156,67 +1156,54 @@ export const TorConnect = (() => { return `about:torconnect?redirect=${encodeURIComponent(url)}`; }, + /** + * Convert the given object into a list of valid URIs. + * + * The object is either from the user's homepage preference (which may + * contain multiple domains separated by "|") or uris passed to the browser + * via command-line. + * + * @param {string|string[]} uriVariant - The string to extract uris from. + * + * @return {string[]} - The array of uris found. + */ + fixupURIs(uriVariant) { + let uriArray; + if (typeof uriVariant === "string") { + uriArray = uriVariant.split("|"); + } else if ( + Array.isArray(uriVariant) && + uriVariant.every(entry => typeof entry === "string") + ) { + uriArray = uriVariant; + } else { + // about:tor as safe fallback + console.error( + `TorConnect: received unknown variant '${JSON.stringify(uriVariant)}'` + ); + uriArray = ["about:tor"]; + } + + // Attempt to convert user-supplied string to a uri, fallback to + // about:tor if cannot convert to valid uri object + return uriArray.map( + uriString => + Services.uriFixup.getFixupURIInfo( + uriString, + Ci.nsIURIFixup.FIXUP_FLAG_NONE + ).preferredURI?.spec ?? "about:tor" + ); + }, + // called from browser.js on browser startup, passed in either the user's homepage(s) // or uris passed via command-line; we want to replace them with about:torconnect uris // which redirect after bootstrapping getURIsToLoad(uriVariant) { - // convert the object we get from browser.js - let uriStrings = (v => { - // an interop array - if (v instanceof Ci.nsIArray) { - // Transform the nsIArray of nsISupportsString's into a JS Array of - // JS strings. - return Array.from( - v.enumerate(Ci.nsISupportsString), - supportStr => supportStr.data - ); - // an interop string - } else if (v instanceof Ci.nsISupportsString) { - return [v.data]; - // a js string - } else if (typeof v === "string") { - return v.split("|"); - // a js array of js strings - } else if ( - Array.isArray(v) && - v.reduce((allStrings, entry) => { - return allStrings && typeof entry === "string"; - }, true) - ) { - return v; - } - // about:tor as safe fallback - console.log( - `TorConnect: getURIsToLoad() received unknown variant '${JSON.stringify( - v - )}'` - ); - return ["about:tor"]; - })(uriVariant); - - // will attempt to convert user-supplied string to a uri, fallback to about:tor if cannot convert - // to valid uri object - let uriStringToUri = uriString => { - const fixupFlags = Ci.nsIURIFixup.FIXUP_FLAG_NONE; - let uri = Services.uriFixup.getFixupURIInfo( - uriString, - fixupFlags - ).preferredURI; - return uri ? uri : Services.io.newURI("about:tor"); - }; - let uris = uriStrings.map(uriStringToUri); - - // assume we have a valid uri and generate an about:torconnect redirect uri - let redirectUrls = uris.map(uri => this.getRedirectURL(uri.spec)); - + const uris = this.fixupURIs(uriVariant); console.log( - `TorConnect: Will load after bootstrap => [${uris - .map(uri => { - return uri.spec; - }) - .join(", ")}]` + `TorConnect: Will load after bootstrap => [${uris.join(", ")}]` ); - return redirectUrls; + return uris.map(uri => this.getRedirectURL(uri)); }, }; return retval; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/2b8d06… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/2b8d06… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.4.0esr-13.0-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 06 Nov '23

06 Nov '23

ma1 pushed to branch mullvad-browser-115.4.0esr-13.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 38f96edf by hackademix at 2023-11-06T23:28:52+01:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42154: empty clipboard content from private windows on exit. - - - - - 2 changed files: - browser/app/profile/001-base-profile.js - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -87,6 +87,9 @@ pref("browser.sessionstore.resume_from_crash", false); // Also not needed in PBM at the moment. pref("browser.pagethumbnails.capturing_disabled", true); +// Empty clipboard content from private windows on exit (tor-browser#42154) +pref("browser.privatebrowsing.preserveClipboard", false); + // Enable HTTPS-Only mode (tor-browser#19850) pref("dom.security.https_only_mode", true); // The previous pref automatically sets this to true (see StaticPrefList.yaml), ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -148,6 +148,119 @@ const PRIVATE_BROWSING_EXE_ICON_INDEX = 1; const PREF_PRIVATE_BROWSING_SHORTCUT_CREATED = "browser.privacySegmentation.createdShortcut"; +// Empty clipboard content from private windows on exit +// (tor-browser#42154) +const ClipboardPrivacy = { + _lastClipboardHash: null, + _globalActivation: false, + _isPrivateClipboard: false, + _hasher: null, + + _computeClipboardHash(win = Services.ww.activeWindow) { + const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( + Ci.nsITransferable + ); + trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); + try { + Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); + const clipboardContent = {}; + trans.getAnyTransferData({}, clipboardContent); + const { data } = clipboardContent.value.QueryInterface( + Ci.nsISupportsString + ); + const bytes = new TextEncoder().encode(data); + const hasher = (this._hasher ||= Cc[ + "@mozilla.org/security/hash;1" + ].createInstance(Ci.nsICryptoHash)); + hasher.init(hasher.SHA256); + hasher.update(bytes, bytes.length); + return hasher.finish(true); + } catch (e) {} + return null; + }, + + startup() { + this._lastClipboardHash = this._computeClipboardHash(); + + // Here we track changes in active window / application, + // by filtering focus events and window closures. + const handleActivation = (win, activation) => { + if (activation) { + if (!this._globalActivation) { + // focus changed within this window, bail out. + return; + } + this._globalActivation = false; + } else if (!Services.focus.activeWindow) { + // focus is leaving this window: + // let's track whether it remains within the browser. + lazy.setTimeout(() => { + this._globalActivation = !Services.focus.activeWindow; + }, 100); + } + const clipboardHash = this._computeClipboardHash(win); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + const focusListener = e => + e.isTrusted && handleActivation(e.currentTarget, e.type === "focusin"); + const initWindow = win => { + for (const e of ["focusin", "focusout"]) { + win.addEventListener(e, focusListener); + } + }; + for (const w of Services.ww.getWindowEnumerator()) { + initWindow(w); + } + Services.ww.registerNotification((win, event) => { + switch (event) { + case "domwindowopened": + initWindow(win); + break; + case "domwindowclosed": + handleActivation(win, false); + if ( + this._isPrivateClipboard && + lazy.PrivateBrowsingUtils.isWindowPrivate(win) && + !( + lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + Array.from(Services.ww.getWindowEnumerator()).find(w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) + ) + ) + ) { + // no more private windows, empty private content if needed + this.emptyPrivate(); + } + } + }); + }, + emptyPrivate() { + if ( + this._isPrivateClipboard && + !Services.prefs.getBoolPref( + "browser.privatebrowsing.preserveClipboard", + false + ) && + this._lastClipboardHash === this._computeClipboardHash() + ) { + Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + this._lastClipboardHash = null; + this._isPrivateClipboard = false; + console.log("Private clipboard emptied."); + } + }, +}; + /** * Fission-compatible JSProcess implementations. * Each actor options object takes the form of a ProcessActorOptions dictionary. @@ -1619,6 +1732,8 @@ BrowserGlue.prototype = { lazy.DoHController.init(); + ClipboardPrivacy.startup(); + this._firstWindowTelemetry(aWindow); this._firstWindowLoaded(); @@ -1879,7 +1994,7 @@ BrowserGlue.prototype = { lazy.UpdateListener.reset(); } }, - () => Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard), // tor-browser#42019 + () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/38f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/38f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.4.0esr-13.0-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 06 Nov '23

06 Nov '23

ma1 pushed to branch base-browser-115.4.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 5779ddfe by hackademix at 2023-11-06T23:23:03+01:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42154: empty clipboard content from private windows on exit. - - - - - 2 changed files: - browser/app/profile/001-base-profile.js - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -87,6 +87,9 @@ pref("browser.sessionstore.resume_from_crash", false); // Also not needed in PBM at the moment. pref("browser.pagethumbnails.capturing_disabled", true); +// Empty clipboard content from private windows on exit (tor-browser#42154) +pref("browser.privatebrowsing.preserveClipboard", false); + // Enable HTTPS-Only mode (tor-browser#19850) pref("dom.security.https_only_mode", true); // The previous pref automatically sets this to true (see StaticPrefList.yaml), ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -148,6 +148,119 @@ const PRIVATE_BROWSING_EXE_ICON_INDEX = 1; const PREF_PRIVATE_BROWSING_SHORTCUT_CREATED = "browser.privacySegmentation.createdShortcut"; +// Empty clipboard content from private windows on exit +// (tor-browser#42154) +const ClipboardPrivacy = { + _lastClipboardHash: null, + _globalActivation: false, + _isPrivateClipboard: false, + _hasher: null, + + _computeClipboardHash(win = Services.ww.activeWindow) { + const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( + Ci.nsITransferable + ); + trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); + try { + Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); + const clipboardContent = {}; + trans.getAnyTransferData({}, clipboardContent); + const { data } = clipboardContent.value.QueryInterface( + Ci.nsISupportsString + ); + const bytes = new TextEncoder().encode(data); + const hasher = (this._hasher ||= Cc[ + "@mozilla.org/security/hash;1" + ].createInstance(Ci.nsICryptoHash)); + hasher.init(hasher.SHA256); + hasher.update(bytes, bytes.length); + return hasher.finish(true); + } catch (e) {} + return null; + }, + + startup() { + this._lastClipboardHash = this._computeClipboardHash(); + + // Here we track changes in active window / application, + // by filtering focus events and window closures. + const handleActivation = (win, activation) => { + if (activation) { + if (!this._globalActivation) { + // focus changed within this window, bail out. + return; + } + this._globalActivation = false; + } else if (!Services.focus.activeWindow) { + // focus is leaving this window: + // let's track whether it remains within the browser. + lazy.setTimeout(() => { + this._globalActivation = !Services.focus.activeWindow; + }, 100); + } + const clipboardHash = this._computeClipboardHash(win); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + const focusListener = e => + e.isTrusted && handleActivation(e.currentTarget, e.type === "focusin"); + const initWindow = win => { + for (const e of ["focusin", "focusout"]) { + win.addEventListener(e, focusListener); + } + }; + for (const w of Services.ww.getWindowEnumerator()) { + initWindow(w); + } + Services.ww.registerNotification((win, event) => { + switch (event) { + case "domwindowopened": + initWindow(win); + break; + case "domwindowclosed": + handleActivation(win, false); + if ( + this._isPrivateClipboard && + lazy.PrivateBrowsingUtils.isWindowPrivate(win) && + !( + lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + Array.from(Services.ww.getWindowEnumerator()).find(w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) + ) + ) + ) { + // no more private windows, empty private content if needed + this.emptyPrivate(); + } + } + }); + }, + emptyPrivate() { + if ( + this._isPrivateClipboard && + !Services.prefs.getBoolPref( + "browser.privatebrowsing.preserveClipboard", + false + ) && + this._lastClipboardHash === this._computeClipboardHash() + ) { + Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + this._lastClipboardHash = null; + this._isPrivateClipboard = false; + console.log("Private clipboard emptied."); + } + }, +}; + /** * Fission-compatible JSProcess implementations. * Each actor options object takes the form of a ProcessActorOptions dictionary. @@ -1652,6 +1765,8 @@ BrowserGlue.prototype = { lazy.DoHController.init(); + ClipboardPrivacy.startup(); + this._firstWindowTelemetry(aWindow); this._firstWindowLoaded(); @@ -1912,7 +2027,7 @@ BrowserGlue.prototype = { lazy.UpdateListener.reset(); } }, - () => Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard), // tor-browser#42019 + () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5779ddf… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5779ddf… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.0-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 06 Nov '23

06 Nov '23

ma1 pushed to branch tor-browser-115.4.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 2b8d06d6 by hackademix at 2023-11-06T23:14:33+01:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42154: empty clipboard content from private windows on exit. - - - - - 2 changed files: - browser/app/profile/001-base-profile.js - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -87,6 +87,9 @@ pref("browser.sessionstore.resume_from_crash", false); // Also not needed in PBM at the moment. pref("browser.pagethumbnails.capturing_disabled", true); +// Empty clipboard content from private windows on exit (tor-browser#42154) +pref("browser.privatebrowsing.preserveClipboard", false); + // Enable HTTPS-Only mode (tor-browser#19850) pref("dom.security.https_only_mode", true); // The previous pref automatically sets this to true (see StaticPrefList.yaml), ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -150,6 +150,119 @@ const PRIVATE_BROWSING_EXE_ICON_INDEX = 1; const PREF_PRIVATE_BROWSING_SHORTCUT_CREATED = "browser.privacySegmentation.createdShortcut"; +// Empty clipboard content from private windows on exit +// (tor-browser#42154) +const ClipboardPrivacy = { + _lastClipboardHash: null, + _globalActivation: false, + _isPrivateClipboard: false, + _hasher: null, + + _computeClipboardHash(win = Services.ww.activeWindow) { + const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( + Ci.nsITransferable + ); + trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); + try { + Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); + const clipboardContent = {}; + trans.getAnyTransferData({}, clipboardContent); + const { data } = clipboardContent.value.QueryInterface( + Ci.nsISupportsString + ); + const bytes = new TextEncoder().encode(data); + const hasher = (this._hasher ||= Cc[ + "@mozilla.org/security/hash;1" + ].createInstance(Ci.nsICryptoHash)); + hasher.init(hasher.SHA256); + hasher.update(bytes, bytes.length); + return hasher.finish(true); + } catch (e) {} + return null; + }, + + startup() { + this._lastClipboardHash = this._computeClipboardHash(); + + // Here we track changes in active window / application, + // by filtering focus events and window closures. + const handleActivation = (win, activation) => { + if (activation) { + if (!this._globalActivation) { + // focus changed within this window, bail out. + return; + } + this._globalActivation = false; + } else if (!Services.focus.activeWindow) { + // focus is leaving this window: + // let's track whether it remains within the browser. + lazy.setTimeout(() => { + this._globalActivation = !Services.focus.activeWindow; + }, 100); + } + const clipboardHash = this._computeClipboardHash(win); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + const focusListener = e => + e.isTrusted && handleActivation(e.currentTarget, e.type === "focusin"); + const initWindow = win => { + for (const e of ["focusin", "focusout"]) { + win.addEventListener(e, focusListener); + } + }; + for (const w of Services.ww.getWindowEnumerator()) { + initWindow(w); + } + Services.ww.registerNotification((win, event) => { + switch (event) { + case "domwindowopened": + initWindow(win); + break; + case "domwindowclosed": + handleActivation(win, false); + if ( + this._isPrivateClipboard && + lazy.PrivateBrowsingUtils.isWindowPrivate(win) && + !( + lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + Array.from(Services.ww.getWindowEnumerator()).find(w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) + ) + ) + ) { + // no more private windows, empty private content if needed + this.emptyPrivate(); + } + } + }); + }, + emptyPrivate() { + if ( + this._isPrivateClipboard && + !Services.prefs.getBoolPref( + "browser.privatebrowsing.preserveClipboard", + false + ) && + this._lastClipboardHash === this._computeClipboardHash() + ) { + Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + this._lastClipboardHash = null; + this._isPrivateClipboard = false; + console.log("Private clipboard emptied."); + } + }, +}; + /** * Fission-compatible JSProcess implementations. * Each actor options object takes the form of a ProcessActorOptions dictionary. @@ -1753,6 +1866,8 @@ BrowserGlue.prototype = { lazy.TorProviderBuilder.firstWindowLoaded(); + ClipboardPrivacy.startup(); + this._firstWindowTelemetry(aWindow); this._firstWindowLoaded(); @@ -2013,8 +2128,8 @@ BrowserGlue.prototype = { lazy.UpdateListener.reset(); } }, - () => Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard), // tor-browser#42019 () => lazy.OnionAliasStore.uninit(), + () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/2b8d06d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/2b8d06d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.5-1] fixup! Bug 23247: Communicating security expectations for .onion
by ma1 (＠ma1) 06 Nov '23

06 Nov '23

ma1 pushed to branch tor-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 8627f8e1 by cypherpunks1 at 2023-11-06T21:22:17+00:00 fixup! Bug 23247: Communicating security expectations for .onion Bug 42231: Improve the network monitor patch for http onion resources - - - - - 2 changed files: - devtools/client/netmonitor/src/components/SecurityState.js - devtools/shared/network-observer/NetworkHelper.sys.mjs Changes: ===================================== devtools/client/netmonitor/src/components/SecurityState.js ===================================== @@ -41,7 +41,7 @@ class SecurityState extends Component { const { securityState, - urlDetails: { isLocal }, + urlDetails: { host, isLocal }, } = item; const iconClassList = ["requests-security-state-icon"]; @@ -50,7 +50,11 @@ class SecurityState extends Component { // Locally delivered files such as http://localhost and file:// paths // are considered to have been delivered securely. - if (isLocal) { + if ( + isLocal || + (host?.endsWith(".onion") && + Services.prefs.getBoolPref("dom.securecontext.allowlist_onions", false)) + ) { realSecurityState = "secure"; } ===================================== devtools/shared/network-observer/NetworkHelper.sys.mjs ===================================== @@ -596,9 +596,6 @@ export var NetworkHelper = { // The request did not contain any security info. if (!securityInfo) { - if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) { - info.state = "secure"; - } return info; } @@ -650,11 +647,7 @@ export var NetworkHelper = { // schemes other than https and wss are subject to // downgrade/etc at the scheme level and should always be // considered insecure - if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) { - info.state = "secure"; - } else { - info.state = "insecure"; - } + info.state = "insecure"; } else if (state & wpl.STATE_IS_SECURE) { // The connection is secure if the scheme is sufficient info.state = "secure"; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8627f8e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8627f8e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] 10 commits: Bug 40934: Remove $bundle_locales from signing scripts
by richard (＠richard) 06 Nov '23

06 Nov '23

richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 5dc73a09 by Nicolas Vigier at 2023-11-06T17:14:04+00:00 Bug 40934: Remove $bundle_locales from signing scripts IN macos-signer-* we don't remove the loop, since those scripts are going away soon. - - - - - 99ac1364 by Nicolas Vigier at 2023-11-06T17:14:04+00:00 Bug 29815: Add rcodesign build - - - - - 3e924790 by Nicolas Vigier at 2023-11-06T17:14:04+00:00 Bug 29815: Set up signing machines for rcodesign - - - - - b696b79e by Nicolas Vigier at 2023-11-06T17:14:04+00:00 Bug 29815: Update signing scripts for rcodesign - - - - - d9e3782e by Nicolas Vigier at 2023-11-06T17:14:04+00:00 Bug 40982: Fix logging in tools/signing/do-all-signing - - - - - c46f3c86 by Nicolas Vigier at 2023-11-06T17:14:04+00:00 Bug 29815: Update macos signing entitlements files Taken from Firefox tree in security/mac/hardenedruntime/production.entitlements.xml in esr115 branch. - - - - - eb210afc by Nicolas Vigier at 2023-11-06T17:14:04+00:00 Bug 29815: Update issue templates for macos signing changes - - - - - 79cbf73c by Richard Pospesel at 2023-11-06T17:14:04+00:00 Bug 41005: Unpack macOS bundle to /var/tmp instead of /tmp in rcodesign-notary-submit step - - - - - f0a129ea by Richard Pospesel at 2023-11-06T17:14:04+00:00 Bug 41006: Fix typo in finished-signing-clean-linux signer - - - - - 954d5aac by Richard Pospesel at 2023-11-06T17:14:04+00:00 Bug 41007: gatekeeper-bundling.sh refers to old .tar.gz archive - - - - - 30 changed files: - .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md - .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md - .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md - .gitlab/issue_templates/Release Prep - Tor Browser Stable.md - Makefile - + projects/rcodesign/build - + projects/rcodesign/config - tools/.gitignore - tools/signing/alpha.entitlements.xml - tools/signing/dmg2mar - tools/signing/do-all-signing - tools/signing/finished-signing-clean-linux-signer - tools/signing/gatekeeper-bundling.sh - + tools/signing/linux-signer-rcodesign-sign - + tools/signing/linux-signer-rcodesign-sign.mullvadbrowser - + tools/signing/linux-signer-rcodesign-sign.torbrowser - tools/signing/machines-setup/setup-signing-machine - + tools/signing/machines-setup/sudoers.d/sign-rcodesign - tools/signing/machines-setup/upload-tbb-to-signing-machine - tools/signing/macos-signer-gatekeeper-signing - tools/signing/macos-signer-notarization - tools/signing/macos-signer-stapler - + tools/signing/rcodesign-notary-submit - tools/signing/release.entitlements.xml - tools/signing/set-config - + tools/signing/set-config.rcodesign - + tools/signing/set-config.rcodesign-appstoreconnect - + tools/signing/setup-rcodesign - + tools/signing/sync-linux-signer-macos-signed-tar-to-local - + tools/signing/sync-linux-signer-macos-signed-tar-to-local.mullvadbrowser The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-13.0.3-build1
by richard (＠richard) 06 Nov '23

06 Nov '23

richard pushed new tag tbb-13.0.3-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0