- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build][main] Update release prep merge request template
by morgan (＠morgan) 29 Oct '24

29 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 0178b624 by Nicolas Vigier at 2024-10-29T20:08:40+00:00 Update release prep merge request template Update self-review template to add torbrowser_legacy vars to rbm.conf, and remove firefox-android. - - - - - 1 changed file: - .gitlab/merge_request_templates/relprep.md Changes: ===================================== .gitlab/merge_request_templates/relprep.md ===================================== @@ -10,10 +10,11 @@ - [ ] `var/torbrowser_build`: should be `build1`, unless bumping a previous release preparation - [ ] `var/browser_release_date`: must not be in the future when we start building - [ ] `var/torbrowser_incremental_from` (not needed for Android-only releases) + - [ ] `var/torbrowser_legacy_version` (For Tor Browser 14.0.x stable releases only) + - [ ] `var/torbrowser_legacy_platform_version` (For Tor Browser 14.0.x stable releases only) - [ ] Tag updates: - [ ] [Firefox](https://gitlab.torproject.org/tpo/applications/tor-browser/-/tags) - [ ] Geckoview - should match Firefox - - [ ] [Firefox Android](https://gitlab.torproject.org/tpo/applications/firefox-android/-/t… - Tags might be speculative in the release preparation: i.e., they might not exist yet. - [ ] Addon updates: - [ ] [NoScript](https://addons.mozilla.org/en-US/firefox/addon/noscript/) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.4.0esr-14.5-1] 2 commits: fixup! Bug 40283: Workaround for the file upload bug
by Pier Angelo Vendrame (＠pierov) 29 Oct '24

29 Oct '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 1eb1dd23 by Pier Angelo Vendrame at 2024-10-29T19:10:13+01:00 fixup! Bug 40283: Workaround for the file upload bug Lint with android-format. - - - - - 291acbab by Pier Angelo Vendrame at 2024-10-29T19:10:21+01:00 fixup! Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware Lint with android-format. - - - - - 2 changed files: - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java Changes: ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java ===================================== @@ -6301,10 +6301,10 @@ public class GeckoSession { } private static String normalizePath(String input) { - // For an unclear reason, Android media picker delivers file paths - // starting with double slash. Firefox performs path validation on - // all paths, and double slash is deemed invalid. - return input.startsWith("//") ? input.substring(1) : input; + // For an unclear reason, Android media picker delivers file paths + // starting with double slash. Firefox performs path validation on + // all paths, and double slash is deemed invalid. + return input.startsWith("//") ? input.substring(1) : input; } private static String getFile(final @NonNull Context context, final @NonNull Uri uri) { ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java ===================================== @@ -49,9 +49,7 @@ public class WebRequest extends WebMessage { /** The value of the Referer header for this request. */ public final @Nullable String referrer; - /** - * The value of the origin of this request. - */ + /** The value of the origin of this request. */ public final @Nullable String origin; @Retention(RetentionPolicy.SOURCE) @@ -248,10 +246,10 @@ public class WebRequest extends WebMessage { * @param origin A URI String * @return This Builder instance. */ - public @NonNull Builder origin(final @Nullable String origin) { - mOrigin = origin; - return this; - } + public @NonNull Builder origin(final @Nullable String origin) { + mOrigin = origin; + return this; + } /** * @return A {@link WebRequest} constructed with the values from this Builder instance. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/4e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/4e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.4.0esr-14.5-1] 2 commits: fixup! Bug 40283: Workaround for the file upload bug
by Pier Angelo Vendrame (＠pierov) 29 Oct '24

29 Oct '24

Pier Angelo Vendrame pushed to branch base-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 4b20df89 by Pier Angelo Vendrame at 2024-10-29T19:08:47+01:00 fixup! Bug 40283: Workaround for the file upload bug Lint with android-format. - - - - - 8cd93211 by Pier Angelo Vendrame at 2024-10-29T19:08:54+01:00 fixup! Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware Lint with android-format. - - - - - 2 changed files: - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java Changes: ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java ===================================== @@ -6301,10 +6301,10 @@ public class GeckoSession { } private static String normalizePath(String input) { - // For an unclear reason, Android media picker delivers file paths - // starting with double slash. Firefox performs path validation on - // all paths, and double slash is deemed invalid. - return input.startsWith("//") ? input.substring(1) : input; + // For an unclear reason, Android media picker delivers file paths + // starting with double slash. Firefox performs path validation on + // all paths, and double slash is deemed invalid. + return input.startsWith("//") ? input.substring(1) : input; } private static String getFile(final @NonNull Context context, final @NonNull Uri uri) { ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java ===================================== @@ -49,9 +49,7 @@ public class WebRequest extends WebMessage { /** The value of the Referer header for this request. */ public final @Nullable String referrer; - /** - * The value of the origin of this request. - */ + /** The value of the origin of this request. */ public final @Nullable String origin; @Retention(RetentionPolicy.SOURCE) @@ -248,10 +246,10 @@ public class WebRequest extends WebMessage { * @param origin A URI String * @return This Builder instance. */ - public @NonNull Builder origin(final @Nullable String origin) { - mOrigin = origin; - return this; - } + public @NonNull Builder origin(final @Nullable String origin) { + mOrigin = origin; + return this; + } /** * @return A {@link WebRequest} constructed with the values from this Builder instance. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/3975e7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/3975e7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.4.0esr-14.5-1] 6 commits: fixup! Bug 40283: Workaround for the file upload bug
by Pier Angelo Vendrame (＠pierov) 29 Oct '24

29 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 41bcfa1b by Pier Angelo Vendrame at 2024-10-29T19:05:48+01:00 fixup! Bug 40283: Workaround for the file upload bug Lint with android-format. - - - - - c8428799 by Pier Angelo Vendrame at 2024-10-29T19:05:53+01:00 fixup! Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware Lint with android-format. - - - - - cdcb77db by Pier Angelo Vendrame at 2024-10-29T19:05:53+01:00 fixup! Bug 42247: Android helpers for the TorProvider Lint with android-format. - - - - - ad0782df by Pier Angelo Vendrame at 2024-10-29T19:05:54+01:00 fixup! Bug 40597: Implement TorSettings module Fix a couple of references to Moat in the generic DomainFrontedRequests module. - - - - - 6b2120f9 by Pier Angelo Vendrame at 2024-10-29T19:05:54+01:00 fixup! Bug 40597: Implement TorSettings module ch.asyncOpen is not a JS async function, so no need to await it. The async in the name means that the channel will call methods from a listener object that it takes as an argument when it receives data. - - - - - 464b5a9b by Pier Angelo Vendrame at 2024-10-29T19:05:55+01:00 fixup! Bug 42247: Android helpers for the TorProvider Bug 43232: Make the Android Meek transport easier to debug. - - - - - 8 changed files: - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/TorIntegrationAndroid.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/TorSettings.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/androidlegacysettings/Prefs.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/androidlegacysettings/TorLegacyAndroidSettings.java - toolkit/modules/DomainFrontedRequests.sys.mjs - toolkit/modules/Moat.sys.mjs Changes: ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoSession.java ===================================== @@ -6319,10 +6319,10 @@ public class GeckoSession { } private static String normalizePath(String input) { - // For an unclear reason, Android media picker delivers file paths - // starting with double slash. Firefox performs path validation on - // all paths, and double slash is deemed invalid. - return input.startsWith("//") ? input.substring(1) : input; + // For an unclear reason, Android media picker delivers file paths + // starting with double slash. Firefox performs path validation on + // all paths, and double slash is deemed invalid. + return input.startsWith("//") ? input.substring(1) : input; } private static String getFile(final @NonNull Context context, final @NonNull Uri uri) { ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/TorIntegrationAndroid.java ===================================== @@ -9,671 +9,720 @@ package org.mozilla.geckoview; import android.content.Context; import android.os.AsyncTask; import android.util.Log; - -import androidx.annotation.AnyThread; import androidx.annotation.NonNull; -import androidx.annotation.Nullable; - import java.io.BufferedReader; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; +import java.io.InterruptedIOException; import java.util.ArrayList; +import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; import java.util.Map; -import java.util.Set; - import org.mozilla.gecko.EventDispatcher; import org.mozilla.gecko.GeckoAppShell; import org.mozilla.gecko.util.BundleEventListener; import org.mozilla.gecko.util.EventCallback; import org.mozilla.gecko.util.GeckoBundle; - import org.mozilla.geckoview.androidlegacysettings.TorLegacyAndroidSettings; public class TorIntegrationAndroid implements BundleEventListener { - private static final String TAG = "TorIntegrationAndroid"; - - // Events we listen to - private static final String EVENT_TOR_START = "GeckoView:Tor:StartTor"; - private static final String EVENT_TOR_STOP = "GeckoView:Tor:StopTor"; - private static final String EVENT_MEEK_START = "GeckoView:Tor:StartMeek"; - private static final String EVENT_MEEK_STOP = "GeckoView:Tor:StopMeek"; - private static final String EVENT_CONNECT_STATE_CHANGED = "GeckoView:Tor:ConnectStateChanged"; - private static final String EVENT_CONNECT_ERROR = "GeckoView:Tor:ConnectError"; - private static final String EVENT_BOOTSTRAP_PROGRESS = "GeckoView:Tor:BootstrapProgress"; - private static final String EVENT_BOOTSTRAP_COMPLETE = "GeckoView:Tor:BootstrapComplete"; - private static final String EVENT_TOR_LOGS = "GeckoView:Tor:Logs"; - private static final String EVENT_SETTINGS_READY = "GeckoView:Tor:SettingsReady"; - private static final String EVENT_SETTINGS_CHANGED = "GeckoView:Tor:SettingsChanged"; - private static final String EVENT_SETTINGS_OPEN = "GeckoView:Tor:OpenSettings"; - - // Events we emit - private static final String EVENT_SETTINGS_GET = "GeckoView:Tor:SettingsGet"; - private static final String EVENT_SETTINGS_SET = "GeckoView:Tor:SettingsSet"; - private static final String EVENT_SETTINGS_APPLY = "GeckoView:Tor:SettingsApply"; - private static final String EVENT_SETTINGS_SAVE = "GeckoView:Tor:SettingsSave"; - private static final String EVENT_BOOTSTRAP_BEGIN = "GeckoView:Tor:BootstrapBegin"; - private static final String EVENT_BOOTSTRAP_BEGIN_AUTO = "GeckoView:Tor:BootstrapBeginAuto"; - private static final String EVENT_BOOTSTRAP_CANCEL = "GeckoView:Tor:BootstrapCancel"; - private static final String EVENT_BOOTSTRAP_GET_STATE = "GeckoView:Tor:BootstrapGetState"; - - private static final String CONTROL_PORT_FILE = "/control-ipc"; - private static final String SOCKS_FILE = "/socks-ipc"; - private static final String COOKIE_AUTH_FILE = "/auth-file"; - - private final String mLibraryDir; - private final String mCacheDir; - private final String mIpcDirectory; - private final File mDataDir; - - private TorProcess mTorProcess = null; - /** - * The first time we run a Tor process in this session, we copy some configuration files to be - * sure we always have the latest version, but if we re-launch a tor process we do not need to - * copy them again. - */ - private boolean mCopiedConfigFiles = false; - /** - * Allow multiple proxies to be started, even though it might not actually happen. - * The key should be positive (also 0 is not allowed). - */ - private final HashMap<Integer, MeekTransport> mMeeks = new HashMap<>(); - private int mMeekCounter; - - /** - * mSettings is a Java-side copy of the authoritative settings in the JS code. - * It's useful to maintain as the UI may be fetching these options often and we don't watch each - * fetch to be a passthrough to JS with marshalling/unmarshalling each time. - */ - private TorSettings mSettings = null; - - /* package */ TorIntegrationAndroid(Context context) { - mLibraryDir = context.getApplicationInfo().nativeLibraryDir; - mCacheDir = context.getCacheDir().getAbsolutePath(); - mIpcDirectory = mCacheDir + "/tor-private"; - mDataDir = new File(context.getFilesDir(), "tor"); - registerListener(); + private static final String TAG = "TorIntegrationAndroid"; + + // Events we listen to + private static final String EVENT_TOR_START = "GeckoView:Tor:StartTor"; + private static final String EVENT_TOR_STOP = "GeckoView:Tor:StopTor"; + private static final String EVENT_MEEK_START = "GeckoView:Tor:StartMeek"; + private static final String EVENT_MEEK_STOP = "GeckoView:Tor:StopMeek"; + private static final String EVENT_CONNECT_STATE_CHANGED = "GeckoView:Tor:ConnectStateChanged"; + private static final String EVENT_CONNECT_ERROR = "GeckoView:Tor:ConnectError"; + private static final String EVENT_BOOTSTRAP_PROGRESS = "GeckoView:Tor:BootstrapProgress"; + private static final String EVENT_BOOTSTRAP_COMPLETE = "GeckoView:Tor:BootstrapComplete"; + private static final String EVENT_TOR_LOGS = "GeckoView:Tor:Logs"; + private static final String EVENT_SETTINGS_READY = "GeckoView:Tor:SettingsReady"; + private static final String EVENT_SETTINGS_CHANGED = "GeckoView:Tor:SettingsChanged"; + private static final String EVENT_SETTINGS_OPEN = "GeckoView:Tor:OpenSettings"; + + // Events we emit + private static final String EVENT_SETTINGS_GET = "GeckoView:Tor:SettingsGet"; + private static final String EVENT_SETTINGS_SET = "GeckoView:Tor:SettingsSet"; + private static final String EVENT_SETTINGS_APPLY = "GeckoView:Tor:SettingsApply"; + private static final String EVENT_SETTINGS_SAVE = "GeckoView:Tor:SettingsSave"; + private static final String EVENT_BOOTSTRAP_BEGIN = "GeckoView:Tor:BootstrapBegin"; + private static final String EVENT_BOOTSTRAP_BEGIN_AUTO = "GeckoView:Tor:BootstrapBeginAuto"; + private static final String EVENT_BOOTSTRAP_CANCEL = "GeckoView:Tor:BootstrapCancel"; + private static final String EVENT_BOOTSTRAP_GET_STATE = "GeckoView:Tor:BootstrapGetState"; + + private static final String CONTROL_PORT_FILE = "/control-ipc"; + private static final String SOCKS_FILE = "/socks-ipc"; + private static final String COOKIE_AUTH_FILE = "/auth-file"; + + private final String mLibraryDir; + private final String mCacheDir; + private final String mIpcDirectory; + private final File mDataDir; + + private TorProcess mTorProcess = null; + + /** + * The first time we run a Tor process in this session, we copy some configuration files to be + * sure we always have the latest version, but if we re-launch a tor process we do not need to + * copy them again. + */ + private boolean mCopiedConfigFiles = false; + + /** + * Allow multiple proxies to be started, even though it might not actually happen. The key should + * be positive (also 0 is not allowed). + */ + private final HashMap<Integer, MeekTransport> mMeeks = new HashMap<>(); + + private int mMeekCounter; + + /** + * mSettings is a Java-side copy of the authoritative settings in the JS code. It's useful to + * maintain as the UI may be fetching these options often and we don't watch each fetch to be a + * passthrough to JS with marshalling/unmarshalling each time. + */ + private TorSettings mSettings = null; + + /* package */ TorIntegrationAndroid(Context context) { + mLibraryDir = context.getApplicationInfo().nativeLibraryDir; + mCacheDir = context.getCacheDir().getAbsolutePath(); + mIpcDirectory = mCacheDir + "/tor-private"; + mDataDir = new File(context.getFilesDir(), "tor"); + registerListener(); + } + + /* package */ synchronized void shutdown() { + // FIXME: It seems this never gets called + if (mTorProcess != null) { + mTorProcess.shutdown(); + mTorProcess = null; } - - /* package */ synchronized void shutdown() { - // FIXME: It seems this never gets called - if (mTorProcess != null) { - mTorProcess.shutdown(); - mTorProcess = null; - } + } + + private void registerListener() { + EventDispatcher.getInstance() + .registerUiThreadListener( + this, + EVENT_TOR_START, + EVENT_MEEK_START, + EVENT_MEEK_STOP, + EVENT_SETTINGS_READY, + EVENT_SETTINGS_CHANGED, + EVENT_CONNECT_STATE_CHANGED, + EVENT_CONNECT_ERROR, + EVENT_BOOTSTRAP_PROGRESS, + EVENT_BOOTSTRAP_COMPLETE, + EVENT_TOR_LOGS, + EVENT_SETTINGS_OPEN); + } + + @Override // BundleEventListener + public synchronized void handleMessage( + final String event, final GeckoBundle message, final EventCallback callback) { + if (EVENT_TOR_START.equals(event)) { + startDaemon(message, callback); + } else if (EVENT_TOR_STOP.equals(event)) { + stopDaemon(message, callback); + } else if (EVENT_MEEK_START.equals(event)) { + startMeek(message, callback); + } else if (EVENT_MEEK_STOP.equals(event)) { + stopMeek(message, callback); + } else if (EVENT_SETTINGS_READY.equals(event)) { + try { + new SettingsLoader().execute(message); + } catch (Exception e) { + Log.e(TAG, "SettingsLoader error: " + e.toString()); + } + } else if (EVENT_SETTINGS_CHANGED.equals(event)) { + GeckoBundle newSettings = message.getBundle("settings"); + if (newSettings != null) { + // TODO: Should we notify listeners? + mSettings = new TorSettings(newSettings); + } else { + Log.w(TAG, "Ignoring a settings changed event that did not have the new settings."); + } + } else if (EVENT_CONNECT_STATE_CHANGED.equals(event)) { + String state = message.getString("state"); + for (BootstrapStateChangeListener listener : mBootstrapStateListeners) { + listener.onBootstrapStateChange(state); + } + } else if (EVENT_CONNECT_ERROR.equals(event)) { + String code = message.getString("code"); + String msg = message.getString("message"); + String phase = message.getString("phase"); + String reason = message.getString("reason"); + for (BootstrapStateChangeListener listener : mBootstrapStateListeners) { + listener.onBootstrapError(code, msg, phase, reason); + } + } else if (EVENT_BOOTSTRAP_PROGRESS.equals(event)) { + double progress = message.getDouble("progress"); + boolean hasWarnings = message.getBoolean("hasWarnings"); + for (BootstrapStateChangeListener listener : mBootstrapStateListeners) { + listener.onBootstrapProgress(progress, hasWarnings); + } + } else if (EVENT_BOOTSTRAP_COMPLETE.equals(event)) { + for (BootstrapStateChangeListener listener : mBootstrapStateListeners) { + listener.onBootstrapComplete(); + } + } else if (EVENT_TOR_LOGS.equals(event)) { + String msg = message.getString("message"); + String type = message.getString("logType"); + for (TorLogListener listener : mLogListeners) { + listener.onLog(type, msg); + } + } else if (EVENT_SETTINGS_OPEN.equals(event)) { + for (BootstrapStateChangeListener listener : mBootstrapStateListeners) { + listener.onSettingsRequested(); + } } - - private void registerListener() { - EventDispatcher.getInstance() - .registerUiThreadListener( - this, - EVENT_TOR_START, - EVENT_MEEK_START, - EVENT_MEEK_STOP, - EVENT_SETTINGS_READY, - EVENT_SETTINGS_CHANGED, - EVENT_CONNECT_STATE_CHANGED, - EVENT_CONNECT_ERROR, - EVENT_BOOTSTRAP_PROGRESS, - EVENT_BOOTSTRAP_COMPLETE, - EVENT_TOR_LOGS, - EVENT_SETTINGS_OPEN); + } + + private class SettingsLoader extends AsyncTask<GeckoBundle, Void, TorSettings> { + protected TorSettings doInBackground(GeckoBundle... messages) { + GeckoBundle message = messages[0]; + TorSettings settings; + if (TorLegacyAndroidSettings.unmigrated()) { + settings = TorLegacyAndroidSettings.loadTorSettings(); + } else { + GeckoBundle bundle = message.getBundle("settings"); + settings = new TorSettings(bundle); + } + return settings; } - @Override // BundleEventListener - public synchronized void handleMessage( - final String event, final GeckoBundle message, final EventCallback callback) { - if (EVENT_TOR_START.equals(event)) { - startDaemon(message, callback); - } else if (EVENT_TOR_STOP.equals(event)) { - stopDaemon(message, callback); - } else if (EVENT_MEEK_START.equals(event)) { - startMeek(message, callback); - } else if (EVENT_MEEK_STOP.equals(event)) { - stopMeek(message, callback); - } else if (EVENT_SETTINGS_READY.equals(event)) { - try { - new SettingsLoader().execute(message); - } catch(Exception e) { - Log.e(TAG, "SettingsLoader error: "+ e.toString()); - } - } else if (EVENT_SETTINGS_CHANGED.equals(event)) { - GeckoBundle newSettings = message.getBundle("settings"); - if (newSettings != null) { - // TODO: Should we notify listeners? - mSettings = new TorSettings(newSettings); - } else { - Log.w(TAG, "Ignoring a settings changed event that did not have the new settings."); - } - } else if (EVENT_CONNECT_STATE_CHANGED.equals(event)) { - String state = message.getString("state"); - for (BootstrapStateChangeListener listener: mBootstrapStateListeners) { - listener.onBootstrapStateChange(state); - } - } else if (EVENT_CONNECT_ERROR.equals(event)) { - String code = message.getString("code"); - String msg = message.getString("message"); - String phase = message.getString("phase"); - String reason = message.getString("reason"); - for (BootstrapStateChangeListener listener: mBootstrapStateListeners) { - listener.onBootstrapError(code, msg, phase, reason); - } - } else if (EVENT_BOOTSTRAP_PROGRESS.equals(event)) { - double progress = message.getDouble("progress"); - boolean hasWarnings = message.getBoolean("hasWarnings"); - for (BootstrapStateChangeListener listener: mBootstrapStateListeners) { - listener.onBootstrapProgress(progress, hasWarnings); - } - } else if (EVENT_BOOTSTRAP_COMPLETE.equals(event)) { - for (BootstrapStateChangeListener listener: mBootstrapStateListeners) { - listener.onBootstrapComplete(); - } - } else if (EVENT_TOR_LOGS.equals(event)) { - String msg = message.getString("message"); - String type = message.getString("logType"); - for (TorLogListener listener: mLogListeners) { - listener.onLog(type, msg); - } - } else if (EVENT_SETTINGS_OPEN.equals(event)) { - for (BootstrapStateChangeListener listener: mBootstrapStateListeners) { - listener.onSettingsRequested(); - } - } + @Override + protected void onPostExecute(TorSettings torSettings) { + mSettings = torSettings; + if (TorLegacyAndroidSettings.unmigrated()) { + setSettings(mSettings, true, true); + TorLegacyAndroidSettings.setMigrated(); + } + } + } + + private synchronized void startDaemon(final GeckoBundle message, final EventCallback callback) { + // Let JS generate this to possibly reduce the chance of race conditions. + String handle = message.getString("handle", ""); + if (handle.isEmpty()) { + Log.e(TAG, "Requested to start a tor process without a handle."); + callback.sendError("Expected a handle for the new process."); + return; } + Log.d(TAG, "Starting the a tor process with handle " + handle); - private class SettingsLoader extends AsyncTask<GeckoBundle, Void, TorSettings> { - protected TorSettings doInBackground(GeckoBundle... messages) { - GeckoBundle message = messages[0]; - TorSettings settings; - if (TorLegacyAndroidSettings.unmigrated()) { - settings = TorLegacyAndroidSettings.loadTorSettings(); - } else { - GeckoBundle bundle = message.getBundle("settings"); - settings = new TorSettings(bundle); - } - return settings; - } + TorProcess previousProcess = mTorProcess; + if (previousProcess != null) { + Log.w(TAG, "We still have a running process: " + previousProcess.getHandle()); + } + mTorProcess = new TorProcess(handle); + + GeckoBundle bundle = new GeckoBundle(3); + bundle.putString("controlPortPath", mIpcDirectory + CONTROL_PORT_FILE); + bundle.putString("socksPath", mIpcDirectory + SOCKS_FILE); + bundle.putString("cookieFilePath", mIpcDirectory + COOKIE_AUTH_FILE); + callback.sendSuccess(bundle); + } + + private synchronized void stopDaemon(final GeckoBundle message, final EventCallback callback) { + if (mTorProcess == null) { + if (callback != null) { + callback.sendSuccess(null); + } + return; + } + String handle = message.getString("handle", ""); + if (!mTorProcess.getHandle().equals(handle)) { + GeckoBundle bundle = new GeckoBundle(1); + bundle.putString( + "error", "The requested process has not been found. It might have already been stopped."); + callback.sendError(bundle); + return; + } + mTorProcess.shutdown(); + mTorProcess = null; + callback.sendSuccess(null); + } + + class TorProcess extends Thread { + private static final String EVENT_TOR_STARTED = "GeckoView:Tor:TorStarted"; + private static final String EVENT_TOR_START_FAILED = "GeckoView:Tor:TorStartFailed"; + private static final String EVENT_TOR_EXITED = "GeckoView:Tor:TorExited"; + private final String mHandle; + private Process mProcess = null; + + TorProcess(String handle) { + mHandle = handle; + setName("tor-process-" + handle); + start(); + } - @Override - protected void onPostExecute(TorSettings torSettings) { - mSettings = torSettings; - if (TorLegacyAndroidSettings.unmigrated()) { - setSettings(mSettings, true, true); - TorLegacyAndroidSettings.setMigrated(); - } + @Override + public void run() { + cleanIpcDirectory(); + + final String ipcDir = TorIntegrationAndroid.this.mIpcDirectory; + final ArrayList<String> args = new ArrayList<>(); + args.add(mLibraryDir + "/libTor.so"); + args.add("DisableNetwork"); + args.add("1"); + args.add("+__ControlPort"); + args.add("unix:" + ipcDir + CONTROL_PORT_FILE); + args.add("+__SocksPort"); + args.add("unix:" + ipcDir + SOCKS_FILE + " IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth"); + args.add("CookieAuthentication"); + args.add("1"); + args.add("CookieAuthFile"); + args.add(ipcDir + COOKIE_AUTH_FILE); + args.add("DataDirectory"); + args.add(mDataDir.getAbsolutePath()); + boolean copied = true; + try { + copyAndUseConfigFile("--defaults-torrc", "torrc-defaults", args); + } catch (IOException e) { + Log.w( + TAG, "torrc-default cannot be created, pluggable transports will not be available", e); + copied = false; + } + // tor-browser#42607: For now we do not ship geoip databases, as we + // do not have the circuit display functionality and they allow us + // to save some space in the final APK. + /*try { + copyAndUseConfigFile("GeoIPFile", "geoip", args); + copyAndUseConfigFile("GeoIPv6File", "geoip6", args); + } catch (IOException e) { + Log.w(TAG, "GeoIP files cannot be created, this feature will not be available.", e); + copied = false; + }*/ + mCopiedConfigFiles = copied; + + Log.d(TAG, "Starting tor with the follwing args: " + args.toString()); + final ProcessBuilder builder = new ProcessBuilder(args); + builder.directory(new File(mLibraryDir)); + try { + mProcess = builder.start(); + } catch (IOException e) { + Log.e(TAG, "Cannot start tor " + mHandle, e); + final GeckoBundle data = new GeckoBundle(2); + data.putString("handle", mHandle); + data.putString("error", e.getMessage()); + EventDispatcher.getInstance().dispatch(EVENT_TOR_START_FAILED, data); + return; + } + Log.i(TAG, "Tor process " + mHandle + " started."); + { + final GeckoBundle data = new GeckoBundle(1); + data.putString("handle", mHandle); + EventDispatcher.getInstance().dispatch(EVENT_TOR_STARTED, data); + } + try { + BufferedReader reader = + new BufferedReader(new InputStreamReader(mProcess.getInputStream())); + String line; + while ((line = reader.readLine()) != null) { + Log.i(TAG, "[tor-" + mHandle + "] " + line); } + } catch (IOException e) { + Log.e(TAG, "Failed to read stdout of the tor process " + mHandle, e); + } + Log.d(TAG, "Exiting the stdout loop for process " + mHandle); + final GeckoBundle data = new GeckoBundle(2); + data.putString("handle", mHandle); + try { + data.putInt("status", mProcess.waitFor()); + } catch (InterruptedException e) { + Log.e(TAG, "Failed to wait for the tor process " + mHandle, e); + data.putInt("status", 0xdeadbeef); + } + // FIXME: We usually don't reach this when the application is killed! + // So, we don't do our cleanup. + Log.i(TAG, "Tor process " + mHandle + " has exited."); + EventDispatcher.getInstance().dispatch(EVENT_TOR_EXITED, data); } - private synchronized void startDaemon(final GeckoBundle message, final EventCallback callback) { - // Let JS generate this to possibly reduce the chance of race conditions. - String handle = message.getString("handle", ""); - if (handle.isEmpty()) { - Log.e(TAG, "Requested to start a tor process without a handle."); - callback.sendError("Expected a handle for the new process."); - return; + private void cleanIpcDirectory() { + File directory = new File(TorIntegrationAndroid.this.mIpcDirectory); + if (!directory.isDirectory()) { + if (!directory.mkdirs()) { + Log.e(TAG, "Failed to create the IPC directory."); + return; } - Log.d(TAG, "Starting the a tor process with handle " + handle); - - TorProcess previousProcess = mTorProcess; - if (previousProcess != null) { - Log.w(TAG, "We still have a running process: " + previousProcess.getHandle()); + try { + // First remove the permissions for everybody... + directory.setReadable(false, false); + directory.setWritable(false, false); + directory.setExecutable(false, false); + // ... then add them back, but only for the owner. + directory.setReadable(true, true); + directory.setWritable(true, true); + directory.setExecutable(true, true); + } catch (SecurityException e) { + Log.e(TAG, "Could not set the permissions to the IPC directory.", e); } - mTorProcess = new TorProcess(handle); + return; + } + // We assume we do not have child directories, only files + File[] maybeFiles = directory.listFiles(); + if (maybeFiles != null) { + for (File file : maybeFiles) { + if (!file.delete()) { + Log.d(TAG, "Could not delete " + file); + } + } + } + } - GeckoBundle bundle = new GeckoBundle(3); - bundle.putString("controlPortPath", mIpcDirectory + CONTROL_PORT_FILE); - bundle.putString("socksPath", mIpcDirectory + SOCKS_FILE); - bundle.putString("cookieFilePath", mIpcDirectory + COOKIE_AUTH_FILE); - callback.sendSuccess(bundle); + private void copyAndUseConfigFile(String option, String name, ArrayList<String> args) + throws IOException { + File file = copyConfigFile(name); + args.add(option); + args.add(file.getAbsolutePath()); } - private synchronized void stopDaemon(final GeckoBundle message, final EventCallback callback) { - if (mTorProcess == null) { - if (callback != null) { - callback.sendSuccess(null); - } - return; + private File copyConfigFile(String name) throws IOException { + final File file = new File(mCacheDir, name); + if (mCopiedConfigFiles && file.exists()) { + return file; + } + + final Context context = GeckoAppShell.getApplicationContext(); + final InputStream in = context.getAssets().open("common/" + name); + // Files.copy is API 26+, so use java.io and a loop for now. + FileOutputStream out = null; + try { + out = new FileOutputStream(file); + } catch (IOException e) { + in.close(); + throw e; + } + try { + byte buffer[] = new byte[4096]; + int read; + while ((read = in.read(buffer)) >= 0) { + out.write(buffer, 0, read); } - String handle = message.getString("handle", ""); - if (!mTorProcess.getHandle().equals(handle)) { - GeckoBundle bundle = new GeckoBundle(1); - bundle.putString("error", "The requested process has not been found. It might have already been stopped."); - callback.sendError(bundle); - return; + } finally { + try { + in.close(); + } catch (IOException e) { + Log.w(TAG, "Cannot close the input stream for " + name); } - mTorProcess.shutdown(); - mTorProcess = null; - callback.sendSuccess(null); + try { + out.close(); + } catch (IOException e) { + Log.w(TAG, "Cannot close the output stream for " + name); + } + } + return file; } - class TorProcess extends Thread { - private static final String EVENT_TOR_STARTED = "GeckoView:Tor:TorStarted"; - private static final String EVENT_TOR_START_FAILED = "GeckoView:Tor:TorStartFailed"; - private static final String EVENT_TOR_EXITED = "GeckoView:Tor:TorExited"; - private final String mHandle; - private Process mProcess = null; - - TorProcess(String handle) { - mHandle = handle; - setName("tor-process-" + handle); - start(); + public void shutdown() { + if (mProcess != null && mProcess.isAlive()) { + mProcess.destroy(); + } + if (isAlive()) { + try { + join(); + } catch (InterruptedException e) { + Log.e( + TAG, + "Cannot join the thread for tor process " + mHandle + ", possibly already terminated", + e); } + } + } - @Override - public void run() { - cleanIpcDirectory(); - - final String ipcDir = TorIntegrationAndroid.this.mIpcDirectory; - final ArrayList<String> args = new ArrayList<>(); - args.add(mLibraryDir + "/libTor.so"); - args.add("DisableNetwork"); - args.add("1"); - args.add("+__ControlPort"); - args.add("unix:" + ipcDir + CONTROL_PORT_FILE); - args.add("+__SocksPort"); - args.add("unix:" + ipcDir + SOCKS_FILE + " IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth"); - args.add("CookieAuthentication"); - args.add("1"); - args.add("CookieAuthFile"); - args.add(ipcDir + COOKIE_AUTH_FILE); - args.add("DataDirectory"); - args.add(mDataDir.getAbsolutePath()); - boolean copied = true; - try { - copyAndUseConfigFile("--defaults-torrc", "torrc-defaults", args); - } catch (IOException e) { - Log.w(TAG, "torrc-default cannot be created, pluggable transports will not be available", e); - copied = false; - } - // tor-browser#42607: For now we do not ship geoip databases, as we - // do not have the circuit display functionality and they allow us - // to save some space in the final APK. - /*try { - copyAndUseConfigFile("GeoIPFile", "geoip", args); - copyAndUseConfigFile("GeoIPv6File", "geoip6", args); - } catch (IOException e) { - Log.w(TAG, "GeoIP files cannot be created, this feature will not be available.", e); - copied = false; - }*/ - mCopiedConfigFiles = copied; - - Log.d(TAG, "Starting tor with the follwing args: " + args.toString()); - final ProcessBuilder builder = new ProcessBuilder(args); - builder.directory(new File(mLibraryDir)); - try { - mProcess = builder.start(); - } catch (IOException e) { - Log.e(TAG, "Cannot start tor " + mHandle, e); - final GeckoBundle data = new GeckoBundle(2); - data.putString("handle", mHandle); - data.putString("error", e.getMessage()); - EventDispatcher.getInstance().dispatch(EVENT_TOR_START_FAILED, data); - return; - } - Log.i(TAG, "Tor process " + mHandle + " started."); - { - final GeckoBundle data = new GeckoBundle(1); - data.putString("handle", mHandle); - EventDispatcher.getInstance().dispatch(EVENT_TOR_STARTED, data); - } - try { - BufferedReader reader = new BufferedReader(new InputStreamReader(mProcess.getInputStream())); - String line; - while ((line = reader.readLine()) != null) { - Log.i(TAG, "[tor-" + mHandle + "] " + line); - } - } catch (IOException e) { - Log.e(TAG, "Failed to read stdout of the tor process " + mHandle, e); - } - Log.d(TAG, "Exiting the stdout loop for process " + mHandle); - final GeckoBundle data = new GeckoBundle(2); - data.putString("handle", mHandle); - try { - data.putInt("status", mProcess.waitFor()); - } catch (InterruptedException e) { - Log.e(TAG, "Failed to wait for the tor process " + mHandle, e); - data.putInt("status", 0xdeadbeef); - } - // FIXME: We usually don't reach this when the application is killed! - // So, we don't do our cleanup. - Log.i(TAG, "Tor process " + mHandle + " has exited."); - EventDispatcher.getInstance().dispatch(EVENT_TOR_EXITED, data); - } + public String getHandle() { + return mHandle; + } + } + + private synchronized void startMeek(final GeckoBundle message, final EventCallback callback) { + if (callback == null) { + Log.e(TAG, "Tried to start Meek without a callback."); + return; + } + mMeekCounter++; + mMeeks.put( + new Integer(mMeekCounter), + new MeekTransport(callback, mMeekCounter, message.getStringArray("arguments"))); + } + + private synchronized void stopMeek(final GeckoBundle message, final EventCallback callback) { + final Integer key = message.getInteger("id"); + final MeekTransport meek = mMeeks.remove(key); + if (meek != null) { + meek.shutdown(); + } + if (callback != null) { + callback.sendSuccess(null); + } + } + + private class MeekTransport extends Thread { + private static final String TRANSPORT = "meek_lite"; + private Process mProcess; + private final EventCallback mCallback; + private final int mId; + + MeekTransport(final EventCallback callback, int id, String[] args) { + setName("meek-" + id); + + final String command = mLibraryDir + "/libObfs4proxy.so"; + ArrayList<String> argList = new ArrayList<String>(); + argList.add(command); + if (args != null && args.length > 0) { + // Normally not used, but it helps to debug only by editing JS. + Log.d(TAG, "Requested custom arguments for meek: " + String.join(" ", args)); + argList.addAll(Arrays.asList(args)); + } + final ProcessBuilder builder = new ProcessBuilder(argList); + + File ptStateDir = new File(mDataDir, "pt_state"); + Log.d(TAG, "Using " + ptStateDir.getAbsolutePath() + " as a state directory for meek."); + final Map<String, String> env = builder.environment(); + env.put("TOR_PT_MANAGED_TRANSPORT_VER", "1"); + env.put("TOR_PT_STATE_LOCATION", ptStateDir.getAbsolutePath()); + env.put("TOR_PT_EXIT_ON_STDIN_CLOSE", "1"); + env.put("TOR_PT_CLIENT_TRANSPORTS", TRANSPORT); + + mCallback = callback; + mId = id; + try { + // We expect this process to be short-lived, therefore we do not bother with + // implementing this as a service. + mProcess = builder.start(); + } catch (IOException e) { + Log.e(TAG, "Cannot start the PT", e); + callback.sendError(e.getMessage()); + return; + } + start(); + } - private void cleanIpcDirectory() { - File directory = new File(TorIntegrationAndroid.this.mIpcDirectory); - if (!directory.isDirectory()) { - if (!directory.mkdirs()) { - Log.e(TAG, "Failed to create the IPC directory."); - return; - } - try { - // First remove the permissions for everybody... - directory.setReadable(false, false); - directory.setWritable(false, false); - directory.setExecutable(false, false); - // ... then add them back, but only for the owner. - directory.setReadable(true, true); - directory.setWritable(true, true); - directory.setExecutable(true, true); - } catch (SecurityException e) { - Log.e(TAG, "Could not set the permissions to the IPC directory.", e); - } - return; + /** + * Parse the standard output of the pluggable transport to find the hostname and port it is + * listening on. + * + * <p>See also the specs for the IPC protocol at https://spec.torproject.org/pt-spec/ipc.html. + */ + @Override + public void run() { + final String PROTOCOL_VERSION = "1"; + String hostname = ""; + boolean valid = false; + int port = 0; + String error = "Did not see a CMETHOD"; + try { + InputStreamReader isr = new InputStreamReader(mProcess.getInputStream()); + BufferedReader reader = new BufferedReader(isr); + String line; + while ((line = reader.readLine()) != null) { + line = line.trim(); + Log.d(TAG, "Meek line: " + line); + // Split produces always at least one item + String[] tokens = line.split(" "); + if ("VERSION".equals(tokens[0]) + && (tokens.length != 2 || !PROTOCOL_VERSION.equals(tokens[1]))) { + error = "Bad version: " + line; + break; + } + if ("CMETHOD".equals(tokens[0])) { + if (tokens.length != 4) { + error = "Bad number of tokens in CMETHOD: " + line; + break; } - // We assume we do not have child directories, only files - File[] maybeFiles = directory.listFiles(); - if (maybeFiles != null) { - for (File file : maybeFiles) { - if (!file.delete()) { - Log.d(TAG, "Could not delete " + file); - } - } + if (!tokens[1].equals(TRANSPORT)) { + error = "Unexpected transport: " + tokens[1]; + break; } - } - - private void copyAndUseConfigFile(String option, String name, ArrayList<String> args) throws IOException { - File file = copyConfigFile(name); - args.add(option); - args.add(file.getAbsolutePath()); - } - - private File copyConfigFile(String name) throws IOException { - final File file = new File(mCacheDir, name); - if (mCopiedConfigFiles && file.exists()) { - return file; + if (!"socks5".equals(tokens[2])) { + error = "Unexpected proxy type: " + tokens[2]; + break; } - - final Context context = GeckoAppShell.getApplicationContext(); - final InputStream in = context.getAssets().open("common/" + name); - // Files.copy is API 26+, so use java.io and a loop for now. - FileOutputStream out = null; - try { - out = new FileOutputStream(file); - } catch (IOException e) { - in.close(); - throw e; + String[] addr = tokens[3].split(":"); + if (addr.length != 2) { + error = "Invalid address"; + break; } + hostname = addr[0]; try { - byte buffer[] = new byte[4096]; - int read; - while ((read = in.read(buffer)) >= 0) { - out.write(buffer, 0, read); - } - } finally { - try { - in.close(); - } catch (IOException e) { - Log.w(TAG, "Cannot close the input stream for " + name); - } - try { - out.close(); - } catch (IOException e) { - Log.w(TAG, "Cannot close the output stream for " + name); - } - } - return file; - } - - public void shutdown() { - if (mProcess != null && mProcess.isAlive()) { - mProcess.destroy(); + port = Integer.parseInt(addr[1]); + } catch (NumberFormatException e) { + error = "Invalid port: " + e.getMessage(); + break; } - if (isAlive()) { - try { - join(); - } catch (InterruptedException e) { - Log.e(TAG, "Cannot join the thread for tor process " + mHandle + ", possibly already terminated", e); - } + if (port < 1 || port > 65535) { + error = "Invalid port: out of bounds"; + break; } + valid = true; + break; + } + if (tokens[0].endsWith("-ERROR")) { + error = "Seen an error: " + line; + break; + } } - - public String getHandle() { - return mHandle; - } + } catch (Exception e) { + error = e.getMessage(); + } + if (valid) { + Log.d(TAG, "Setup a meek transport " + mId + ": " + hostname + ":" + port); + final GeckoBundle bundle = new GeckoBundle(3); + bundle.putInt("id", mId); + bundle.putString("address", hostname); + bundle.putInt("port", port); + mCallback.sendSuccess(bundle); + } else { + Log.e(TAG, "Failed to get a usable config from the PT: " + error); + mCallback.sendError(error); + return; + } + dumpStdout(); } - private synchronized void startMeek(final GeckoBundle message, final EventCallback callback) { - if (callback == null) { - Log.e(TAG, "Tried to start Meek without a callback."); - return; - } - mMeekCounter++; - mMeeks.put(new Integer(mMeekCounter), new MeekTransport(callback, mMeekCounter)); + void shutdown() { + if (mProcess != null) { + Log.i(TAG, "Shutting down meek process " + mId); + mProcess.destroy(); + mProcess = null; + } else { + Log.w( + TAG, + "Shutdown request on the meek process " + mId + " that has already been shutdown."); + } + try { + join(); + } catch (InterruptedException e) { + Log.e(TAG, "Could not join the meek thread", e); + } } - private synchronized void stopMeek(final GeckoBundle message, final EventCallback callback) { - final Integer key = message.getInteger("id"); - final MeekTransport meek = mMeeks.remove(key); - if (meek != null) { - meek.shutdown(); - } - if (callback != null) { - callback.sendSuccess(null); + void dumpStdout() { + try { + BufferedReader reader = + new BufferedReader(new InputStreamReader(mProcess.getInputStream())); + String line; + while ((line = reader.readLine()) != null) { + Log.d(TAG, "[meek-" + mId + "] " + line); } + } catch (InterruptedIOException e) { + // This happens normally, do not log it. + } catch (IOException e) { + Log.e(TAG, "Failed to read stdout of the meek process process " + mId, e); + } } + } - private class MeekTransport extends Thread { - private static final String TRANSPORT = "meek_lite"; - private Process mProcess; - private final EventCallback mCallback; - private final int mId; - - MeekTransport(final EventCallback callback, int id) { - setName("meek-" + id); - final ProcessBuilder builder = new ProcessBuilder(mLibraryDir + "/libObfs4proxy.so"); - { - File ptStateDir = new File(mDataDir, "pt_state"); - final Map<String, String> env = builder.environment(); - env.put("TOR_PT_MANAGED_TRANSPORT_VER", "1"); - env.put("TOR_PT_STATE_LOCATION", ptStateDir.getAbsolutePath()); - env.put("TOR_PT_EXIT_ON_STDIN_CLOSE", "1"); - env.put("TOR_PT_CLIENT_TRANSPORTS", TRANSPORT); - } - mCallback = callback; - mId = id; - try { - // We expect this process to be short-lived, therefore we do not bother with - // implementing this as a service. - mProcess = builder.start(); - } catch (IOException e) { - Log.e(TAG, "Cannot start the PT", e); - callback.sendError(e.getMessage()); - return; - } - start(); - } + public interface BootstrapStateChangeListener { + void onBootstrapStateChange(String state); - /** - * Parse the standard output of the pluggable transport to find the hostname and port it is - * listening on. - * <p> - * See also the specs for the IPC protocol at https://spec.torproject.org/pt-spec/ipc.html. - */ - @Override - public void run() { - final String PROTOCOL_VERSION = "1"; - String hostname = ""; - boolean valid = false; - int port = 0; - String error = "Did not see a CMETHOD"; - try { - InputStreamReader isr = new InputStreamReader(mProcess.getInputStream()); - BufferedReader reader = new BufferedReader(isr); - String line; - while ((line = reader.readLine()) != null) { - line = line.trim(); - Log.d(TAG, "Meek line: " + line); - // Split produces always at least one item - String[] tokens = line.split(" "); - if ("VERSION".equals(tokens[0]) && (tokens.length != 2 || !PROTOCOL_VERSION.equals(tokens[1]))) { - error = "Bad version: " + line; - break; - } - if ("CMETHOD".equals(tokens[0])) { - if (tokens.length != 4) { - error = "Bad number of tokens in CMETHOD: " + line; - break; - } - if (!tokens[1].equals(TRANSPORT)) { - error = "Unexpected transport: " + tokens[1]; - break; - } - if (!"socks5".equals(tokens[2])) { - error = "Unexpected proxy type: " + tokens[2]; - break; - } - String[] addr = tokens[3].split(":"); - if (addr.length != 2) { - error = "Invalid address"; - break; - } - hostname = addr[0]; - try { - port = Integer.parseInt(addr[1]); - } catch (NumberFormatException e) { - error = "Invalid port: " + e.getMessage(); - break; - } - if (port < 1 || port > 65535) { - error = "Invalid port: out of bounds"; - break; - } - valid = true; - break; - } - if (tokens[0].endsWith("-ERROR")) { - error = "Seen an error: " + line; - break; - } - } - } catch (Exception e) { - error = e.getMessage(); - } - if (valid) { - Log.d(TAG, "Setup a meek transport " + mId + ": " + hostname + ":" + port); - final GeckoBundle bundle = new GeckoBundle(3); - bundle.putInt("id", mId); - bundle.putString("address", hostname); - bundle.putInt("port", port); - mCallback.sendSuccess(bundle); - } else { - Log.e(TAG, "Failed to get a usable config from the PT: " + error); - mCallback.sendError(error); - } - } + void onBootstrapProgress(double progress, boolean hasWarnings); - void shutdown() { - if (mProcess != null) { - mProcess.destroy(); - mProcess = null; - } - try { - join(); - } catch (InterruptedException e) { - Log.e(TAG, "Could not join the meek thread", e); - } - } - } + void onBootstrapComplete(); - public interface BootstrapStateChangeListener { - void onBootstrapStateChange(String state); - void onBootstrapProgress(double progress, boolean hasWarnings); - void onBootstrapComplete(); - void onBootstrapError(String code, String message, String phase, String reason); - void onSettingsRequested(); - } + void onBootstrapError(String code, String message, String phase, String reason); - public interface TorLogListener { - void onLog(String logType, String message); - } + void onSettingsRequested(); + } - private @NonNull void reloadSettings() { - EventDispatcher.getInstance().queryBundle(EVENT_SETTINGS_GET).then( new GeckoResult.OnValueListener<GeckoBundle, Void>() { - public GeckoResult<Void> onValue(final GeckoBundle bundle) { + public interface TorLogListener { + void onLog(String logType, String message); + } + + private @NonNull void reloadSettings() { + EventDispatcher.getInstance() + .queryBundle(EVENT_SETTINGS_GET) + .then( + new GeckoResult.OnValueListener<GeckoBundle, Void>() { + public GeckoResult<Void> onValue(final GeckoBundle bundle) { mSettings = new TorSettings(bundle); return new GeckoResult<Void>(); - } - }); - } + } + }); + } - public TorSettings getSettings() { - return mSettings; - } + public TorSettings getSettings() { + return mSettings; + } - public void setSettings(final TorSettings settings, boolean save, boolean apply) { - mSettings = settings; + public void setSettings(final TorSettings settings, boolean save, boolean apply) { + mSettings = settings; - emitSetSettings(settings, save, apply).then( + emitSetSettings(settings, save, apply) + .then( new GeckoResult.OnValueListener<Void, Void>() { - public GeckoResult<Void> onValue(Void v) { - return new GeckoResult<Void>(); - } + public GeckoResult<Void> onValue(Void v) { + return new GeckoResult<Void>(); + } }, new GeckoResult.OnExceptionListener<Void>() { - public GeckoResult<Void> onException(final Throwable e) { - Log.e(TAG, "Failed to set settings", e); - reloadSettings(); - return new GeckoResult<Void>(); - } + public GeckoResult<Void> onException(final Throwable e) { + Log.e(TAG, "Failed to set settings", e); + reloadSettings(); + return new GeckoResult<Void>(); + } }); - } - - private @NonNull GeckoResult<Void> emitSetSettings(final TorSettings settings, boolean save, boolean apply) { - GeckoBundle bundle = new GeckoBundle(3); - bundle.putBoolean("save", save); - bundle.putBoolean("apply", apply); - bundle.putBundle("settings", settings.asGeckoBundle()); - return EventDispatcher.getInstance().queryVoid(EVENT_SETTINGS_SET, bundle); - } - - public @NonNull GeckoResult<Void> applySettings() { - return EventDispatcher.getInstance().queryVoid(EVENT_SETTINGS_APPLY); - } - - public @NonNull GeckoResult<Void> saveSettings() { - return EventDispatcher.getInstance().queryVoid(EVENT_SETTINGS_SAVE); - } - - public @NonNull GeckoResult<Void> beginBootstrap() { - return EventDispatcher.getInstance().queryVoid(EVENT_BOOTSTRAP_BEGIN); - } - - public @NonNull GeckoResult<Void> beginAutoBootstrap(final String countryCode) { - final GeckoBundle bundle = new GeckoBundle(1); - bundle.putString("countryCode", countryCode); - return EventDispatcher.getInstance().queryVoid(EVENT_BOOTSTRAP_BEGIN_AUTO, bundle); - } - - public @NonNull GeckoResult<Void> beginAutoBootstrap() { - return beginAutoBootstrap(null); - } - - public @NonNull GeckoResult<Void> cancelBootstrap() { - return EventDispatcher.getInstance().queryVoid(EVENT_BOOTSTRAP_CANCEL); - } - - public void registerBootstrapStateChangeListener(BootstrapStateChangeListener listener) { - mBootstrapStateListeners.add(listener); - } - - public void unregisterBootstrapStateChangeListener(BootstrapStateChangeListener listener) { - mBootstrapStateListeners.remove(listener); - } - - private final HashSet<BootstrapStateChangeListener> mBootstrapStateListeners = new HashSet<>(); - - public void registerLogListener(TorLogListener listener) { - mLogListeners.add(listener); - } - - public void unregisterLogListener(TorLogListener listener) { - mLogListeners.remove(listener); - } - - private final HashSet<TorLogListener> mLogListeners = new HashSet<>(); + } + + private @NonNull GeckoResult<Void> emitSetSettings( + final TorSettings settings, boolean save, boolean apply) { + GeckoBundle bundle = new GeckoBundle(3); + bundle.putBoolean("save", save); + bundle.putBoolean("apply", apply); + bundle.putBundle("settings", settings.asGeckoBundle()); + return EventDispatcher.getInstance().queryVoid(EVENT_SETTINGS_SET, bundle); + } + + public @NonNull GeckoResult<Void> applySettings() { + return EventDispatcher.getInstance().queryVoid(EVENT_SETTINGS_APPLY); + } + + public @NonNull GeckoResult<Void> saveSettings() { + return EventDispatcher.getInstance().queryVoid(EVENT_SETTINGS_SAVE); + } + + public @NonNull GeckoResult<Void> beginBootstrap() { + return EventDispatcher.getInstance().queryVoid(EVENT_BOOTSTRAP_BEGIN); + } + + public @NonNull GeckoResult<Void> beginAutoBootstrap(final String countryCode) { + final GeckoBundle bundle = new GeckoBundle(1); + bundle.putString("countryCode", countryCode); + return EventDispatcher.getInstance().queryVoid(EVENT_BOOTSTRAP_BEGIN_AUTO, bundle); + } + + public @NonNull GeckoResult<Void> beginAutoBootstrap() { + return beginAutoBootstrap(null); + } + + public @NonNull GeckoResult<Void> cancelBootstrap() { + return EventDispatcher.getInstance().queryVoid(EVENT_BOOTSTRAP_CANCEL); + } + + public void registerBootstrapStateChangeListener(BootstrapStateChangeListener listener) { + mBootstrapStateListeners.add(listener); + } + + public void unregisterBootstrapStateChangeListener(BootstrapStateChangeListener listener) { + mBootstrapStateListeners.remove(listener); + } + + private final HashSet<BootstrapStateChangeListener> mBootstrapStateListeners = new HashSet<>(); + + public void registerLogListener(TorLogListener listener) { + mLogListeners.add(listener); + } + + public void unregisterLogListener(TorLogListener listener) { + mLogListeners.remove(listener); + } + + private final HashSet<TorLogListener> mLogListeners = new HashSet<>(); } ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/TorSettings.java ===================================== @@ -1,185 +1,192 @@ package org.mozilla.geckoview; import android.util.Log; - import org.mozilla.gecko.util.GeckoBundle; public class TorSettings { - public enum BridgeSource { - Invalid(-1), - BuiltIn(0), - BridgeDB(1), - UserProvided(2); - - private int source; - - BridgeSource(final int source) { - this.source = source; - } - - public static BridgeSource fromInt(int i) { - switch (i) { - case -1: return Invalid; - case 0: return BuiltIn; - case 1: return BridgeDB; - case 2: return UserProvided; - } - return Invalid; - } - - public int toInt() { - return this.source; - } + public enum BridgeSource { + Invalid(-1), + BuiltIn(0), + BridgeDB(1), + UserProvided(2); + + private int source; + + BridgeSource(final int source) { + this.source = source; } - public enum ProxyType { - Invalid(-1), - Socks4(0), - Socks5(1), - HTTPS(2); - - private int type; - - ProxyType(final int type) { - this.type = type; - } - - public int toInt() { - return type; - } - - public static ProxyType fromInt(int i) { - switch (i) { - case -1: return Invalid; - case 0: return Socks4; - case 1: return Socks5; - case 2: return HTTPS; - } - return Invalid; - } + public static BridgeSource fromInt(int i) { + switch (i) { + case -1: + return Invalid; + case 0: + return BuiltIn; + case 1: + return BridgeDB; + case 2: + return UserProvided; + } + return Invalid; } - public enum BridgeBuiltinType { - /* TorSettings.sys.mjs ~ln43: string: obfs4|meek-azure|snowflake|etc */ - Invalid("invalid"), - Obfs4("obfs4"), - MeekAzure("meek-azure"), - Snowflake("snowflake"); + public int toInt() { + return this.source; + } + } + public enum ProxyType { + Invalid(-1), + Socks4(0), + Socks5(1), + HTTPS(2); - private String type; + private int type; - BridgeBuiltinType(String type) { - this.type = type; - } + ProxyType(final int type) { + this.type = type; + } - public String toString() { - return type; - } + public int toInt() { + return type; + } - public static BridgeBuiltinType fromString(String s) { - switch (s) { - case "obfs4": return Obfs4; - case "meek-azure": return MeekAzure; - case "snowflake": return Snowflake; - } - return Invalid; - } + public static ProxyType fromInt(int i) { + switch (i) { + case -1: + return Invalid; + case 0: + return Socks4; + case 1: + return Socks5; + case 2: + return HTTPS; + } + return Invalid; + } + } + + public enum BridgeBuiltinType { + /* TorSettings.sys.mjs ~ln43: string: obfs4|meek-azure|snowflake|etc */ + Invalid("invalid"), + Obfs4("obfs4"), + MeekAzure("meek-azure"), + Snowflake("snowflake"); + + private String type; + BridgeBuiltinType(String type) { + this.type = type; } - private boolean loaded = false; + public String toString() { + return type; + } - public boolean enabled = true; + public static BridgeBuiltinType fromString(String s) { + switch (s) { + case "obfs4": + return Obfs4; + case "meek-azure": + return MeekAzure; + case "snowflake": + return Snowflake; + } + return Invalid; + } + } - public boolean quickstart = false; + private boolean loaded = false; - // bridges section - public boolean bridgesEnabled = false; - public BridgeSource bridgesSource = BridgeSource.Invalid; - public BridgeBuiltinType bridgesBuiltinType = BridgeBuiltinType.Invalid; - public String[] bridgeBridgeStrings; + public boolean enabled = true; - // proxy section - public boolean proxyEnabled = false; - public ProxyType proxyType = ProxyType.Invalid; - public String proxyAddress = ""; - public int proxyPort = 0; - public String proxyUsername = ""; - public String proxyPassword = ""; + public boolean quickstart = false; - // firewall section - public boolean firewallEnabled = false; - public int[] firewallAllowedPorts; + // bridges section + public boolean bridgesEnabled = false; + public BridgeSource bridgesSource = BridgeSource.Invalid; + public BridgeBuiltinType bridgesBuiltinType = BridgeBuiltinType.Invalid; + public String[] bridgeBridgeStrings; - public TorSettings() { - } + // proxy section + public boolean proxyEnabled = false; + public ProxyType proxyType = ProxyType.Invalid; + public String proxyAddress = ""; + public int proxyPort = 0; + public String proxyUsername = ""; + public String proxyPassword = ""; + + // firewall section + public boolean firewallEnabled = false; + public int[] firewallAllowedPorts; + + public TorSettings() {} + + public TorSettings(GeckoBundle bundle) { + try { + GeckoBundle qs = bundle.getBundle("quickstart"); + GeckoBundle bridges = bundle.getBundle("bridges"); + GeckoBundle proxy = bundle.getBundle("proxy"); + GeckoBundle firewall = bundle.getBundle("firewall"); + + bridgesEnabled = bridges.getBoolean("enabled"); + bridgesSource = BridgeSource.fromInt(bridges.getInt("source")); + bridgesBuiltinType = BridgeBuiltinType.fromString(bridges.getString("builtin_type")); + bridgeBridgeStrings = bridges.getStringArray("bridge_strings"); - public TorSettings(GeckoBundle bundle) { - try { - GeckoBundle qs = bundle.getBundle("quickstart"); - GeckoBundle bridges = bundle.getBundle("bridges"); - GeckoBundle proxy = bundle.getBundle("proxy"); - GeckoBundle firewall = bundle.getBundle("firewall"); - - bridgesEnabled = bridges.getBoolean("enabled"); - bridgesSource = BridgeSource.fromInt(bridges.getInt("source")); - bridgesBuiltinType = BridgeBuiltinType.fromString(bridges.getString("builtin_type")); - bridgeBridgeStrings = bridges.getStringArray("bridge_strings"); - - quickstart = qs.getBoolean("enabled"); - - firewallEnabled = firewall.getBoolean("enabled"); - firewallAllowedPorts = firewall.getIntArray("allowed_ports"); - - proxyEnabled = proxy.getBoolean("enabled"); - proxyAddress = proxy.getString("address"); - proxyUsername = proxy.getString("username"); - proxyPassword = proxy.getString("password"); - proxyPort = proxy.getInt("port"); - proxyType = ProxyType.fromInt(proxy.getInt("type")); - - loaded = true; - } catch (Exception e) { - Log.e("TorSettings", "bundle access error: " + e.toString(), e); - } + quickstart = qs.getBoolean("enabled"); + + firewallEnabled = firewall.getBoolean("enabled"); + firewallAllowedPorts = firewall.getIntArray("allowed_ports"); + + proxyEnabled = proxy.getBoolean("enabled"); + proxyAddress = proxy.getString("address"); + proxyUsername = proxy.getString("username"); + proxyPassword = proxy.getString("password"); + proxyPort = proxy.getInt("port"); + proxyType = ProxyType.fromInt(proxy.getInt("type")); + + loaded = true; + } catch (Exception e) { + Log.e("TorSettings", "bundle access error: " + e.toString(), e); } + } - public GeckoBundle asGeckoBundle() { - GeckoBundle bundle = new GeckoBundle(); + public GeckoBundle asGeckoBundle() { + GeckoBundle bundle = new GeckoBundle(); - GeckoBundle qs = new GeckoBundle(); - GeckoBundle bridges = new GeckoBundle(); - GeckoBundle proxy = new GeckoBundle(); - GeckoBundle firewall = new GeckoBundle(); + GeckoBundle qs = new GeckoBundle(); + GeckoBundle bridges = new GeckoBundle(); + GeckoBundle proxy = new GeckoBundle(); + GeckoBundle firewall = new GeckoBundle(); - bridges.putBoolean("enabled", bridgesEnabled); - bridges.putInt("source", bridgesSource.toInt()); - bridges.putString("builtin_type", bridgesBuiltinType.toString()); - bridges.putStringArray("bridge_strings", bridgeBridgeStrings); + bridges.putBoolean("enabled", bridgesEnabled); + bridges.putInt("source", bridgesSource.toInt()); + bridges.putString("builtin_type", bridgesBuiltinType.toString()); + bridges.putStringArray("bridge_strings", bridgeBridgeStrings); - qs.putBoolean("enabled", quickstart); + qs.putBoolean("enabled", quickstart); - firewall.putBoolean("enabled", firewallEnabled); - firewall.putIntArray("allowed_ports", firewallAllowedPorts); + firewall.putBoolean("enabled", firewallEnabled); + firewall.putIntArray("allowed_ports", firewallAllowedPorts); - proxy.putBoolean("enabled", proxyEnabled); - proxy.putString("address", proxyAddress); - proxy.putString("username", proxyUsername); - proxy.putString("password", proxyPassword); - proxy.putInt("port", proxyPort); - proxy.putInt("type", proxyType.toInt()); + proxy.putBoolean("enabled", proxyEnabled); + proxy.putString("address", proxyAddress); + proxy.putString("username", proxyUsername); + proxy.putString("password", proxyPassword); + proxy.putInt("port", proxyPort); + proxy.putInt("type", proxyType.toInt()); - bundle.putBundle("quickstart", qs); - bundle.putBundle("bridges", bridges); - bundle.putBundle("proxy", proxy); - bundle.putBundle("firewall", firewall); + bundle.putBundle("quickstart", qs); + bundle.putBundle("bridges", bridges); + bundle.putBundle("proxy", proxy); + bundle.putBundle("firewall", firewall); - return bundle; - } + return bundle; + } - public boolean isLoaded() { - return this.loaded; - } + public boolean isLoaded() { + return this.loaded; + } } ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebRequest.java ===================================== @@ -49,9 +49,7 @@ public class WebRequest extends WebMessage { /** The value of the Referer header for this request. */ public final @Nullable String referrer; - /** - * The value of the origin of this request. - */ + /** The value of the origin of this request. */ public final @Nullable String origin; @Retention(RetentionPolicy.SOURCE) @@ -248,10 +246,10 @@ public class WebRequest extends WebMessage { * @param origin A URI String * @return This Builder instance. */ - public @NonNull Builder origin(final @Nullable String origin) { - mOrigin = origin; - return this; - } + public @NonNull Builder origin(final @Nullable String origin) { + mOrigin = origin; + return this; + } /** * @return A {@link WebRequest} constructed with the values from this Builder instance. ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/androidlegacysettings/Prefs.java ===================================== @@ -2,71 +2,68 @@ package org.mozilla.geckoview.androidlegacysettings; import android.content.Context; import android.content.SharedPreferences; -import org.mozilla.gecko.GeckoAppShell; - import java.util.Locale; +import org.mozilla.gecko.GeckoAppShell; // tor-android-service utils/Prefs.java /* package */ class Prefs { - private final static String PREF_BRIDGES_ENABLED = "pref_bridges_enabled"; - private final static String PREF_BRIDGES_LIST = "pref_bridges_list"; + private static final String PREF_BRIDGES_ENABLED = "pref_bridges_enabled"; + private static final String PREF_BRIDGES_LIST = "pref_bridges_list"; - private static SharedPreferences prefs; + private static SharedPreferences prefs; - // OrbotConstants - private final static String PREF_TOR_SHARED_PREFS = "org.torproject.android_preferences"; + // OrbotConstants + private static final String PREF_TOR_SHARED_PREFS = "org.torproject.android_preferences"; + // tor-android-service utils/TorServiceUtil.java - // tor-android-service utils/TorServiceUtil.java - - private static void setContext() { - if (prefs == null) { - prefs = GeckoAppShell.getApplicationContext().getSharedPreferences(PREF_TOR_SHARED_PREFS, - Context.MODE_MULTI_PROCESS); - } + private static void setContext() { + if (prefs == null) { + prefs = + GeckoAppShell.getApplicationContext() + .getSharedPreferences(PREF_TOR_SHARED_PREFS, Context.MODE_MULTI_PROCESS); } - - public static boolean getBoolean(String key, boolean def) { - setContext(); - return prefs.getBoolean(key, def); - } - - public static void putBoolean(String key, boolean value) { - setContext(); - prefs.edit().putBoolean(key, value).apply(); - } - - public static void putString(String key, String value) { - setContext(); - prefs.edit().putString(key, value).apply(); + } + + public static boolean getBoolean(String key, boolean def) { + setContext(); + return prefs.getBoolean(key, def); + } + + public static void putBoolean(String key, boolean value) { + setContext(); + prefs.edit().putBoolean(key, value).apply(); + } + + public static void putString(String key, String value) { + setContext(); + prefs.edit().putString(key, value).apply(); + } + + public static String getString(String key, String def) { + setContext(); + return prefs.getString(key, def); + } + + public static boolean bridgesEnabled() { + setContext(); + // for Locale.getDefault().getLanguage().equals("fa"), bridges were enabled by default (and + // it was meek). This was a default set in 2019 code, but it is not a good default anymore, + // so we removed the check. + return prefs.getBoolean(PREF_BRIDGES_ENABLED, false); + } + + public static String getBridgesList() { + setContext(); + String list = prefs.getString(PREF_BRIDGES_LIST, ""); + // list might be empty if the default PT was used, so check also if bridges are enabled. + if (list.isEmpty() && prefs.getBoolean(PREF_BRIDGES_ENABLED, false)) { + // Even though the check on the fa locale is not good to enable bridges by default, we + // still check it here, because if the list was empty, it was likely that it was the + // choice for users with this locale. + return (Locale.getDefault().getLanguage().equals("fa")) ? "meek" : "obfs4"; } - - public static String getString(String key, String def) { - setContext(); - return prefs.getString(key, def); - } - - public static boolean bridgesEnabled() { - setContext(); - // for Locale.getDefault().getLanguage().equals("fa"), bridges were enabled by default (and - // it was meek). This was a default set in 2019 code, but it is not a good default anymore, - // so we removed the check. - return prefs.getBoolean(PREF_BRIDGES_ENABLED, false); - } - - public static String getBridgesList() { - setContext(); - String list = prefs.getString(PREF_BRIDGES_LIST, ""); - // list might be empty if the default PT was used, so check also if bridges are enabled. - if (list.isEmpty() && prefs.getBoolean(PREF_BRIDGES_ENABLED, false)) { - // Even though the check on the fa locale is not good to enable bridges by default, we - // still check it here, because if the list was empty, it was likely that it was the - // choice for users with this locale. - return (Locale.getDefault().getLanguage().equals("fa")) ? "meek": "obfs4"; - } - return list; - } - - + return list; + } } ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/androidlegacysettings/TorLegacyAndroidSettings.java ===================================== @@ -4,70 +4,71 @@ import org.mozilla.geckoview.TorSettings; public class TorLegacyAndroidSettings { - private static String PREF_USE_MOZ_PREFS = "tor_use_moz_prefs"; + private static String PREF_USE_MOZ_PREFS = "tor_use_moz_prefs"; - public static boolean unmigrated() { - return !Prefs.getBoolean(PREF_USE_MOZ_PREFS, false); - } + public static boolean unmigrated() { + return !Prefs.getBoolean(PREF_USE_MOZ_PREFS, false); + } - public static void setUnmigrated() { - Prefs.putBoolean(PREF_USE_MOZ_PREFS, false); - } + public static void setUnmigrated() { + Prefs.putBoolean(PREF_USE_MOZ_PREFS, false); + } - public static void setMigrated() { - Prefs.putBoolean(PREF_USE_MOZ_PREFS, true); - } + public static void setMigrated() { + Prefs.putBoolean(PREF_USE_MOZ_PREFS, true); + } - public static TorSettings loadTorSettings() { - TorSettings settings = new TorSettings(); + public static TorSettings loadTorSettings() { + TorSettings settings = new TorSettings(); - // always true, tor is enabled in TB - settings.enabled = true; + // always true, tor is enabled in TB + settings.enabled = true; - // firefox-android disconnected quick start a while ago so it's untracked - settings.quickstart = false; + // firefox-android disconnected quick start a while ago so it's untracked + settings.quickstart = false; - settings.bridgesEnabled = Prefs.bridgesEnabled(); + settings.bridgesEnabled = Prefs.bridgesEnabled(); - // tor-android-service CustomTorInstaller.java -/* - BridgesList is an overloaded field, which can cause some confusion. - The list can be: - 1) a filter like obfs4, meek, or snowflake OR - 2) it can be a custom bridge - For (1), we just pass back all bridges, the filter will occur - elsewhere in the library. - For (2) we return the bridge list as a raw stream. - If length is greater than 9, then we know this is a custom bridge - */ - String userDefinedBridgeList = Prefs.getBridgesList(); - boolean userDefinedBridge = userDefinedBridgeList.length() > 9; - // Terrible hack. Must keep in sync with topl::addBridgesFromResources. - if (!userDefinedBridge) { - settings.bridgesSource = TorSettings.BridgeSource.BuiltIn; - switch (userDefinedBridgeList) { - case "obfs4": - case "snowflake": - settings.bridgesBuiltinType = TorSettings.BridgeBuiltinType.fromString(userDefinedBridgeList); - break; - case "meek": - settings.bridgesBuiltinType = TorSettings.BridgeBuiltinType.MeekAzure; - break; - default: - settings.bridgesSource = TorSettings.BridgeSource.Invalid; - break; - } - } else { - settings.bridgesSource = TorSettings.BridgeSource.UserProvided; // user provided - settings.bridgeBridgeStrings = userDefinedBridgeList.split("\r\n"); - } + // tor-android-service CustomTorInstaller.java + /* + BridgesList is an overloaded field, which can cause some confusion. + The list can be: + 1) a filter like obfs4, meek, or snowflake OR + 2) it can be a custom bridge + For (1), we just pass back all bridges, the filter will occur + elsewhere in the library. + For (2) we return the bridge list as a raw stream. + If length is greater than 9, then we know this is a custom bridge + */ + String userDefinedBridgeList = Prefs.getBridgesList(); + boolean userDefinedBridge = userDefinedBridgeList.length() > 9; + // Terrible hack. Must keep in sync with topl::addBridgesFromResources. + if (!userDefinedBridge) { + settings.bridgesSource = TorSettings.BridgeSource.BuiltIn; + switch (userDefinedBridgeList) { + case "obfs4": + case "snowflake": + settings.bridgesBuiltinType = + TorSettings.BridgeBuiltinType.fromString(userDefinedBridgeList); + break; + case "meek": + settings.bridgesBuiltinType = TorSettings.BridgeBuiltinType.MeekAzure; + break; + default: + settings.bridgesSource = TorSettings.BridgeSource.Invalid; + break; + } + } else { + settings.bridgesSource = TorSettings.BridgeSource.UserProvided; // user provided + settings.bridgeBridgeStrings = userDefinedBridgeList.split("\r\n"); + } - // Tor Browser Android doesn't take proxy and firewall settings - settings.proxyEnabled = false; + // Tor Browser Android doesn't take proxy and firewall settings + settings.proxyEnabled = false; - settings.firewallEnabled = false; - settings.firewallAllowedPorts = new int[0]; + settings.firewallEnabled = false; + settings.firewallAllowedPorts = new int[0]; - return settings; - } + return settings; + } } ===================================== toolkit/modules/DomainFrontedRequests.sys.mjs ===================================== @@ -444,7 +444,7 @@ export class DomainFrontRequestBuilder { async init(reflector, front) { if (this.#inited) { - throw new Error("MoatRPC: Already initialized"); + throw new Error("DomainFrontRequestBuilder: Already initialized"); } const meekTransport = @@ -464,7 +464,7 @@ export class DomainFrontRequestBuilder { buildHttpHandler(uriString) { if (!this.#inited) { - throw new Error("MoatRPC: Not initialized"); + throw new Error("DomainFrontRequestBuilder: Not initialized"); } const { proxyType, proxyAddress, proxyPort, proxyUsername, proxyPassword } = ===================================== toolkit/modules/Moat.sys.mjs ===================================== @@ -119,7 +119,7 @@ export class MoatRPC { ch.requestMethod = "HEAD"; const listener = new InternetTestResponseListener(); - await ch.asyncOpen(listener, ch); + ch.asyncOpen(listener, ch); return listener.status; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/70283a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/70283a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] release: new version, 14.0.1
by morgan (＠morgan) 29 Oct '24

29 Oct '24

morgan pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: f089903f by Morgan at 2024-10-29T16:02:23+00:00 release: new version, 14.0.1 - - - - - 30 changed files: - update_3/release/.htaccess - − update_3/release/13.5.5-14.0+13.5.7-linux-i686-ALL.xml - − update_3/release/13.5.5-14.0+13.5.7-linux-x86_64-ALL.xml - − update_3/release/13.5.5-14.0+13.5.7-macos-ALL.xml - − update_3/release/13.5.5-14.0+13.5.7-windows-i686-ALL.xml - − update_3/release/13.5.5-14.0+13.5.7-windows-x86_64-ALL.xml - + update_3/release/13.5.5-14.0.1+13.5.9-linux-i686-ALL.xml - + update_3/release/13.5.5-14.0.1+13.5.9-linux-x86_64-ALL.xml - + update_3/release/13.5.5-14.0.1+13.5.9-macos-ALL.xml - + update_3/release/13.5.5-14.0.1+13.5.9-windows-i686-ALL.xml - + update_3/release/13.5.5-14.0.1+13.5.9-windows-x86_64-ALL.xml - − update_3/release/13.5.6-14.0+13.5.7-linux-i686-ALL.xml - − update_3/release/13.5.6-14.0+13.5.7-linux-x86_64-ALL.xml - − update_3/release/13.5.6-14.0+13.5.7-macos-ALL.xml - − update_3/release/13.5.6-14.0+13.5.7-windows-i686-ALL.xml - − update_3/release/13.5.6-14.0+13.5.7-windows-x86_64-ALL.xml - + update_3/release/13.5.6-14.0.1+13.5.9-linux-i686-ALL.xml - + update_3/release/13.5.6-14.0.1+13.5.9-linux-x86_64-ALL.xml - + update_3/release/13.5.6-14.0.1+13.5.9-macos-ALL.xml - + update_3/release/13.5.6-14.0.1+13.5.9-windows-i686-ALL.xml - + update_3/release/13.5.6-14.0.1+13.5.9-windows-x86_64-ALL.xml - − update_3/release/13.5.7-14.0+13.5.7-linux-i686-ALL.xml - − update_3/release/13.5.7-14.0+13.5.7-linux-x86_64-ALL.xml - − update_3/release/13.5.7-14.0+13.5.7-macos-ALL.xml - − update_3/release/13.5.7-14.0+13.5.7-windows-i686-ALL.xml - − update_3/release/13.5.7-14.0+13.5.7-windows-x86_64-ALL.xml - + update_3/release/13.5.7-14.0.1+13.5.9-linux-i686-ALL.xml - + update_3/release/13.5.7-14.0.1+13.5.9-linux-x86_64-ALL.xml - + update_3/release/13.5.7-14.0.1+13.5.9-macos-ALL.xml - + update_3/release/13.5.7-14.0.1+13.5.9-windows-i686-ALL.xml The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 43140 (TB): Move fonts.conf to tor-browser.git.
by Pier Angelo Vendrame (＠pierov) 29 Oct '24

29 Oct '24

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 5e8a98b8 by Pier Angelo Vendrame at 2024-10-29T14:58:33+01:00 Bug 43140 (TB): Move fonts.conf to tor-browser.git. The lack of fonts.conf cannot be handled only with Firefox preferences, therefore we decided to move the configuration files to the browser repository. This will partially mitigate the fingerprint differences of users that do not start the browser in the correct way. - - - - - 3 changed files: - − projects/browser/Bundle-Data/linux/Data/fontconfig/fonts.conf - projects/browser/RelativeLink/start-browser - projects/browser/build Changes: ===================================== projects/browser/Bundle-Data/linux/Data/fontconfig/fonts.conf deleted ===================================== @@ -1,183 +0,0 @@ -<?xml version="1.0"?> -<!DOCTYPE fontconfig SYSTEM "fonts.dtd"> - - -<fontconfig> - - - - <dir prefix="cwd">fonts</dir> - - - <match target="pattern"> - <test qual="any" name="family"> - <string>mono</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>monospace</string> - </edit> - </match> - - - <match target="pattern"> - <test qual="any" name="family"> - <string>sans serif</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>sans-serif</string> - </edit> - </match> - - - <match target="pattern"> - <test qual="any" name="family"> - <string>sans</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>sans-serif</string> - </edit> - </match> - - - <match target="pattern"> - <test qual="any" name="family"> - <string>sans-serif</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Arimo</string> - </edit> - </match> - <match target="pattern"> - <test qual="any" name="family"> - <string>serif</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Tinos</string> - </edit> - </match> - <match target="pattern"> - <test qual="any" name="family"> - <string>monospace</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Cousine</string> - </edit> - </match> - - - <match target="pattern"> - <test qual="any" name="family"> - <string>Arial</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Arimo</string> - </edit> - </match> - <match target="pattern"> - <test qual="any" name="family"> - <string>Times New Roman</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Tinos</string> - </edit> - </match> - <match target="pattern"> - <test qual="any" name="family"> - <string>Courier New</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Cousine</string> - </edit> - </match> - <match target="pattern"> - <test qual="any" name="family"> - <string>Helvetica</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Arimo</string> - </edit> - </match> - <match target="pattern"> - <test qual="any" name="family"> - <string>Times</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Tinos</string> - </edit> - </match> - <match target="pattern"> - <test qual="any" name="family"> - <string>Courier</string> - </test> - <edit name="family" mode="assign" binding="same"> - <string>Cousine</string> - </edit> - </match> - - - - <cachedir prefix="xdg">fontconfig</cachedir> - - <config> - - <rescan> - <int>30</int> - </rescan> - </config> - -  - <match target="pattern"> - <edit name="antialias" mode="assign"><bool>true</bool></edit> - <edit name="autohint" mode="assign"><bool>false</bool></edit> - <edit name="hinting" mode="assign"><bool>true</bool></edit> - <edit name="hintstyle" mode="assign"><const>hintfull</const></edit> - <edit name="lcdfilter" mode="assign"><const>lcddefault</const></edit> - <edit name="rgba" mode="assign"><const>none</const></edit> - </match> -</fontconfig> ===================================== projects/browser/RelativeLink/start-browser ===================================== @@ -376,19 +376,6 @@ TOR_CONTROL_PASSWD environment variable." setControlPortPasswd ${TOR_CONTROL_PASSWD:='"secret"'} [% END -%] -# Set up custom bundled fonts. See fonts-conf(5). -export FONTCONFIG_PATH="$browser_dir/fontconfig" -export FONTCONFIG_FILE="fonts.conf" -[% # tor-browser#41776: We cannot make the updater remove this file. - # So, let's remove it on this script, since we know that at this point the - # browser will not need it anymore. - # Remove once we do a watershed release. - -%] -[% IF c("var/tor-browser") -%] -# Old fontconfig directory, not needed anymore -rm -Rf "${HOME}/TorBrowser/Data/fontconfig" -[% END -%] - # Avoid overwriting user's dconf values. Fixes #27903. export GSETTINGS_BACKEND=memory ===================================== projects/browser/build ===================================== @@ -221,19 +221,6 @@ tar -C "${TB_STAGE_DIR}" -xf [% c('input_files_by_name/firefox') %]/browser.tar. for tbdir in "${TBDIRS[@]}" do - [% IF c("var/linux") -%] - mv Bundle-Data/linux/Data/fontconfig "$tbdir/" - [% IF c("var/tor-browser") -%] - # tor-browser#41776: We cannot remove the old fontconfig file with the - # updater. So, let's keep it for the mar generation, but remove it from - # new packages. - # Remove once we do a watershed release. - oldfontconfig="$tbdir/TorBrowser/Data/fontconfig" - mkdir -p $oldfontconfig - cp "$tbdir/fontconfig/fonts.conf" "$oldfontconfig/" - [% END -%] - [% END -%] - mkdir -p "$tbdir/$DOCSPATH" cp -a Bundle-Data/Docs/* "$tbdir/$DOCSPATH" [% IF c("var/tor-browser") -%] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.4.0esr-14.5-1] amend! Bug 41043: Hardcode the UI font on Linux
by Pier Angelo Vendrame (＠pierov) 29 Oct '24

29 Oct '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 4e14cbf3 by Pier Angelo Vendrame at 2024-10-29T14:56:34+01:00 amend! Bug 41043: Hardcode the UI font on Linux Bug 43140: Tighten up fonts on Linux. We ship a fontconfig configuration to esnure all Linux users have the same defaults and reduce the chances of fingerprinting. We used to add this file in tor-browser-build, but some users might skip it by using the browser executable without the wrapper script. Therefore, we decided to activate the file with the FontConfig API instead of the environment variables. Bug 41043: Hardcode the UI font on Linux The mechanism to choose the UI font does not play well with our fontconfig configuration. As a result, the final criterion to choose the font for the UI was its version. Since we hardcode Arimo as a default sans-serif on preferences, we use it also for the UI. FontConfig will fall back to some other font for scripts Arimo does not cover as expected (we tested with Japanese). Bug 43141: Hardcode system-ui to Arimo. - - - - - 3 changed files: - + browser/fonts/fonts.conf - browser/fonts/moz.build - gfx/thebes/gfxFcPlatformFontList.cpp Changes: ===================================== browser/fonts/fonts.conf ===================================== @@ -0,0 +1,183 @@ +<?xml version="1.0"?> +<!DOCTYPE fontconfig SYSTEM "fonts.dtd"> + + +<fontconfig> + + + + <dir prefix="cwd">fonts</dir> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>mono</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>monospace</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>sans-serif</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>sans-serif</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans-serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>monospace</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>Arial</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Times New Roman</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Courier New</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Helvetica</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Times</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Courier</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + + + + <cachedir prefix="xdg">fontconfig</cachedir> + + <config> + + <rescan> + <int>30</int> + </rescan> + </config> + +  + <match target="pattern"> + <edit name="antialias" mode="assign"><bool>true</bool></edit> + <edit name="autohint" mode="assign"><bool>false</bool></edit> + <edit name="hinting" mode="assign"><bool>true</bool></edit> + <edit name="hintstyle" mode="assign"><const>hintfull</const></edit> + <edit name="lcdfilter" mode="assign"><const>lcddefault</const></edit> + <edit name="rgba" mode="assign"><const>none</const></edit> + </match> +</fontconfig> ===================================== browser/fonts/moz.build ===================================== @@ -7,3 +7,6 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] in ("windows", "gtk"): DIST_SUBDIR = "" FINAL_TARGET_FILES.fonts += ["TwemojiMozilla.ttf"] + +if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk": + FINAL_TARGET_FILES.fonts += ["fonts.conf"] ===================================== gfx/thebes/gfxFcPlatformFontList.cpp ===================================== @@ -1352,12 +1352,39 @@ bool gfxFontconfigFont::ShouldHintMetrics() const { return !GetStyle()->printerFont; } +static nsresult SetFontconfigConfigFile() { + nsCOMPtr<nsIProperties> dirSvc( + do_GetService("@mozilla.org/file/directory_service;1")); + NS_ENSURE_TRUE(dirSvc, NS_ERROR_NOT_AVAILABLE); + nsCOMPtr<nsIFile> appFile, confFile; + nsresult rv = dirSvc->Get(XRE_EXECUTABLE_FILE, NS_GET_IID(nsIFile), + getter_AddRefs(appFile)); + NS_ENSURE_SUCCESS(rv, rv); + rv = appFile->GetParent(getter_AddRefs(confFile)); + NS_ENSURE_SUCCESS(rv, rv); + rv = confFile->AppendNative("fonts"_ns); + NS_ENSURE_SUCCESS(rv, rv); + rv = confFile->AppendNative("fonts.conf"_ns); + NS_ENSURE_SUCCESS(rv, rv); + + nsAutoCString confPath; + rv = confFile->GetNativePath(confPath); + if (setenv("FONTCONFIG_FILE", confPath.BeginReading(), 1) != 0) { + return NS_ERROR_FAILURE; + } + return NS_OK; +} + gfxFcPlatformFontList::gfxFcPlatformFontList() : mLocalNames(64), mGenericMappings(32), mFcSubstituteCache(64), mLastConfig(nullptr), mAlwaysUseFontconfigGenerics(true) { + if (NS_FAILED(SetFontconfigConfigFile())) { + NS_WARNING("Failed to set the fontconfig config file!"); + } + CheckFamilyList(kBaseFonts_Ubuntu_22_04); CheckFamilyList(kLangFonts_Ubuntu_22_04); CheckFamilyList(kBaseFonts_Ubuntu_20_04); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/4e1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/4e1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.4.0esr-14.5-1] amend! Bug 41043: Hardcode the UI font on Linux
by Pier Angelo Vendrame (＠pierov) 29 Oct '24

29 Oct '24

Pier Angelo Vendrame pushed to branch base-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 3975e76c by Pier Angelo Vendrame at 2024-10-29T14:55:53+01:00 amend! Bug 41043: Hardcode the UI font on Linux Bug 43140: Tighten up fonts on Linux. We ship a fontconfig configuration to esnure all Linux users have the same defaults and reduce the chances of fingerprinting. We used to add this file in tor-browser-build, but some users might skip it by using the browser executable without the wrapper script. Therefore, we decided to activate the file with the FontConfig API instead of the environment variables. Bug 41043: Hardcode the UI font on Linux The mechanism to choose the UI font does not play well with our fontconfig configuration. As a result, the final criterion to choose the font for the UI was its version. Since we hardcode Arimo as a default sans-serif on preferences, we use it also for the UI. FontConfig will fall back to some other font for scripts Arimo does not cover as expected (we tested with Japanese). Bug 43141: Hardcode system-ui to Arimo. - - - - - 3 changed files: - + browser/fonts/fonts.conf - browser/fonts/moz.build - gfx/thebes/gfxFcPlatformFontList.cpp Changes: ===================================== browser/fonts/fonts.conf ===================================== @@ -0,0 +1,183 @@ +<?xml version="1.0"?> +<!DOCTYPE fontconfig SYSTEM "fonts.dtd"> + + +<fontconfig> + + + + <dir prefix="cwd">fonts</dir> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>mono</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>monospace</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>sans-serif</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>sans-serif</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans-serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>monospace</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>Arial</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Times New Roman</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Courier New</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Helvetica</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Times</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Courier</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + + + + <cachedir prefix="xdg">fontconfig</cachedir> + + <config> + + <rescan> + <int>30</int> + </rescan> + </config> + +  + <match target="pattern"> + <edit name="antialias" mode="assign"><bool>true</bool></edit> + <edit name="autohint" mode="assign"><bool>false</bool></edit> + <edit name="hinting" mode="assign"><bool>true</bool></edit> + <edit name="hintstyle" mode="assign"><const>hintfull</const></edit> + <edit name="lcdfilter" mode="assign"><const>lcddefault</const></edit> + <edit name="rgba" mode="assign"><const>none</const></edit> + </match> +</fontconfig> ===================================== browser/fonts/moz.build ===================================== @@ -7,3 +7,6 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] in ("windows", "gtk"): DIST_SUBDIR = "" FINAL_TARGET_FILES.fonts += ["TwemojiMozilla.ttf"] + +if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk": + FINAL_TARGET_FILES.fonts += ["fonts.conf"] ===================================== gfx/thebes/gfxFcPlatformFontList.cpp ===================================== @@ -1352,12 +1352,39 @@ bool gfxFontconfigFont::ShouldHintMetrics() const { return !GetStyle()->printerFont; } +static nsresult SetFontconfigConfigFile() { + nsCOMPtr<nsIProperties> dirSvc( + do_GetService("@mozilla.org/file/directory_service;1")); + NS_ENSURE_TRUE(dirSvc, NS_ERROR_NOT_AVAILABLE); + nsCOMPtr<nsIFile> appFile, confFile; + nsresult rv = dirSvc->Get(XRE_EXECUTABLE_FILE, NS_GET_IID(nsIFile), + getter_AddRefs(appFile)); + NS_ENSURE_SUCCESS(rv, rv); + rv = appFile->GetParent(getter_AddRefs(confFile)); + NS_ENSURE_SUCCESS(rv, rv); + rv = confFile->AppendNative("fonts"_ns); + NS_ENSURE_SUCCESS(rv, rv); + rv = confFile->AppendNative("fonts.conf"_ns); + NS_ENSURE_SUCCESS(rv, rv); + + nsAutoCString confPath; + rv = confFile->GetNativePath(confPath); + if (setenv("FONTCONFIG_FILE", confPath.BeginReading(), 1) != 0) { + return NS_ERROR_FAILURE; + } + return NS_OK; +} + gfxFcPlatformFontList::gfxFcPlatformFontList() : mLocalNames(64), mGenericMappings(32), mFcSubstituteCache(64), mLastConfig(nullptr), mAlwaysUseFontconfigGenerics(true) { + if (NS_FAILED(SetFontconfigConfigFile())) { + NS_WARNING("Failed to set the fontconfig config file!"); + } + CheckFamilyList(kBaseFonts_Ubuntu_22_04); CheckFamilyList(kLangFonts_Ubuntu_22_04); CheckFamilyList(kBaseFonts_Ubuntu_20_04); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3975e76… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3975e76… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.4.0esr-14.5-1] 2 commits: amend! Bug 41043: Hardcode the UI font on Linux
by Pier Angelo Vendrame (＠pierov) 29 Oct '24

29 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 7fdefc8e by Pier Angelo Vendrame at 2024-10-25T01:13:30+00:00 amend! Bug 41043: Hardcode the UI font on Linux Bug 43140: Tighten up fonts on Linux. We ship a fontconfig configuration to esnure all Linux users have the same defaults and reduce the chances of fingerprinting. We used to add this file in tor-browser-build, but some users might skip it by using the browser executable without the wrapper script. Therefore, we decided to activate the file with the FontConfig API instead of the environment variables. Bug 41043: Hardcode the UI font on Linux The mechanism to choose the UI font does not play well with our fontconfig configuration. As a result, the final criterion to choose the font for the UI was its version. Since we hardcode Arimo as a default sans-serif on preferences, we use it also for the UI. FontConfig will fall back to some other font for scripts Arimo does not cover as expected (we tested with Japanese). Bug 43141: Hardcode system-ui to Arimo. - - - - - 70283a2f by Pier Angelo Vendrame at 2024-10-28T09:11:14+01:00 fixup! Bug 41668: Tweaks to the Base Browser updater for Tor Browser Bug 41786: Remove the add_if command we added for fontconfig. We do not need it anymore, as we had the watershed update and, in any case, we are movign the fonts.conf in tor-browser.git. - - - - - 6 changed files: - + browser/fonts/fonts.conf - browser/fonts/moz.build - gfx/thebes/gfxFcPlatformFontList.cpp - tools/update-packaging/common.sh - tools/update-packaging/make_full_update.sh - tools/update-packaging/make_incremental_update.sh Changes: ===================================== browser/fonts/fonts.conf ===================================== @@ -0,0 +1,183 @@ +<?xml version="1.0"?> +<!DOCTYPE fontconfig SYSTEM "fonts.dtd"> + + +<fontconfig> + + + + <dir prefix="cwd">fonts</dir> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>mono</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>monospace</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>sans-serif</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>sans-serif</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>sans-serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>serif</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>monospace</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + + + <match target="pattern"> + <test qual="any" name="family"> + <string>Arial</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Times New Roman</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Courier New</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Helvetica</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Arimo</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Times</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Tinos</string> + </edit> + </match> + <match target="pattern"> + <test qual="any" name="family"> + <string>Courier</string> + </test> + <edit name="family" mode="assign" binding="same"> + <string>Cousine</string> + </edit> + </match> + + + + <cachedir prefix="xdg">fontconfig</cachedir> + + <config> + + <rescan> + <int>30</int> + </rescan> + </config> + +  + <match target="pattern"> + <edit name="antialias" mode="assign"><bool>true</bool></edit> + <edit name="autohint" mode="assign"><bool>false</bool></edit> + <edit name="hinting" mode="assign"><bool>true</bool></edit> + <edit name="hintstyle" mode="assign"><const>hintfull</const></edit> + <edit name="lcdfilter" mode="assign"><const>lcddefault</const></edit> + <edit name="rgba" mode="assign"><const>none</const></edit> + </match> +</fontconfig> ===================================== browser/fonts/moz.build ===================================== @@ -7,3 +7,6 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] in ("windows", "gtk"): DIST_SUBDIR = "" FINAL_TARGET_FILES.fonts += ["TwemojiMozilla.ttf"] + +if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk": + FINAL_TARGET_FILES.fonts += ["fonts.conf"] ===================================== gfx/thebes/gfxFcPlatformFontList.cpp ===================================== @@ -1352,12 +1352,39 @@ bool gfxFontconfigFont::ShouldHintMetrics() const { return !GetStyle()->printerFont; } +static nsresult SetFontconfigConfigFile() { + nsCOMPtr<nsIProperties> dirSvc( + do_GetService("@mozilla.org/file/directory_service;1")); + NS_ENSURE_TRUE(dirSvc, NS_ERROR_NOT_AVAILABLE); + nsCOMPtr<nsIFile> appFile, confFile; + nsresult rv = dirSvc->Get(XRE_EXECUTABLE_FILE, NS_GET_IID(nsIFile), + getter_AddRefs(appFile)); + NS_ENSURE_SUCCESS(rv, rv); + rv = appFile->GetParent(getter_AddRefs(confFile)); + NS_ENSURE_SUCCESS(rv, rv); + rv = confFile->AppendNative("fonts"_ns); + NS_ENSURE_SUCCESS(rv, rv); + rv = confFile->AppendNative("fonts.conf"_ns); + NS_ENSURE_SUCCESS(rv, rv); + + nsAutoCString confPath; + rv = confFile->GetNativePath(confPath); + if (NS_WARN_IF(setenv("FONTCONFIG_FILE", confPath.BeginReading(), 1) != 0)) { + return NS_ERROR_FAILURE; + } + return NS_OK; +} + gfxFcPlatformFontList::gfxFcPlatformFontList() : mLocalNames(64), mGenericMappings(32), mFcSubstituteCache(64), mLastConfig(nullptr), mAlwaysUseFontconfigGenerics(true) { + if (NS_FAILED(SetFontconfigConfigFile())) { + NS_WARNING("Failed to set the fontconfig config file!"); + } + CheckFamilyList(kBaseFonts_Ubuntu_22_04); CheckFamilyList(kLangFonts_Ubuntu_22_04); CheckFamilyList(kBaseFonts_Ubuntu_20_04); ===================================== tools/update-packaging/common.sh ===================================== @@ -115,28 +115,6 @@ make_add_if_not_instruction() { echo "add-if-not \"$f\" \"$f\"" >> "$filev3" } -check_for_add_if_update() { - add_if_file_chk="$1" - - # tor-browser#41776: We will remove with the old fontconfig file manually - # outside the update process. So, let the updater add the file if there. - # TODO: Remove once we do a watershed release. - if [ "$add_if_file_chk" = "TorBrowser/Data/fontconfig/fonts.conf" ]; then - ## "true" *giggle* - return 0; - fi - ## 'false'... because this is bash. Oh yay! - return 1; -} - -make_add_if_instruction() { - f="$1" - filev3="$2" - - verbose_notice " add-if \"$f\" \"$f\"" - echo "add-if \"$f\" \"$f\"" >> "$filev3" -} - make_addsymlink_instruction() { link="$1" target="$2" ===================================== tools/update-packaging/make_full_update.sh ===================================== @@ -106,9 +106,6 @@ for ((i=0; $i<$num_files; i=$i+1)); do if check_for_add_if_not_update "$f"; then make_add_if_not_instruction "$f" "$updatemanifestv3" - elif check_for_add_if_update "$f"; then - # TODO: Remove once we do a watershed release - make_add_if_instruction "$f" "$updatemanifestv3" else make_add_instruction "$f" "$updatemanifestv3" fi ===================================== tools/update-packaging/make_incremental_update.sh ===================================== @@ -216,17 +216,6 @@ for ((i=0; $i<$num_oldfiles; i=$i+1)); do continue 1 fi - if check_for_add_if_update "$f"; then - # TODO: Remove once we do a watershed release - # The full workdir may not exist yet, so create it if necessary. - mkdir -p `dirname "$workdir/$f"` - $XZ $XZ_OPT --compress $BCJ_OPTIONS --lzma2 --format=xz --check=crc64 --force --stdout "$newdir/$f" > "$workdir/$f" - copy_perm "$newdir/$f" "$workdir/$f" - make_add_if_instruction "$f" "$updatemanifestv3" - archivefiles="$archivefiles \"$f\"" - continue 1 - fi - if check_for_forced_update "$requested_forced_updates" "$f"; then # The full workdir may not exist yet, so create it if necessary. mkdir -p "$(dirname "$workdir/$f")" @@ -335,9 +324,6 @@ for ((i=0; $i<$num_newfiles; i=$i+1)); do if check_for_add_if_not_update "$f"; then make_add_if_not_instruction "$f" "$updatemanifestv3" - elif check_for_add_if_update "$f"; then - # TODO: Remove once we do a watershed release - make_add_if_instruction "$f" "$updatemanifestv3" else make_add_instruction "$f" "$updatemanifestv3" fi View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/cc1f52… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/cc1f52… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Update Release Prep templates:
by morgan (＠morgan) 29 Oct '24

29 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 2e260b97 by Morgan at 2024-10-29T01:34:46+00:00 Update Release Prep templates: - no 'legacy' rule for website (as legacy bins will only be available on dist.torproject.org) - we make a blog post for legacy channel, but no website update - - - - - 3 changed files: - .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md - .gitlab/issue_templates/Release Prep - Tor Browser Legacy.md - .gitlab/issue_templates/Release Prep - Tor Browser Stable.md Changes: ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md ===================================== @@ -152,10 +152,8 @@ Tor Browser Alpha (and Nightly) are on the `main` branch - [ ] `databags/versions.ini`: Update the downloads versions - `torbrowser-stable/version`: catch-all for latest stable version - `torbrowser-alpha/version`: catch-all for latest alpha version - - `torbrowser-legacy/version`: catch-all for latest ESR-115 version - `torbrowser-*-stable/version`: platform-specific stable versions - `torbrowser-*-alpha/version`: platform-specific alpha versions - - `torbrowser-*-legacy/version`: platform-specific legacy versions - [ ] Push to origin as new branch and create MR - [ ] Review - [ ] Merge ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Legacy.md ===================================== @@ -141,16 +141,12 @@ Tor Browser Legacy is on the `maint-13.5` branch <details> <summary>Website</summary> - ### downloads: https://gitlab.torproject.org/tpo/web/tpo.git - - [ ] `databags/versions.ini`: Update the downloads versions - - `torbrowser-stable/version`: catch-all for latest stable version - - `torbrowser-alpha/version`: catch-all for latest alpha version - - `torbrowser-legacy/version`: catch-all for latest ESR-115 version - - `torbrowser-*-stable/version`: platform-specific stable versions - - `torbrowser-*-alpha/version`: platform-specific alpha versions - - `torbrowser-*-legacy/version`: platform-specific legacy versions - - `tor-stable`,`tor-alpha`: set by tor devs, do not touch - - [ ] Push to origin as new branch and create MR + ### blog: https://gitlab.torproject.org/tpo/web/blog.git + - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory) + - [ ] Note any ESR update + - [ ] Thank any users which have contributed patches + - [ ] **(Optional)** Draft any additional sections for new features which need testing, known issues, etc + - [ ] Push to origin as new branch and open MR - [ ] Review - [ ] Merge - **⚠️ WARNING**: Do not deploy yet! @@ -232,7 +228,7 @@ popd ```bash static-update-component cdn.torproject.org && static-update-component dist.torproject.org ``` -- [ ] Deploy `tor-website` MR +- [ ] Deploy `tor-blog` MR - [ ] On `staticiforme.torproject.org`, remove old release: - **NOTE**: Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Stable.md ===================================== @@ -152,10 +152,8 @@ Tor Browser Stable is on the `maint-${TOR_BROWSER_MAJOR}.${TOR_BROWSER_MINOR}` b - [ ] `databags/versions.ini`: Update the downloads versions - `torbrowser-stable/version`: catch-all for latest stable version - `torbrowser-alpha/version`: catch-all for latest alpha version - - `torbrowser-legacy/version`: catch-all for latest ESR-115 version - `torbrowser-*-stable/version`: platform-specific stable versions - `torbrowser-*-alpha/version`: platform-specific alpha versions - - `torbrowser-*-legacy/version`: platform-specific legacy versions - [ ] Push to origin as new branch and create MR - [ ] Review - [ ] Merge View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser-update-responses][main] release: new version, 13.5.9
by morgan (＠morgan) 28 Oct '24

28 Oct '24

morgan pushed to branch main at The Tor Project / Applications / mullvad-browser-update-responses Commits: 290b8b79 by Morgan at 2024-10-28T21:29:34+00:00 release: new version, 13.5.9 - - - - - 29 changed files: - update_1/release/.htaccess - − update_1/release/13.5.2-13.5.7-linux-x86_64-ALL.xml - − update_1/release/13.5.2-13.5.7-macos-ALL.xml - − update_1/release/13.5.2-13.5.7-windows-x86_64-ALL.xml - − update_1/release/13.5.3-13.5.7-linux-x86_64-ALL.xml - − update_1/release/13.5.3-13.5.7-macos-ALL.xml - − update_1/release/13.5.3-13.5.7-windows-x86_64-ALL.xml - + update_1/release/13.5.3-13.5.9-linux-x86_64-ALL.xml - + update_1/release/13.5.3-13.5.9-macos-ALL.xml - + update_1/release/13.5.3-13.5.9-windows-x86_64-ALL.xml - − update_1/release/13.5.6-13.5.7-linux-x86_64-ALL.xml - − update_1/release/13.5.6-13.5.7-macos-ALL.xml - − update_1/release/13.5.6-13.5.7-windows-x86_64-ALL.xml - + update_1/release/13.5.6-13.5.9-linux-x86_64-ALL.xml - + update_1/release/13.5.6-13.5.9-macos-ALL.xml - + update_1/release/13.5.6-13.5.9-windows-x86_64-ALL.xml - + update_1/release/13.5.7-13.5.9-linux-x86_64-ALL.xml - + update_1/release/13.5.7-13.5.9-macos-ALL.xml - + update_1/release/13.5.7-13.5.9-windows-x86_64-ALL.xml - − update_1/release/13.5.7-linux-x86_64-ALL.xml - − update_1/release/13.5.7-macos-ALL.xml - − update_1/release/13.5.7-windows-x86_64-ALL.xml - + update_1/release/13.5.9-linux-x86_64-ALL.xml - + update_1/release/13.5.9-macos-ALL.xml - + update_1/release/13.5.9-windows-x86_64-ALL.xml - update_1/release/download-linux-x86_64.json - update_1/release/download-macos.json - update_1/release/download-windows-x86_64.json - update_1/release/downloads.json Changes: ===================================== update_1/release/.htaccess ===================================== @@ -1,22 +1,22 @@ RewriteEngine On -RewriteRule ^[^/]+/13.5.7/ no-update.xml [last] -RewriteRule ^Linux_x86_64-gcc3/13.5.2/ALL 13.5.2-13.5.7-linux-x86_64-ALL.xml [last] -RewriteRule ^Linux_x86_64-gcc3/13.5.3/ALL 13.5.3-13.5.7-linux-x86_64-ALL.xml [last] -RewriteRule ^Linux_x86_64-gcc3/13.5.6/ALL 13.5.6-13.5.7-linux-x86_64-ALL.xml [last] -RewriteRule ^Linux_x86_64-gcc3/[^/]+/ALL 13.5.7-linux-x86_64-ALL.xml [last] -RewriteRule ^Linux_x86_64-gcc3/ 13.5.7-linux-x86_64-ALL.xml [last] -RewriteRule ^Darwin_x86_64-gcc3/13.5.2/ALL 13.5.2-13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_x86_64-gcc3/13.5.3/ALL 13.5.3-13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_x86_64-gcc3/13.5.6/ALL 13.5.6-13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_x86_64-gcc3/[^/]+/ALL 13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_x86_64-gcc3/ 13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_aarch64-gcc3/13.5.2/ALL 13.5.2-13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_aarch64-gcc3/13.5.3/ALL 13.5.3-13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_aarch64-gcc3/13.5.6/ALL 13.5.6-13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_aarch64-gcc3/[^/]+/ALL 13.5.7-macos-ALL.xml [last] -RewriteRule ^Darwin_aarch64-gcc3/ 13.5.7-macos-ALL.xml [last] -RewriteRule ^WINNT_x86_64-gcc3-x64/13.5.2/ALL 13.5.2-13.5.7-windows-x86_64-ALL.xml [last] -RewriteRule ^WINNT_x86_64-gcc3-x64/13.5.3/ALL 13.5.3-13.5.7-windows-x86_64-ALL.xml [last] -RewriteRule ^WINNT_x86_64-gcc3-x64/13.5.6/ALL 13.5.6-13.5.7-windows-x86_64-ALL.xml [last] -RewriteRule ^WINNT_x86_64-gcc3-x64/[^/]+/ALL 13.5.7-windows-x86_64-ALL.xml [last] -RewriteRule ^WINNT_x86_64-gcc3-x64/ 13.5.7-windows-x86_64-ALL.xml [last] +RewriteRule ^[^/]+/13.5.9/ no-update.xml [last] +RewriteRule ^Linux_x86_64-gcc3/13.5.3/ALL 13.5.3-13.5.9-linux-x86_64-ALL.xml [last] +RewriteRule ^Linux_x86_64-gcc3/13.5.6/ALL 13.5.6-13.5.9-linux-x86_64-ALL.xml [last] +RewriteRule ^Linux_x86_64-gcc3/13.5.7/ALL 13.5.7-13.5.9-linux-x86_64-ALL.xml [last] +RewriteRule ^Linux_x86_64-gcc3/[^/]+/ALL 13.5.9-linux-x86_64-ALL.xml [last] +RewriteRule ^Linux_x86_64-gcc3/ 13.5.9-linux-x86_64-ALL.xml [last] +RewriteRule ^Darwin_x86_64-gcc3/13.5.3/ALL 13.5.3-13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_x86_64-gcc3/13.5.6/ALL 13.5.6-13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_x86_64-gcc3/13.5.7/ALL 13.5.7-13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_x86_64-gcc3/[^/]+/ALL 13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_x86_64-gcc3/ 13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_aarch64-gcc3/13.5.3/ALL 13.5.3-13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_aarch64-gcc3/13.5.6/ALL 13.5.6-13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_aarch64-gcc3/13.5.7/ALL 13.5.7-13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_aarch64-gcc3/[^/]+/ALL 13.5.9-macos-ALL.xml [last] +RewriteRule ^Darwin_aarch64-gcc3/ 13.5.9-macos-ALL.xml [last] +RewriteRule ^WINNT_x86_64-gcc3-x64/13.5.3/ALL 13.5.3-13.5.9-windows-x86_64-ALL.xml [last] +RewriteRule ^WINNT_x86_64-gcc3-x64/13.5.6/ALL 13.5.6-13.5.9-windows-x86_64-ALL.xml [last] +RewriteRule ^WINNT_x86_64-gcc3-x64/13.5.7/ALL 13.5.7-13.5.9-windows-x86_64-ALL.xml [last] +RewriteRule ^WINNT_x86_64-gcc3-x64/[^/]+/ALL 13.5.9-windows-x86_64-ALL.xml [last] +RewriteRule ^WINNT_x86_64-gcc3-x64/ 13.5.9-windows-x86_64-ALL.xml [last] ===================================== update_1/release/13.5.2-13.5.7-linux-x86_64-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64-13.5.7_…" hashFunction="SHA512" hashValue="af369771c47e501087688dbeb8208e43049662b49bae8d1fe2d7df01e3753a85533b2d459443e3b964e907bc001d0702c513381e002046b58ca0ee4446f590d6" size="108568555" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64--13.5.2…" hashFunction="SHA512" hashValue="2663d8ce635ff74ba918dbe25d0c5825d2d4c8165c3787e33cd7d45f77942e4335512925ef811dc9ebad4eb3a11e4f075218677ef4fdc24af3afd6034cf563c7" size="9922496" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.2-13.5.7-macos-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos-13.5.7_ALL.mar" hashFunction="SHA512" hashValue="59b07cbf26390ab433bbf2272d74f51a1f5cc989489a287ac455e076ca9f617570caf83d6b7cddbcab387f54f314df618cbf9b58a5f98dc22bd0373de4e66ff2" size="115983263" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos--13.5.2-13.5.7…" hashFunction="SHA512" hashValue="5e189999e120b9222cf154dc0e7940c3bdabc3e3b106eb0d419072418c37d12a3b0a088b261cbbf5198570441976dfc0ad120d45ab29db163fa6136aebea7f05" size="74687157" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.2-13.5.7-windows-x86_64-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedOSVersion="6.1" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64-13.5.…" hashFunction="SHA512" hashValue="46b75500faa2093309dc86f5f67b18fb7915137dce9e427969a9bbc9a8aa9ff38ba4822af004423461b150a9b2b753283dfbe16cd1a6a35e9a72955e35f73f58" size="90221408" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64--13.5…" hashFunction="SHA512" hashValue="2c48a2ef71275ea21c21bbfad86ecfa77917eb111272cce7b471c6a5c00ca059d05a152abfc06901b8fc4e631bba85bab119dfd46eb905794f8edf5c49ebd524" size="9380112" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.3-13.5.7-linux-x86_64-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64-13.5.7_…" hashFunction="SHA512" hashValue="af369771c47e501087688dbeb8208e43049662b49bae8d1fe2d7df01e3753a85533b2d459443e3b964e907bc001d0702c513381e002046b58ca0ee4446f590d6" size="108568555" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64--13.5.3…" hashFunction="SHA512" hashValue="65313fa43320a1ab740f0cc3bff0f0f74ddd0c8b0fbe1aa03c3d0372385381834ee50a6fd021780bab0bc244dafea3ddaa27ca0592f158740079749c097e7c44" size="8277260" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.3-13.5.7-macos-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos-13.5.7_ALL.mar" hashFunction="SHA512" hashValue="59b07cbf26390ab433bbf2272d74f51a1f5cc989489a287ac455e076ca9f617570caf83d6b7cddbcab387f54f314df618cbf9b58a5f98dc22bd0373de4e66ff2" size="115983263" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos--13.5.3-13.5.7…" hashFunction="SHA512" hashValue="47569d66dc984a3908c48d78b8fe23a25b22ca25ac07c47be406fcef161299588d9726a36816bd219733d2ecd19f4ab578354b60d97e16f4477cfe4d7401cb52" size="73756833" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.3-13.5.7-windows-x86_64-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedOSVersion="6.1" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64-13.5.…" hashFunction="SHA512" hashValue="46b75500faa2093309dc86f5f67b18fb7915137dce9e427969a9bbc9a8aa9ff38ba4822af004423461b150a9b2b753283dfbe16cd1a6a35e9a72955e35f73f58" size="90221408" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64--13.5…" hashFunction="SHA512" hashValue="cec2555dd5b654a4f14346240d454546a60870281e20576d12ed591afdf101c0ced81c50e6767f606dad86443cae5aaaabe2da39c3c6c3a10be6cfcd8b42885e" size="7728532" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.3-13.5.9-linux-x86_64-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64-13.5.9_…" hashFunction="SHA512" hashValue="0509bb4cd1b2d46f36d4a050ef8ad3448efd2abdbd2846c72d0549a71e797dc0d2cfe5b053d3fa2c597b563e269235c783311523f8003f216beae30809a84be0" size="108579271" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64--13.5.3…" hashFunction="SHA512" hashValue="57a75211b726faa79df5452e88ef6fac26dd93565ac9ebe4f837727db93265b403f1b35ff29d994305d4847d2c3b28f85d3a3527114fcede43d7b874e4a8081e" size="9201740" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.3-13.5.9-macos-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos-13.5.9_ALL.mar" hashFunction="SHA512" hashValue="447d4ecfa1672522e2ab715d3efa75dd733608fab2fd62238f976da31c9c7735534b98f0e59485635be5bc982f7f9a863ed9074a1857f1597f88a38875fcbc18" size="115980975" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos--13.5.3-13.5.9…" hashFunction="SHA512" hashValue="7ce187e66e46af2ad0cc6406691d922c034cabd31429671bbe04739b7ecabe4efee3435327418059c42669395af95a837727f7ff94840532ad07d6ab0f29bfc5" size="12323083" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.3-13.5.9-windows-x86_64-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedOSVersion="6.1" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64-13.5.…" hashFunction="SHA512" hashValue="c77fb5c8ceca6c3a64dd721627fdb927750cda0d89b35d4fc2ad8dbe93e1dc5979aa17587084345d48a9ff91871bb28078a97adc180e3bc527bf531a36a65b92" size="90216412" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64--13.5…" hashFunction="SHA512" hashValue="48089f449eaff0db27c25d9714021911976e0affe96e8d4ab85dd0bc274b8f927326570fceff56f1dec88359f8bb599d82e144c70acac94242cbfd6b6ddc769f" size="8574548" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.6-13.5.7-linux-x86_64-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64-13.5.7_…" hashFunction="SHA512" hashValue="af369771c47e501087688dbeb8208e43049662b49bae8d1fe2d7df01e3753a85533b2d459443e3b964e907bc001d0702c513381e002046b58ca0ee4446f590d6" size="108568555" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64--13.5.6…" hashFunction="SHA512" hashValue="c088804e68c6e559ed6f099a70ff0c30c1b0252dd79f923685aa2214a246eb25470c9b71fb9642b3b26395c95cc07c331e8ac38f8f21e793d3bcd4623e0b4b6e" size="6118343" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.6-13.5.7-macos-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos-13.5.7_ALL.mar" hashFunction="SHA512" hashValue="59b07cbf26390ab433bbf2272d74f51a1f5cc989489a287ac455e076ca9f617570caf83d6b7cddbcab387f54f314df618cbf9b58a5f98dc22bd0373de4e66ff2" size="115983263" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos--13.5.6-13.5.7…" hashFunction="SHA512" hashValue="27fc2e72214dff74e33cdf1b48a23e1eef68ff5fbad410d5c950fa405a5b9735f7c51fbf354265456fa4b8ef3608fd6bc0b86c50a4110fe94fded869644172e0" size="73490217" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.6-13.5.7-windows-x86_64-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedOSVersion="6.1" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64-13.5.…" hashFunction="SHA512" hashValue="46b75500faa2093309dc86f5f67b18fb7915137dce9e427969a9bbc9a8aa9ff38ba4822af004423461b150a9b2b753283dfbe16cd1a6a35e9a72955e35f73f58" size="90221408" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64--13.5…" hashFunction="SHA512" hashValue="9cf03126215b6ed60631dfdb0fd8efcf89c464d222d391e67ded1c9fbab0e85732beb64f3365e39294ea5ac4668319c266d39f359a464bdf6a7cad80b9bd7ec0" size="5503319" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.6-13.5.9-linux-x86_64-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64-13.5.9_…" hashFunction="SHA512" hashValue="0509bb4cd1b2d46f36d4a050ef8ad3448efd2abdbd2846c72d0549a71e797dc0d2cfe5b053d3fa2c597b563e269235c783311523f8003f216beae30809a84be0" size="108579271" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64--13.5.6…" hashFunction="SHA512" hashValue="a453255224f041ad901d6c190c122d80a259c18132397eaa0818bf09e064385ef046c442f917d71ce451f43625fd8be52390d99fece3157f7dac2caa4718f68d" size="7875260" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.6-13.5.9-macos-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos-13.5.9_ALL.mar" hashFunction="SHA512" hashValue="447d4ecfa1672522e2ab715d3efa75dd733608fab2fd62238f976da31c9c7735534b98f0e59485635be5bc982f7f9a863ed9074a1857f1597f88a38875fcbc18" size="115980975" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos--13.5.6-13.5.9…" hashFunction="SHA512" hashValue="d216180c8a02cef44fe48206b365e22768789989a378e72b725d480942de15d2175f424c153d181e92773acfa7b8efe69d9c9c2209bf028f660a1e7bdba726db" size="11713215" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.6-13.5.9-windows-x86_64-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedOSVersion="6.1" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64-13.5.…" hashFunction="SHA512" hashValue="c77fb5c8ceca6c3a64dd721627fdb927750cda0d89b35d4fc2ad8dbe93e1dc5979aa17587084345d48a9ff91871bb28078a97adc180e3bc527bf531a36a65b92" size="90216412" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64--13.5…" hashFunction="SHA512" hashValue="cc20bd3e5b9c95d83ea88b1b07d32712b0140e044bdf498cfa5e06341d54e79de4ab30f08f944bea264c617965bcd7c287a6a78769f221b5358cb2f7c2ce2188" size="7936520" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.7-13.5.9-linux-x86_64-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64-13.5.9_…" hashFunction="SHA512" hashValue="0509bb4cd1b2d46f36d4a050ef8ad3448efd2abdbd2846c72d0549a71e797dc0d2cfe5b053d3fa2c597b563e269235c783311523f8003f216beae30809a84be0" size="108579271" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64--13.5.7…" hashFunction="SHA512" hashValue="30c3b27b8b74609f4e9422d0fa4f2aba3a96511914c6081cf240105312591b3becc1ea34159e577b28a9151ac87f2d347a6483d5de23641af0a9fe260c61f6bb" size="5392982" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.7-13.5.9-macos-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos-13.5.9_ALL.mar" hashFunction="SHA512" hashValue="447d4ecfa1672522e2ab715d3efa75dd733608fab2fd62238f976da31c9c7735534b98f0e59485635be5bc982f7f9a863ed9074a1857f1597f88a38875fcbc18" size="115980975" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos--13.5.7-13.5.9…" hashFunction="SHA512" hashValue="8c8d06aeb231e341e50d7bed5895a6e6fae9dc2cb7672e569212903ac213f076bbd787a9384de1b7ad2e602288cd730af1256c97074fc9ed6299d36c2f9b850e" size="9011378" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.7-13.5.9-windows-x86_64-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedOSVersion="6.1" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64-13.5.…" hashFunction="SHA512" hashValue="c77fb5c8ceca6c3a64dd721627fdb927750cda0d89b35d4fc2ad8dbe93e1dc5979aa17587084345d48a9ff91871bb28078a97adc180e3bc527bf531a36a65b92" size="90216412" type="complete"></patch><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64--13.5…" hashFunction="SHA512" hashValue="0075162cb309eb7cca6f47e4d73c30741ab0b260f1b7973d6eb5859a8063d9edeb7d0eaa347af27c7ac38faa0a89cc4f12d81a18d381fc0d594d14b20cbd63ae" size="5310170" type="partial"></patch></update></updates> ===================================== update_1/release/13.5.7-linux-x86_64-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64-13.5.7_…" hashFunction="SHA512" hashValue="af369771c47e501087688dbeb8208e43049662b49bae8d1fe2d7df01e3753a85533b2d459443e3b964e907bc001d0702c513381e002046b58ca0ee4446f590d6" size="108568555" type="complete"></patch></update></updates> ===================================== update_1/release/13.5.7-macos-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos-13.5.7_ALL.mar" hashFunction="SHA512" hashValue="59b07cbf26390ab433bbf2272d74f51a1f5cc989489a287ac455e076ca9f617570caf83d6b7cddbcab387f54f314df618cbf9b58a5f98dc22bd0373de4e66ff2" size="115983263" type="complete"></patch></update></updates> ===================================== update_1/release/13.5.7-windows-x86_64-ALL.xml deleted ===================================== @@ -1,2 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<updates><update type="minor" displayVersion="13.5.7" appVersion="13.5.7" platformVersion="115.16.0" buildID="20241008182800" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.7" minSupportedOSVersion="6.1" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64-13.5.…" hashFunction="SHA512" hashValue="46b75500faa2093309dc86f5f67b18fb7915137dce9e427969a9bbc9a8aa9ff38ba4822af004423461b150a9b2b753283dfbe16cd1a6a35e9a72955e35f73f58" size="90221408" type="complete"></patch></update></updates> ===================================== update_1/release/13.5.9-linux-x86_64-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64-13.5.9_…" hashFunction="SHA512" hashValue="0509bb4cd1b2d46f36d4a050ef8ad3448efd2abdbd2846c72d0549a71e797dc0d2cfe5b053d3fa2c597b563e269235c783311523f8003f216beae30809a84be0" size="108579271" type="complete"></patch></update></updates> ===================================== update_1/release/13.5.9-macos-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedOSVersion="16.0.0"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos-13.5.9_ALL.mar" hashFunction="SHA512" hashValue="447d4ecfa1672522e2ab715d3efa75dd733608fab2fd62238f976da31c9c7735534b98f0e59485635be5bc982f7f9a863ed9074a1857f1597f88a38875fcbc18" size="115980975" type="complete"></patch></update></updates> ===================================== update_1/release/13.5.9-windows-x86_64-ALL.xml ===================================== @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<updates><update type="minor" displayVersion="13.5.9" appVersion="13.5.9" platformVersion="115.17.0" buildID="20241024160253" detailsURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" actions="showURL" openURL="https://github.com/mullvad/mullvad-browser/releases/13.5.9" minSupportedOSVersion="6.1" minSupportedInstructionSet="SSE2"><patch URL="https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64-13.5.…" hashFunction="SHA512" hashValue="c77fb5c8ceca6c3a64dd721627fdb927750cda0d89b35d4fc2ad8dbe93e1dc5979aa17587084345d48a9ff91871bb28078a97adc180e3bc527bf531a36a65b92" size="90216412" type="complete"></patch></update></updates> ===================================== update_1/release/download-linux-x86_64.json ===================================== @@ -1 +1 @@ -{"binary":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64-13.5.7.…","git_tag":"mb-13.5.7-build3","sig":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64-13.5.7.…","version":"13.5.7"} \ No newline at end of file +{"binary":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64-13.5.9.…","git_tag":"mb-13.5.9-build2","sig":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64-13.5.9.…","version":"13.5.9"} \ No newline at end of file ===================================== update_1/release/download-macos.json ===================================== @@ -1 +1 @@ -{"binary":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos-13.5.7.dmg","git_tag":"mb-13.5.7-build3","sig":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos-13.5.7.dmg.asc","version":"13.5.7"} \ No newline at end of file +{"binary":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos-13.5.9.dmg","git_tag":"mb-13.5.9-build2","sig":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos-13.5.9.dmg.asc","version":"13.5.9"} \ No newline at end of file ===================================== update_1/release/download-windows-x86_64.json ===================================== @@ -1 +1 @@ -{"binary":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64-13.5.…","git_tag":"mb-13.5.7-build3","sig":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64-13.5.…","version":"13.5.7"} \ No newline at end of file +{"binary":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64-13.5.…","git_tag":"mb-13.5.9-build2","sig":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64-13.5.…","version":"13.5.9"} \ No newline at end of file ===================================== update_1/release/downloads.json ===================================== @@ -1 +1 @@ -{"downloads":{"linux-x86_64":{"ALL":{"binary":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64-13.5.7.…","sig":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-linux-x86_64-13.5.7.…"}},"macos":{"ALL":{"binary":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos-13.5.7.dmg","sig":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-macos-13.5.7.dmg.asc"}},"win64":{"ALL":{"binary":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64-13.5.…","sig":"https://cdn.mullvad.net/browser/13.5.7/mullvad-browser-windows-x86_64-13.5.…"}}},"tag":"mb-13.5.7-build3","version":"13.5.7"} \ No newline at end of file +{"downloads":{"linux-x86_64":{"ALL":{"binary":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64-13.5.9.…","sig":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-linux-x86_64-13.5.9.…"}},"macos":{"ALL":{"binary":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos-13.5.9.dmg","sig":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-macos-13.5.9.dmg.asc"}},"win64":{"ALL":{"binary":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64-13.5.…","sig":"https://cdn.mullvad.net/browser/13.5.9/mullvad-browser-windows-x86_64-13.5.…"}}},"tag":"mb-13.5.9-build2","version":"13.5.9"} \ No newline at end of file View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser-update-respo… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser-update-respo… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41252: Only build update responses for Mullvad Browser
by morgan (＠morgan) 28 Oct '24

28 Oct '24

morgan pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: d96ed663 by Morgan at 2024-10-28T19:32:32+00:00 Bug 41252: Only build update responses for Mullvad Browser - - - - - 1 changed file: - tools/signing/do-all-signing Changes: ===================================== tools/signing/do-all-signing ===================================== @@ -197,4 +197,6 @@ do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo do_step sync-local-to-staticiforme do_step sync-scripts-to-staticiforme do_step staticiforme-prepare-cdn-dist-upload +is_project mullvadbrowser && \ + do_step upload-update_responses-to-staticiforme do_step finished-signing-clean-linux-signer View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41290: Remove android signing in do-all-signing
by morgan (＠morgan) 28 Oct '24

28 Oct '24

morgan pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 9951e817 by Nicolas Vigier at 2024-10-28T18:12:37+01:00 Bug 41290: Remove android signing in do-all-signing - - - - - 1 changed file: - tools/signing/do-all-signing Changes: ===================================== tools/signing/do-all-signing ===================================== @@ -17,11 +17,6 @@ test -f "$steps_dir/linux-signer-signmars.done" || read -sp "Enter $nssdb (mar signing) passphrase: " NSSPASS echo -if is_project torbrowser; then - test -f "$steps_dir/linux-signer-sign-android-apks.done" || - read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS - echo -fi test -f "$steps_dir/linux-signer-authenticode-signing.done" || read -sp "Enter windows authenticode passphrase: " YUBIPASS echo @@ -190,10 +185,6 @@ do_step sync-scripts-to-linux-signer do_step sync-before-linux-signer-signmars do_step linux-signer-signmars do_step sync-after-signmars -is_project torbrowser && \ - do_step linux-signer-sign-android-apks -is_project torbrowser && \ - do_step sync-after-sign-android-apks do_step linux-signer-authenticode-signing do_step sync-after-authenticode-signing do_step authenticode-timestamping View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41252: Do not run upload-update_responses-to-staticiforme
by boklm (＠boklm) 28 Oct '24

28 Oct '24

boklm pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 53f72a36 by Nicolas Vigier at 2024-10-28T17:53:06+01:00 Bug 41252: Do not run upload-update_responses-to-staticiforme When signing a 13.5-legacy release, don't update and upload update_responses. The update_responses containing both the 14.0 and 13.5-legacy releases will be generated from the `maint-14.0` branch. - - - - - 1 changed file: - tools/signing/do-all-signing Changes: ===================================== tools/signing/do-all-signing ===================================== @@ -206,5 +206,4 @@ do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo do_step sync-local-to-staticiforme do_step sync-scripts-to-staticiforme do_step staticiforme-prepare-cdn-dist-upload -do_step upload-update_responses-to-staticiforme do_step finished-signing-clean-linux-signer View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-14.0.1-build2
by Pier Angelo Vendrame (＠pierov) 28 Oct '24

28 Oct '24

Pier Angelo Vendrame pushed new tag tbb-14.0.1-build2 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41277 (fix): Remove 13.5.9 from incrementals.
by Pier Angelo Vendrame (＠pierov) 28 Oct '24

28 Oct '24

Pier Angelo Vendrame pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: 7e3a10f5 by Pier Angelo Vendrame at 2024-10-28T16:27:19+01:00 Bug 41277 (fix): Remove 13.5.9 from incrementals. - - - - - 1 changed file: - rbm.conf Changes: ===================================== rbm.conf ===================================== @@ -74,7 +74,7 @@ buildconf: var: torbrowser_version: '14.0.1' - torbrowser_build: 'build1' + torbrowser_build: 'build2' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. browser_release_date: '2024/10/28 09:00:00' @@ -83,7 +83,6 @@ var: build_mar: 1 torbrowser_incremental_from: - '[% IF c("var/tor-browser") %]14.0[% END %]' - - '13.5.9' - '13.5.7' mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41289: Fix --tor-browser in relprep.py.
by Pier Angelo Vendrame (＠pierov) 28 Oct '24

28 Oct '24

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 2ee87ab2 by Pier Angelo Vendrame at 2024-10-28T12:32:13+01:00 Bug 41289: Fix --tor-browser in relprep.py. --tor-browser enabled also Mullvad Browser, probably because of a copy-paste error. - - - - - 1 changed file: - tools/relprep.py Changes: ===================================== tools/relprep.py ===================================== @@ -92,7 +92,7 @@ class ReleasePreparation: self.repo = Repo(self.base_path) self.tor_browser = bool(kwargs.get("tor_browser", True)) - self.mullvad_browser = bool(kwargs.get("tor_browser", True)) + self.mullvad_browser = bool(kwargs.get("mullvad_browser", True)) if not self.tor_browser and not self.mullvad_browser: raise ValueError("Nothing to do") self.android = kwargs.get("android", self.tor_browser) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41282: Downgrade to Python 3.9.
by Pier Angelo Vendrame (＠pierov) 28 Oct '24

28 Oct '24

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 9c66c1ac by Pier Angelo Vendrame at 2024-10-28T11:59:55+01:00 Bug 41282: Downgrade to Python 3.9. MozBug 1924022 introduced a dependency on the Python built-in SSL module. This caused an error in our Linux builds, because we run them in a very old version of Debian that still uses OpenSSL 1.1.0, which is not compatible with Python SSL module since Python 3.10. The less intrusive way to resolve this is to downgrade to Python 3.9.x, which is still supported by all our projects. Also, switch to hashes to verify the Python source tarball, as the Python Software Foundation often rotates keys, which reduces the advantages of verifying the signature rather than the hash for us. - - - - - 2 changed files: - − keyring/python.gpg - projects/python/config Changes: ===================================== keyring/python.gpg deleted ===================================== Binary files a/keyring/python.gpg and /dev/null differ ===================================== projects/python/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 3.11.3 +version: 3.9.20 filename: 'python-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -24,9 +24,7 @@ input_files: - project: container-image - name: python URL: 'https://www.python.org/ftp/python/[% c("version") %]/Python-[% c("version") %].tar.xz' - gpg_keyring: python.gpg - sig_ext: asc - file_gpg_id: 1 + sha256sum: 6b281279efd85294d2d6993e173983a57464c0133956fbbb5536ec9646beaf0c - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' enable: '[% c("var/linux") %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-14.0.1-build1
by Pier Angelo Vendrame (＠pierov) 28 Oct '24

28 Oct '24

Pier Angelo Vendrame pushed new tag tbb-14.0.1-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] 3 commits: Bug 41282: Downgrade to Python 3.9.
by Pier Angelo Vendrame (＠pierov) 28 Oct '24

28 Oct '24

Pier Angelo Vendrame pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: 6f8d7791 by Pier Angelo Vendrame at 2024-10-28T10:03:33+01:00 Bug 41282: Downgrade to Python 3.9. MozBug 1924022 introduced a dependency on the Python built-in SSL module. This caused an error in our Linux builds, because we run them in a very old version of Debian that still uses OpenSSL 1.1.0, which is not compatible with Python SSL module since Python 3.10. The less intrusive way to resolve this is to downgrade to Python 3.9.x, which is still supported by all our projects. Also, switch to hashes to verify the Python source tarball, as the Python Software Foundation often rotates keys, which reduces the advantages of verifying the signature rather than the hash for us. - - - - - bcb2346e by Pier Angelo Vendrame at 2024-10-28T10:03:35+01:00 Bug 41289: Fix --tor-browser in relprep.py. --tor-browser enabled also Mullvad Browser, probably because of a copy-paste error. - - - - - f076e0b0 by Pier Angelo Vendrame at 2024-10-28T11:56:11+01:00 Bug 41277: Prepare Tor Browser release 14.0.1. - - - - - 10 changed files: - − keyring/python.gpg - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/firefox/config - projects/geckoview/config - projects/manual/config - projects/python/config - projects/tor/config - projects/translation/config - rbm.conf - tools/relprep.py Changes: ===================================== keyring/python.gpg deleted ===================================== Binary files a/keyring/python.gpg and /dev/null differ ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,18 @@ +Tor Browser 14.0.1 - October 29 2024 + * All Platforms + * Updated Tor to 0.4.8.13 + * Bug 43231: Rebase Tor Browser 128-based stable and alpha onto 128.4.0esr [tor-browser] + * Bug 43240: Backport security fixes from Firefox 132 [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 128.4.0esr + * Android + * Updated GeckoView to 128.4.0esr + * Build System + * All Platforms + * Bug 41289: Fix single-browser in relprep.py [tor-browser-build] + * Linux + * Bug 41282: Add SSL to our custom Python for MozBug 1924022 [tor-browser-build] + Tor Browser 14.0 - October 17 2024 * All Platforms * Bug 30543: compat: make spoofed orientation reflect spoofed screen dimensions [1607032 + 1918202] [tor-browser] ===================================== projects/firefox/config ===================================== @@ -14,12 +14,12 @@ container: use_container: 1 var: - firefox_platform_version: '128.3.0' + firefox_platform_version: '128.4.0' firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '14.0' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 6 + browser_build: 2 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' @@ -107,7 +107,7 @@ targets: gitlab_project: https://gitlab.torproject.org/tpo/applications/mullvad-browser updater_url: 'https://cdn.mullvad.net/browser/update_responses/update_1/' nightly_updates_publish_dir_prefix: mullvadbrowser- - browser_build: 3 + browser_build: 1 linux-x86_64: var: ===================================== projects/geckoview/config ===================================== @@ -16,12 +16,12 @@ container: build_apk: 1 var: - firefox_platform_version: '128.3.0' + firefox_platform_version: '128.4.0' geckoview_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '14.0' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 6 + browser_build: 2 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' ===================================== projects/manual/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 # To update, see doc/how-to-update-the-manual.txt # Remember to update also the package's hash, with the version! -version: 214072 +version: 215922 filename: 'manual-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -23,6 +23,6 @@ input_files: - project: container-image - URL: 'https://build-sources.tbb.torproject.org/manual_[% c("version") %].zip' name: manual - sha256sum: 744fc65f6dd2cc2b85f4927fbb55ff6e17f06b9c99bd0bae7a311d732438b818 + sha256sum: b5ed703f54d52e9f197320f3698e936d585a3fed23cc4f9fbf59edce2869f885 - filename: packagemanual.py name: package_script ===================================== projects/python/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 3.11.3 +version: 3.9.20 filename: 'python-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -24,9 +24,7 @@ input_files: - project: container-image - name: python URL: 'https://www.python.org/ftp/python/[% c("version") %]/Python-[% c("version") %].tar.xz' - gpg_keyring: python.gpg - sig_ext: asc - file_gpg_id: 1 + sha256sum: 6b281279efd85294d2d6993e173983a57464c0133956fbbb5536ec9646beaf0c - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' enable: '[% c("var/linux") %]' ===================================== projects/tor/config ===================================== @@ -1,6 +1,6 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' -version: 0.4.8.12 +version: 0.4.8.13 git_hash: 'tor-[% c("version") %]' git_url: https://gitlab.torproject.org/tpo/core/tor.git git_submodule: 1 ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: 547400dd678f476ec38efde2cf703d57c1a3e8c7 + git_hash: 3b1be2065b54939ed019d94174f137847bcf3c66 targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: 38d5c3b11cfb96833ae2c7dc3122829b29583d6f + git_hash: ba63bd165f3fd4bdd472815c9761413d4671cfb7 targets: nightly: git_hash: 'tor-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: 705bbd235cadf827b6d4e0003d59c290f2feaa44 + git_hash: 60f82208b8a0a95e91fdb4dcefe8d394c17f64ba compress_tar: 'zst' targets: nightly: ===================================== rbm.conf ===================================== @@ -73,22 +73,22 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '14.0' + torbrowser_version: '14.0.1' torbrowser_build: 'build1' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. - browser_release_date: '2024/10/16 16:45:00' + browser_release_date: '2024/10/28 09:00:00' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: - - 13.5.7 - - 13.5.6 - - 13.5.5 + - '[% IF c("var/tor-browser") %]14.0[% END %]' + - '13.5.9' + - '13.5.7' mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' - torbrowser_legacy_version: 13.5.7 - torbrowser_legacy_platform_version: 115.16.0 + torbrowser_legacy_version: 13.5.9 + torbrowser_legacy_platform_version: 115.17.0 # By default, we sort the list of installed packages. This allows sharing # containers with identical list of packages, even if they are not listed ===================================== tools/relprep.py ===================================== @@ -92,7 +92,7 @@ class ReleasePreparation: self.repo = Repo(self.base_path) self.tor_browser = bool(kwargs.get("tor_browser", True)) - self.mullvad_browser = bool(kwargs.get("tor_browser", True)) + self.mullvad_browser = bool(kwargs.get("mullvad_browser", True)) if not self.tor_browser and not self.mullvad_browser: raise ValueError("Nothing to do") self.android = kwargs.get("android", self.tor_browser) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-128.4.0esr-14.0-1-build2
by Pier Angelo Vendrame (＠pierov) 28 Oct '24

28 Oct '24

Pier Angelo Vendrame pushed new tag tor-browser-128.4.0esr-14.0-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Update rbm for rbm#40006
by boklm (＠boklm) 28 Oct '24

28 Oct '24

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: f3bcd325 by Nicolas Vigier at 2024-10-28T09:49:28+01:00 Update rbm for rbm#40006 - - - - - 1 changed file: - rbm Changes: ===================================== rbm ===================================== @@ -1 +1 @@ -Subproject commit 1e0cfb68e958c1b22ac51fd32859781b8da2bc93 +Subproject commit f18daa3f93d1aec674e4ba0dfbd22ac6afd6f8c9 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/rbm][main] Bug 40006: Add option to avoid doing a git checkout when using the exec template function
by boklm (＠boklm) 28 Oct '24

28 Oct '24

boklm pushed to branch main at The Tor Project / Applications / RBM Commits: f18daa3f by Nicolas Vigier at 2024-10-27T17:22:45+01:00 Bug 40006: Add option to avoid doing a git checkout when using the exec template function The `exec_noco` option can be used to disable git or hg checkout when using the exec template function. We start using this option in the `abbrev` and `timestamp` options, which are running git and hg commands which don't need a checkout. - - - - - 3 changed files: - doc/rbm_templates.asc - lib/RBM.pm - lib/RBM/DefaultConfig.pm Changes: ===================================== doc/rbm_templates.asc ===================================== @@ -107,9 +107,11 @@ exec:: considered to be a script, which will be written to a temporary file and executed. The second argument of the exec function is an optional $options hash, used to override values of 'git_url', - 'hg_url', 'fetch', 'git_hash' or 'hg_hash'. If neither 'git_url' - nor 'hg_url' is set, the command is executed from the directory - where the 'rbm.conf' file is located. + 'hg_url', 'fetch', 'git_hash' or 'hg_hash'. Before running the + command a checkout of 'git_hash' or 'hg_hash' is done, unless + 'exec_noco' is set to true. If neither 'git_url' nor 'hg_url' + is set, the command is executed from the directory where the + 'rbm.conf' file is located. path:: A function to return an absolute path. It takes a path as first ===================================== lib/RBM.pm ===================================== @@ -551,15 +551,18 @@ sub execute { CORE::state %cache; my $res_name = ''; my $old_cwd = getcwd; + my $exec_noco = ref $options eq 'HASH' && $options->{exec_noco}; if (project_config($project, 'git_url', $options)) { my $git_hash = project_config($project, 'git_hash', $options) || exit_error "No git_hash specified for project $project"; $res_name = "git-$project-/-$git_hash-/-$cmd"; return $cache{$res_name} if exists $cache{$res_name}; git_clone_fetch_chdir($project, $options); - my ($stdout, $stderr, $success, $exit_code) + if (!$exec_noco) { + my ($stdout, $stderr, $success, $exit_code) = capture_exec('git', 'checkout', $git_hash); - exit_error "Cannot checkout $git_hash:\n$stderr" unless $success; + exit_error "Cannot checkout $git_hash:\n$stderr" unless $success; + } git_submodule_init_sync_update() if project_config($project, 'git_submodule', $options); } elsif (project_config($project, 'hg_url', $options)) { @@ -568,9 +571,11 @@ sub execute { $res_name = "hg-$project-/-$hg_hash-/-$cmd"; return $cache{$res_name} if exists $cache{$res_name}; hg_clone_fetch_chdir($project, $options); - my ($stdout, $stderr, $success, $exit_code) + if (!$exec_noco) { + my ($stdout, $stderr, $success, $exit_code) = capture_exec('hg', 'update', '-C', $hg_hash); - exit_error "Cannot checkout $hg_hash:\n$stderr" unless $success; + exit_error "Cannot checkout $hg_hash:\n$stderr" unless $success; + } } else { chdir($config->{basedir}); } ===================================== lib/RBM/DefaultConfig.pm ===================================== @@ -126,9 +126,9 @@ our %default_config = ( abbrev_length => '12', abbrev => '[% IF c("git_url"); - exec("git log -1 --abbrev=" _ c("abbrev_length") _ " --format=%h " _ c("git_hash")); + exec("git log -1 --abbrev=" _ c("abbrev_length") _ " --format=%h " _ c("git_hash"), { exec_noco => 1 }); ELSE; - exec(c("hg") _ " id -i -r " _ c("hg_hash")); + exec(c("hg") _ " id -i -r " _ c("hg_hash"), { exec_noco => 1 }); END; %]', timestamp => sub { @@ -136,12 +136,14 @@ our %default_config = ( if (RBM::project_config($project, 'git_url', $options)) { my $git_hash = RBM::project_config($project, 'git_hash', $options); return RBM::execute($project, - "git show -s --format=format:%ct ${git_hash}^{commit}", $options); + "git show -s --format=format:%ct ${git_hash}^{commit}", + { %$options, exec_noco => 1 }); } elsif (RBM::project_config($project, 'hg_url', $options)) { my $hg = RBM::project_config($project, 'hg', $options); my $hg_hash = RBM::project_config($project, 'hg_hash', $options); my $changeset = RBM::execute($project, - "$hg export --noninteractive -r $hg_hash", $options); + "$hg export --noninteractive -r $hg_hash", + { %$options, exec_noco => 1 }); foreach my $line (split "\n", $changeset) { return $1 if ($line =~ m/^# Date (\d+) \d+/); } View it on GitLab: https://gitlab.torproject.org/tpo/applications/rbm/-/commit/f18daa3f93d1aec… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/rbm/-/commit/f18daa3f93d1aec… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Update release prep issue templates
by morgan (＠morgan) 25 Oct '24

25 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 309821b4 by Morgan at 2024-10-25T00:31:34+00:00 Update release prep issue templates - - - - - 5 changed files: - .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md - .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md - .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md - + .gitlab/issue_templates/Release Prep - Tor Browser Legacy.md - .gitlab/issue_templates/Release Prep - Tor Browser Stable.md Changes: ===================================== .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md ===================================== @@ -1,83 +1,96 @@ +# Release Prep Mullvad Browser Alpha + +- **NOTE** It is assumed the `mullvad-browser` alpha rebase and security backport tasks have been completed +- **NOTE** This can/is often done in conjunction with the equivalent Tor Browser release prep issue + <details> <summary>Explanation of variables</summary> -- `$(BUILD_SERVER)` : the server the main builder is using to build a mullvad-browser release -- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER) - - **example** : `pierov` -- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process -- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building mullvad-browser tags, labels, etc - - **example** : `91.6.0` -- `$(MULLVAD_BROWSER_MAJOR)` : the Mullvad Browser major version - - **example** : `11` -- `$(MULLVAD_BROWSER_MINOR)` : the Mullvad Browser minor version - - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` -- `$(MULLVAD_BROWSER_VERSION)` : the Mullvad Browser version in the format - - **example** : `12.5a3`, `12.0.3` -- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(MULLVAD_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build. - - **example** : `build1` -- `$(MULLVAD_BROWSER_BUILD_N)` : the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits - - **example** : `build2` - - **NOTE** : A project's `$(BUILD_N)` and `$(MULLVAD_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For **example** : - - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(MULLVAD_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(MULLVAD_BROWSER_VERSION)` will increase) - - if we have build failures unrelated to `mullvad-browser`, the `$(MULLVAD_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same. -- `$(MULLVAD_BROWSER_VERSION)` : the published Mullvad Browser version - - **example** : `11.5a6`, `11.0.7` -- `$(MB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Mullvad Browser version - - **example** : `mb-12.0.7-build1` +- `${BUILD_SERVER}`: the server the main builder is using to build a browser release +- `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER} + - **example**: `pierov` +- `${STAGING_SERVER}`: the server the signer is using to to run the signing process +- `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc + - **example**: `91.6.0` +- `${MULLVAD_BROWSER_MAJOR}`: the Mullvad Browser major version + - **example**: `11` +- `${MULLVAD_BROWSER_MINOR}`: the Mullvad Browser minor version + - **example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `${MULLVAD_BROWSER_VERSION}`: the Mullvad Browser version in the format + - **example**: `12.5a3`, `12.0.3` +- `${BUILD_N}`: a project's build revision within a its branch; this is separate from the `${MULLVAD_BROWSER_BUILD_N}` value; many of the Firefox-related projects have a `${BUILD_N}` suffix and may differ between projects even when they contribute to the same build. + - **example**: `build1` +- `${MULLVAD_BROWSER_BUILD_N}`: the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits + - **example**: `build2` + - **⚠️ WARNING**: A project's `${BUILD_N}` and `${MULLVAD_BROWSER_BUILD_N}` may be the same, but it is possible for them to diverge. For **example** : + - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `${BUILD_N}` value will increase, while the `${MULLVAD_BROWSER_BUILD_N}` value may stay at `build1` (but the `${MULLVAD_BROWSER_VERSION}` will increase) + - if we have build failures unrelated to `mullvad-browser`, the `${MULLVAD_BROWSER_BUILD_N}` value will increase while the `${BUILD_N}` will stay the same. +- `${MULLVAD_BROWSER_VERSION}`: the published Mullvad Browser version + - **example**: `11.5a6`, `11.0.7` +- `${MB_BUILD_TAG}`: the `tor-browser-build` build tag used to build a given Mullvad Browser version + - **example**: `mb-12.0.7-build1` +- `${RELEASE_DATE}`: the intended release date of this browser release; for ESR schedule-driven releases, this should match the upstream Firefox release date + - **example**: `2024-10-29` + </details> -**NOTE** It is assumed that the `tor-browser` alpha rebase and security backport tasks have been completed +<details> + <summary>Build Configuration</summary> -**NOTE** This can/is often done in conjunction with the equivalent Tor Browser release prep issue +### mullvad-browser: https://gitlab.torproject.org/tpo/applications/mullvad-browser.git -<details> - <summary>Building</summary> +- [ ] Tag `mullvad-browser` commit: + - **example**: `mullvad-browser-128.4.0esr-14.5-1-build1` ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git Mullvad Browser Alpha (and Nightly) are on the `main` branch -- [ ] Update `rbm.conf` - - [ ] `var/torbrowser_version` : update to next version - - [ ] `var/torbrowser_build` : update to `$(MULLVAD_BROWSER_BUILD_N)` - - [ ] `var/browser_release_date` : update to build date. For the build to be reproducible, the date should be in the past when building. - - [ ] `var/torbrowser_incremental_from` : update to previous Desktop version - - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update - - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make mullvadbrowser-incrementals-*` step will fail -- [ ] Update build configs - - [ ] Update `projects/firefox/config` - - [ ] `browser_build` : update to match `mullvad-browser` tag - - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased - - [ ] Update `projects/translation/config`: - - [ ] run `make list_translation_updates-alpha` to get updated hashes - - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch - - [ ] `steps/mullvad-browser/git_hash` : update with `HEAD` commit of project's `mullvad-browser` branch -- [ ] Update common build configs - - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript - - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for uBlock-origin updates here : https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ - - [ ] ***(Optional)*** If new version available, update `ublock-origin` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for Mullvad Browser Extension updates here : https://github.com/mullvad/browser-extension/releases - - [ ] ***(Optional)*** If new version available, update `mullvad-extension` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` -- [ ] Update `ChangeLog-MB.txt` - - [ ] Ensure `ChangeLog-MB.txt` is sync'd between alpha and stable branches - - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones - - [ ] Run `./tools/fetch_changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs` - - Make sure you have `requests` installed (e.g., `apt install python3-requests`) - - The first time you run this script you will need to generate an access token; the script will guide you - - `$updateArgs` should be these arguments, depending on what you actually updated: - - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case) - - [ ] `--no-script` - - [ ] `--ublock` - - E.g., `./tools/fetch_changelogs.py 41029 --date 'December 19 2023' --firefox 115.6.0esr --no-script 11.4.29 --ublock 1.54.0` - - `--date $date` is optional, if omitted it will be the date on which you run the command - - [ ] Copy the output of the script to the beginning of `ChangeLog-MB.txt` and adjust its output +- [ ] Changelog bookkeeping: + - [ ] Ensure all commits to `mullvad-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue + - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels +- [ ] Create a release preparation branch from the `main` branch +- [ ] Run release preparation script: + - **NOTE**: You can omit the `--mullvad-browser` argument if this is for a joint Tor and Mullvad Browser release + - **⚠️ WARNING**: You may need to manually update the `firefox/config` file's `browser_build` field if `mullvad-browser.git` has not yet been tagged (e.g. if security backports have not yet been merged and tagged) + ```bash + ./tools/relprep.py --mullvad-browser --date ${RELEASE_DATE} ${MULLVAD_BROWSER_VERSION} + ``` +- [ ] Review build configuration changes: + - [ ] `rbm.conf` + - [ ] `var/torbrowser_version`: updated to next browser version + - [ ] `var/torbrowser_build`: updated to `${MULLVAD_BROWSER_BUILD_N}` + - [ ] `var/browser_release_date`: updated to build date. For the build to be reproducible, the date should be in the past when building. + - **⚠️ WARNING**: If we have updated `var/torbrowser_build` without updating the `firefox` tag, then we can leave this unchanged to avoid forcing a firefox re-build (e.g. when bumping `var/torbrowser_build` to build2, build3, etc due to non-firefox related build issues) + - [ ] `var/torbrowser_incremental_from`: updated to previous Desktop version + - **NOTE**: We try to build incrementals for the previous 3 desktop versions + - **⚠️ WARNING**: Really *actually* make sure this is the previous Desktop version or else the `make mullvadbrowser-incrementals-*` step will fail + - [ ] `projects/firefox/config` + - [ ] `browser_build`: updated to match `mullvad-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] ***(Optional)*** `projects/translation/config`: + - [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch + - [ ] `steps/mullvad-browser/git_hash`: updated with `HEAD` commit of project's `mullvad-browser` branch + - [ ] ***(Optional)*** `projects/browser/config`: + - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] uBlock-origin: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] Mullvad Browser extension: https://github.com/mullvad/browser-extension/releases + - [ ] `URL` updated + - [ ] `sha256sum` updated + - [ ] `ChangeLog-MB.txt`: ensure correctness + - [ ] Browser name correct + - [ ] Release date correct + - [ ] No Android updates + - [ ] All issues added under correct platform + - [ ] ESR updates correct + - [ ] Component updates correct - [ ] Open MR with above changes, using the template for release preparations + - **NOTE**: target the `main` branch - [ ] Merge - [ ] Sign+Tag - **NOTE** this must be done by one of: @@ -86,16 +99,25 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch - ma1 - morgan - pierov - - [ ] Run: `make mullvadbrowser-signtag-alpha` + - [ ] Run: + ```bash + make mullvadbrowser-signtag-alpha + ``` - [ ] Push tag to `upstream` - [ ] Build the tag: - - Run `make mullvadbrowser-alpha && make mullvadbrowser-incrementals-alpha` on: + - [ ] Run: + ```bash + make mullvadbrowser-alpha && make mullvadbrowser-incrementals-alpha + ``` - [ ] Tor Project build machine - [ ] Local developer machine - [ ] Submit build request to Mullvad infrastructure: - **NOTE** this requires a devmole authentication token - - Run `make mullvadbrowser-kick-devmole-build` -- [ ] Ensure builders have matching builds + - **NOTE** this also requires you be connected to a Swedish Mulvad VPN exit + - [ ] Run: + ```bash + make mullvadbrowser-kick-devmole-build + ``` </details> @@ -105,64 +127,84 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch ### release signing - [ ] Assign this issue to the signer, one of: - boklm + - ma1 - morgan -- [ ] On `$(STAGING_SERVER)`, ensure updated: - - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N) && git checkout tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N)` + - pierov +- [ ] Ensure all builders have matching builds +- [ ] On `${STAGING_SERVER}`, ensure updated: + - **NOTE** Having a local git branch with `main` as the upstream branch with these values saved means you only need to periodically `git pull --rebase` and update the `set-config.tbb-version` file + - [ ] `tor-browser-build` is on the right commit: `git tag -v mb-${MULLVAD_BROWSER_VERSION}-${MULLVAD_BROWSER_BUILD_N} && git checkout mb-${MULLVAD_BROWSER_VERSION}-${MULLVAD_BROWSER_BUILD_N}` - [ ] `tor-browser-build/tools/signing/set-config.hosts` - - `ssh_host_builder` : ssh hostname of machine with unsigned builds - - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory) - - `ssh_host_linux_signer` : ssh hostname of linux signing machine + - `ssh_host_builder`: ssh hostname of machine with unsigned builds + - `ssh_host_linux_signer`: ssh hostname of linux signing machine + - `builder_tor_browser_build_dir`: path on `ssh_host_builder` to root of builder's `tor-browser-build` clone containing unsigned builds - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect` - - `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos + - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos - [ ] `set-config.update-responses` - - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git` + - `update_responses_repository_dir`: directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git` - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` - - `tbb_version` : mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) - - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) - - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script: - - `cd tor-browser-build/tools/signing/` - - `./do-all-signing.mullvadbrowser` -- **NOTE**: at this point the signed binaries should have been copied to `staticiforme` -- [ ] Update `staticiforme.torproject.org`: - - From `screen` session on `staticiforme.torproject.org`: - - [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser` - - [ ] Static update components (again) : `static-update-component dist.torproject.org` + - `tbb_version`: mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) + - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) + - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script: + - [ ] Run: + ```bash + cd tor-browser-build/tools/signing/ && ./do-all-signing.mullvadbrowser + ``` + - **NOTE**: on successful execution, the signed binaries and mars should have been copied to `staticiforme` and update responses pushed </details> <details> <summary>Publishing</summary> +### website +- [ ] On `staticiforme.torproject.org`, remove old release and publish new: + - [ ] `/srv/dist-master.torproject.org/htdocs/mullvadbrowser` + - [ ] Run: + ```bash + static-update-component dist.torproject.org + ``` + ### mullvad-browser (GitHub): https://github.com/mullvad/mullvad-browser/ - [ ] Assign this issue to someone with mullvad commit access, one of: - boklm - ma1 - morgan - pierov +- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build: + - **Tag**: `${MULLVAD_BROWSER_VERSION}` + - **example**: `12.5a7` + - **Message**: `${ESR_VERSION}esr-based ${MULLVAD_BROWSER_VERSION}` + - **example**: `102.12.0esr-based 12.5a7` - [ ] Push this release's associated `mullvad-browser.git` branch to github - [ ] Push this release's associated tags to github: - [ ] Firefox ESR tag - - **example** : `FIREFOX_102_12_0esr_BUILD1` + - **example**: `FIREFOX_102_12_0esr_BUILD1` - [ ] `base-browser` tag - - **example** : `base-browser-102.12.0esr-12.0-1-build1` - - [ ] `mullvad-browser` tag - - **example** : `mullvad-browser-102.12.0esr-12.0-1-build1` -- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build: - - **Tag**: `$(MULLVAD_BROWSER_VERSION)` - - **example** : `12.5a7` - - **Message**: `$(ESR_VERSION)esr-based $(MULLVAD_BROWSER_VERSION)` - - **example** : `102.12.0esr-based 12.5a7` - - [ ] Push tag to github - -### email -- [ ] **(Once branch+tags pushed to GitHub)** Email Mullvad with release information: - - [ ] support alias: support(a)mullvadvpn.net - - [ ] Rui: rui(a)mullvad.net + - **example**: `base-browser-102.12.0esr-12.0-1-build1` + - [ ] `mullvad-browser` build tag + - **example**: `mullvad-browser-102.12.0esr-12.0-1-build1` + - [ ] `mullvad-browser` release tag + - **example**: `12.0.11` + +</details> + +<details> + <summary>Communications</summary> + +### Mullvad +- [ ] Email Mullvad with release information: + - **Recipients** + - Mullvad support alias: support(a)mullvadvpn.net + - Rui Hildt: rui(a)mullvad.net + ``` + support(a)mullvadvpn.net rui(a)mullvad.net + ``` - **Subject** ``` - New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (signed) + New build: Mullvad Browser ${MULLVAD_BROWSER_VERION} (signed) ``` - **Body** ``` @@ -170,28 +212,27 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch Branch+Tags have been pushed to Mullvad's GitHub repo. - - signed builds: https://dist.torproject.org/mullvadbrowser/$(MULLVAD_BROWSER_VERSION) - - update_response hashes: $(MULLVAD_UPDATE_RESPONSES_HASH) + - signed builds: https://dist.torproject.org/mullvadbrowser/${MULLVAD_BROWSER_VERSION} + - update_response hashes: ${MULLVAD_UPDATE_RESPONSES_HASH} changelog: + # paste changelog as quote here ... ``` -</details> - -<details> - <summary>Downstream</summary> - -### notify packagers -These steps depend on Mullvad having updated their [GitHub Releases](https://github.com/mullvad/mullvad-browser/releases/) page with the latest release -- [ ] **(Optional)** Email downstream consumers: +### packagers +- [ ] **(Optional, Once Packages are pushed to GitHub)** - **NOTE**: This is an optional step and only necessary close a major release/transition from alpha to stable, or if there are major packing changes these developers need to be aware of - - [ ] flathub package maintainer: proletarius101(a)protonmail.com - - [ ] arch package maintainer: bootctl(a)gmail.com - - [ ] nixOS package maintainer: dev(a)felschr.com + - **Recipients** + - flathub package maintainer: proletarius101(a)protonmail.com + - arch package maintainer: bootctl(a)gmail.com + - nixOS package maintainer: dev(a)felschr.com + ``` + proletarius101(a)protonmail.com bootctl(a)gmail.com dev(a)felschr.com + ``` - **Subject** ``` - Mullvad Browser $(MULLVAD_BROWSER_VERSION) released + Mullvad Browser ${MULLVAD_BROWSER_VERSION} released ``` - **Body** ``` @@ -208,4 +249,3 @@ These steps depend on Mullvad having updated their [GitHub Releases](https://git /label ~"Release Prep" /label ~"Sponsor 131" - ===================================== .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md ===================================== @@ -1,83 +1,96 @@ +# Release Prep Mullvad Browser Stable + +- **NOTE** It is assumed the `mullvad-browser` release rebase and security backport tasks have been completed +- **NOTE** This can/is often done in conjunction with the equivalent Tor Browser release prep issue + <details> <summary>Explanation of variables</summary> -- `$(BUILD_SERVER)` : the server the main builder is using to build a mullvad-browser release -- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER) - - **example** : `pierov` -- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process -- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building mullvad-browser tags, labels, etc - - **example** : `91.6.0` -- `$(MULLVAD_BROWSER_MAJOR)` : the Mullvad Browser major version - - **example** : `11` -- `$(MULLVAD_BROWSER_MINOR)` : the Mullvad Browser minor version - - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` -- `$(MULLVAD_BROWSER_VERSION)` : the Mullvad Browser version in the format - - **example** : `12.5a3`, `12.0.3` -- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(MULLVAD_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build. - - **example** : `build1` -- `$(MULLVAD_BROWSER_BUILD_N)` : the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits - - **example** : `build2` - - **NOTE** : A project's `$(BUILD_N)` and `$(MULLVAD_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For **example** : - - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(MULLVAD_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(MULLVAD_BROWSER_VERSION)` will increase) - - if we have build failures unrelated to `mullvad-browser`, the `$(MULLVAD_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same. -- `$(MULLVAD_BROWSER_VERSION)` : the published Mullvad Browser version - - **example** : `11.5a6`, `11.0.7` -- `$(MB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Mullvad Browser version - - **example** : `mb-12.0.7-build1` +- `${BUILD_SERVER}`: the server the main builder is using to build a browser release +- `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER} + - **example**: `pierov` +- `${STAGING_SERVER}`: the server the signer is using to to run the signing process +- `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc + - **example**: `91.6.0` +- `${MULLVAD_BROWSER_MAJOR}`: the Mullvad Browser major version + - **example**: `11` +- `${MULLVAD_BROWSER_MINOR}`: the Mullvad Browser minor version + - **example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `${MULLVAD_BROWSER_VERSION}`: the Mullvad Browser version in the format + - **example**: `12.5a3`, `12.0.3` +- `${BUILD_N}`: a project's build revision within a its branch; this is separate from the `${MULLVAD_BROWSER_BUILD_N}` value; many of the Firefox-related projects have a `${BUILD_N}` suffix and may differ between projects even when they contribute to the same build. + - **example**: `build1` +- `${MULLVAD_BROWSER_BUILD_N}`: the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits + - **example**: `build2` + - **⚠️ WARNING**: A project's `${BUILD_N}` and `${MULLVAD_BROWSER_BUILD_N}` may be the same, but it is possible for them to diverge. For **example** : + - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `${BUILD_N}` value will increase, while the `${MULLVAD_BROWSER_BUILD_N}` value may stay at `build1` (but the `${MULLVAD_BROWSER_VERSION}` will increase) + - if we have build failures unrelated to `mullvad-browser`, the `${MULLVAD_BROWSER_BUILD_N}` value will increase while the `${BUILD_N}` will stay the same. +- `${MULLVAD_BROWSER_VERSION}`: the published Mullvad Browser version + - **example**: `11.5a6`, `11.0.7` +- `${MB_BUILD_TAG}`: the `tor-browser-build` build tag used to build a given Mullvad Browser version + - **example**: `mb-12.0.7-build1` +- `${RELEASE_DATE}`: the intended release date of this browser release; for ESR schedule-driven releases, this should match the upstream Firefox release date + - **example**: `2024-10-29` + </details> -**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed +<details> + <summary>Build Configuration</summary> -**NOTE** This can/is often done in conjunction with the equivalent Tor Browser release prep issue +### mullvad-browser: https://gitlab.torproject.org/tpo/applications/mullvad-browser.git -<details> - <summary>Building</summary> +- [ ] Tag `mullvad-browser` commit: + - **example**: `mullvad-browser-128.3.0esr-14.0-1-build1` ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git -Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MULLVAD_BROWSER_MINOR)` (and possibly more specific) branches - -- [ ] Update `rbm.conf` - - [ ] `var/torbrowser_version` : update to next version - - [ ] `var/torbrowser_build` : update to `$(MULLVAD_BROWSER_BUILD_N)` - - [ ] `var/browser_release_date` : update to build date. For the build to be reproducible, the date should be in the past when building. - - [ ] `var/torbrowser_incremental_from` : update to previous Desktop version - - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update - - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make mullvadbrowser-incrementals-*` step will fail -- [ ] Update build configs - - [ ] Update `projects/firefox/config` - - [ ] `browser_build` : update to match `mullvad-browser` tag - - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased - - [ ] Update `projects/translation/config`: - - [ ] run `make list_translation_updates-release` to get updated hashes - - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch - - [ ] `steps/mullvad-browser/git_hash` : update with `HEAD` commit of project's `mullvad-browser` branch -- [ ] Update common build configs - - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript - - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for uBlock-origin updates here : https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ - - [ ] ***(Optional)*** If new version available, update `ublock-origin` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for Mullvad Browser Extension updates here : https://github.com/mullvad/browser-extension/releases - - [ ] ***(Optional)*** If new version available, update `mullvad-extension` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` -- [ ] Update `ChangeLog-MB.txt` - - [ ] Ensure `ChangeLog-MB.txt` is sync'd between alpha and stable branches - - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones - - [ ] Run `./tools/fetch-changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs` - - Make sure you have `requests` installed (e.g., `apt install python3-requests`) - - The first time you run this script you will need to generate an access token; the script will guide you - - `$updateArgs` should be these arguments, depending on what you actually updated: - - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case) - - [ ] `--no-script` - - [ ] `--ublock` - - E.g., `./tools/fetch-changelogs.py 41029 --date 'December 19 2023' --firefox 115.6.0esr --no-script 11.4.29 --ublock 1.54.0` - - `--date $date` is optional, if omitted it will be the date on which you run the command - - [ ] Copy the output of the script to the beginning of `ChangeLog-MB.txt` and adjust its output +Mullvad Browser Stable is on the `maint-${MULLVAD_BROWSER_MAJOR}.${MULLVAD_BROWSER_MINOR}` branch + +- [ ] Changelog bookkeeping: + - [ ] Ensure all commits to `mullvad-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue + - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels +- [ ] Create a release preparation branch from the current `maint-XX.Y` branch +- [ ] Run release preparation script: + - **NOTE**: You can omit the `--mullvad-browser` argument if this is for a joint Tor and Mullvad Browser release + - **⚠️ WARNING**: You may need to manually update the `firefox/config` file's `browser_build` field if `mullvad-browser.git` has not yet been tagged (e.g. if security backports have not yet been merged and tagged) + ```bash + ./tools/relprep.py --mullvad-browser --date ${RELEASE_DATE} ${MULLVAD_BROWSER_VERSION} + ``` +- [ ] Review build configuration changes: + - [ ] `rbm.conf` + - [ ] `var/torbrowser_version`: updated to next browser version + - [ ] `var/torbrowser_build`: updated to `${MULLVAD_BROWSER_BUILD_N}` + - [ ] `var/browser_release_date`: updated to build date. For the build to be reproducible, the date should be in the past when building. + - **⚠️ WARNING**: If we have updated `var/torbrowser_build` without updating the `firefox` tag, then we can leave this unchanged to avoid forcing a firefox re-build (e.g. when bumping `var/torbrowser_build` to build2, build3, etc due to non-firefox related build issues) + - [ ] `var/torbrowser_incremental_from`: updated to previous Desktop version + - **NOTE**: We try to build incrementals for the previous 3 desktop versions + - **⚠️ WARNING**: Really *actually* make sure this is the previous Desktop version or else the `make mullvadbrowser-incrementals-*` step will fail + - [ ] `projects/firefox/config` + - [ ] `browser_build`: updated to match `mullvad-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] ***(Optional)*** `projects/translation/config`: + - [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch + - [ ] `steps/mullvad-browser/git_hash`: updated with `HEAD` commit of project's `mullvad-browser` branch + - [ ] ***(Optional)*** `projects/browser/config`: + - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] uBlock-origin: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] Mullvad Browser extension: https://github.com/mullvad/browser-extension/releases + - [ ] `URL` updated + - [ ] `sha256sum` updated + - [ ] `ChangeLog-MB.txt`: ensure correctness + - [ ] Browser name correct + - [ ] Release date correct + - [ ] No Android updates + - [ ] All issues added under correct platform + - [ ] ESR updates correct + - [ ] Component updates correct - [ ] Open MR with above changes, using the template for release preparations + - **NOTE**: target the `maint-14.0` branch - [ ] Merge - [ ] Sign+Tag - **NOTE** this must be done by one of: @@ -86,16 +99,25 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU - ma1 - morgan - pierov - - [ ] Run: `make mullvadbrowser-signtag-release` + - [ ] Run: + ```bash + make mullvadbrowser-signtag-release + ``` - [ ] Push tag to `upstream` - [ ] Build the tag: - - Run `make mullvadbrowser-release && make mullvadbrowser-incrementals-release` + - [ ] Run: + ```bash + make mullvadbrowser-release && make mullvadbrowser-incrementals-release + ``` - [ ] Tor Project build machine - [ ] Local developer machine - [ ] Submit build request to Mullvad infrastructure: - **NOTE** this requires a devmole authentication token - - Run `make mullvadbrowser-kick-devmole-build` -- [ ] Ensure builders have matching builds + - **NOTE** this also requires you be connected to a Swedish Mulvad VPN exit + - [ ] Run: + ```bash + make mullvadbrowser-kick-devmole-build + ``` </details> @@ -105,64 +127,84 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU ### release signing - [ ] Assign this issue to the signer, one of: - boklm + - ma1 - morgan -- [ ] On `$(STAGING_SERVER)`, ensure updated: - - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N) && git checkout tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N)` - - [ ] `tor-browser-build/tools/signing/set-config.hosts` - - `ssh_host_builder` : ssh hostname of machine with unsigned builds - - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory) - - `ssh_host_linux_signer` : ssh hostname of linux signing machine + - pierov +- [ ] Ensure all builders have matching builds +- [ ] On `${STAGING_SERVER}`, ensure updated: + - **NOTE** Having a local git branch with `maint-14.0` as the upstream branch with these values saved means you only need to periodically `git pull --rebase` and update the `set-config.tbb-version` file + - [ ] `tor-browser-build` is on the right commit: `git tag -v mb-${MULLVAD_BROWSER_VERSION}-${MULLVAD_BROWSER_BUILD_N} && git checkout mb-${MULLVAD_BROWSER_VERSION}-${MULLVAD_BROWSER_BUILD_N}` + - [ ] `tor-browser-build/tools/signing/set-config.hosts` + - `ssh_host_builder`: ssh hostname of machine with unsigned builds + - `ssh_host_linux_signer`: ssh hostname of linux signing machine + - `builder_tor_browser_build_dir`: path on `ssh_host_builder` to root of builder's `tor-browser-build` clone containing unsigned builds - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect` - - `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos + - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos - [ ] `set-config.update-responses` - - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git` + - `update_responses_repository_dir`: directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git` - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` - - `tbb_version` : mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) - - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) - - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script: - - `cd tor-browser-build/tools/signing/` - - `./do-all-signing.mullvadbrowser` -- **NOTE**: at this point the signed binaries should have been copied to `staticiforme` -- [ ] Update `staticiforme.torproject.org`: - - From `screen` session on `staticiforme.torproject.org`: - - [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser` - - [ ] Static update components (again) : `static-update-component dist.torproject.org` + - `tbb_version`: mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) + - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) + - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script: + - [ ] Run: + ```bash + cd tor-browser-build/tools/signing/ && ./do-all-signing.mullvadbrowser + ``` + - **NOTE**: on successful execution, the signed binaries and mars should have been copied to `staticiforme` and update responses pushed </details> <details> <summary>Publishing</summary> +### website +- [ ] On `staticiforme.torproject.org`, remove old release and publish new: + - [ ] `/srv/dist-master.torproject.org/htdocs/mullvadbrowser` + - [ ] Run: + ```bash + static-update-component dist.torproject.org + ``` + ### mullvad-browser (GitHub): https://github.com/mullvad/mullvad-browser/ - [ ] Assign this issue to someone with mullvad commit access, one of: - boklm - ma1 - morgan - pierov +- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build: + - **Tag**: `${MULLVAD_BROWSER_VERSION}` + - **example**: `12.5a7` + - **Message**: `${ESR_VERSION}esr-based ${MULLVAD_BROWSER_VERSION}` + - **example**: `102.12.0esr-based 12.5a7` - [ ] Push this release's associated `mullvad-browser.git` branch to github - [ ] Push this release's associated tags to github: - [ ] Firefox ESR tag - - **example** : `FIREFOX_102_12_0esr_BUILD1` + - **example**: `FIREFOX_102_12_0esr_BUILD1` - [ ] `base-browser` tag - - **example** : `base-browser-102.12.0esr-12.0-1-build1` - - [ ] `mullvad-browser` tag - - **example** : `mullvad-browser-102.12.0esr-12.0-1-build1` -- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build: - - **Tag**: `$(MULLVAD_BROWSER_VERSION)` - - **example** : `12.0.7` - - **Message**: `$(ESR_VERSION)esr-based $(MULLVAD_BROWSER_VERSION)` - - **example** : `102.12.0esr-based 12.0.7` - - [ ] Push tag to github - -### email -- [ ] **(Once branch+tags pushed to GitHub)** Email Mullvad with release information: - - [ ] support alias: support(a)mullvadvpn.net - - [ ] Rui: rui(a)mullvad.net + - **example**: `base-browser-102.12.0esr-12.0-1-build1` + - [ ] `mullvad-browser` build tag + - **example**: `mullvad-browser-102.12.0esr-12.0-1-build1` + - [ ] `mullvad-browser` release tag + - **example**: `12.0.11` + +</details> + +<details> + <summary>Communications</summary> + +### Mullvad +- [ ] Email Mullvad with release information: + - **Recipients** + - Mullvad support alias: support(a)mullvadvpn.net + - Rui Hildt: rui(a)mullvad.net + ``` + support(a)mullvadvpn.net rui(a)mullvad.net + ``` - **Subject** ``` - New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (signed) + New build: Mullvad Browser ${MULLVAD_BROWSER_VERION} (signed) ``` - **Body** ``` @@ -170,27 +212,26 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU Branch+Tags have been pushed to Mullvad's GitHub repo. - - signed builds: https://dist.torproject.org/mullvadbrowser/$(MULLVAD_BROWSER_VERSION) - - update_response hashes: $(MULLVAD_UPDATE_RESPONSES_HASH) + - signed builds: https://dist.torproject.org/mullvadbrowser/${MULLVAD_BROWSER_VERSION} + - update_response hashes: ${MULLVAD_UPDATE_RESPONSES_HASH} changelog: + # paste changelog as quote here ... ``` -</details> - -<details> - <summary>Downstream</summary> - -### notify packagers -These steps depend on Mullvad having updated their [GitHub Releases](https://github.com/mullvad/mullvad-browser/releases/) page with the latest release -- [ ] Email downstream consumers: - - [ ] flathub package maintainer: proletarius101(a)protonmail.com - - [ ] arch package maintainer: bootctl(a)gmail.com - - [ ] nixOS package maintainer: dev(a)felschr.com +### packagers +- [ ] **(Once Packages are pushed to GitHub)** + - **Recipients** + - flathub package maintainer: proletarius101(a)protonmail.com + - arch package maintainer: bootctl(a)gmail.com + - nixOS package maintainer: dev(a)felschr.com + ``` + proletarius101(a)protonmail.com bootctl(a)gmail.com dev(a)felschr.com + ``` - **Subject** ``` - Mullvad Browser $(MULLVAD_BROWSER_VERSION) released + Mullvad Browser ${MULLVAD_BROWSER_VERSION} released ``` - **Body** ``` @@ -204,11 +245,12 @@ These steps depend on Mullvad having updated their [GitHub Releases](https://git ``` ### merge requests -- [ ] homebrew: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/m/mullvad-brows… - - **NOTE**: should just need to update `version` and `sha256` to latest +- [ ] **(Once Packages are pushed to GitHub)** + - [ ] homebrew: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/m/mullvad-brows… + - **NOTE**: a bot seems to pick this up without needing our intervention these days + - **NOTE**: should just need to update `version` and `sha256` to latest </details> /label ~"Release Prep" -/label ~"Sponsor 131" - +/label ~"Sponsor 131" ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md ===================================== @@ -1,112 +1,120 @@ +# Release Prep Tor Browser Alpha + +- **NOTE** It is assumed the `tor-browser` alpha rebase and security backport tasks have been completed +- **NOTE** This can/is often done in conjunction with the equivalent Mullvad Browser release prep issue + <details> <summary>Explanation of variables</summary> -- `$(BUILD_SERVER)` : the server the main builder is using to build a tor-browser release -- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER) - - **example** : `pierov` -- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process -- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc - - **example** : `91.6.0` -- `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version - - **example** : `11` -- `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version - - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` -- `$(TOR_BROWSER_VERSION)` : the Tor Browser version in the format - - **example** : `12.5a3`, `12.0.3` -- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(TOR_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build. - - **example** : `build1` -- `$(TOR_BROWSER_BUILD_N)` : the tor-browser build revision for a given Tor Browser release; used in tagging git commits - - **example** : `build2` - - **NOTE** : A project's `$(BUILD_N)` and `$(TOR_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example : - - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(TOR_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(TOR_BROWSER_VERSION)` will increase) - - if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same. -- `$(TOR_BROWSER_VERSION)` : the published Tor Browser version - - **example** : `11.5a6`, `11.0.7` -- `$(TBB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Tor Browser version - - **example** : `tbb-12.5a7-build1` -</details> +- `${BUILD_SERVER}`: the server the main builder is using to build a browser release +- `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER} + - **example**: `pierov` +- `${STAGING_SERVER}`: the server the signer is using to to run the signing process +- `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc + - **example**: `91.6.0` +- `${TOR_BROWSER_MAJOR}`: the Tor Browser major version + - **example**: `11` +- `${TOR_BROWSER_MINOR}`: the Tor Browser minor version + - **example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `${TOR_BROWSER_VERSION}`: the Tor Browser version in the format + - **example**: `12.5a3`, `12.0.3` +- `${BUILD_N}`: a project's build revision within a its branch; this is separate from the `${TOR_BROWSER_BUILD_N}` value; many of the Firefox-related projects have a `${BUILD_N}` suffix and may differ between projects even when they contribute to the same build. + - **example**: `build1` +- `${TOR_BROWSER_BUILD_N}`: the tor-browser build revision for a given Tor Browser release; used in tagging git commits + - **example**: `build2` + - **⚠️ WARNING**: A project's `${BUILD_N}` and `${TOR_BROWSER_BUILD_N}` may be the same, but it is possible for them to diverge. For example : + - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `${BUILD_N}` value will increase, while the `${TOR_BROWSER_BUILD_N}` value may stay at `build1` (but the `${TOR_BROWSER_VERSION}` will increase) + - if we have build failures unrelated to `tor-browser`, the `${TOR_BROWSER_BUILD_N}` value will increase while the `${BUILD_N}` will stay the same. +- `${TOR_BROWSER_VERSION}`: the published Tor Browser version + - **example**: `11.5a6`, `11.0.7` +- `${TBB_BUILD_TAG}`: the `tor-browser-build` build tag used to build a given Tor Browser version + - **example**: `tbb-12.5a7-build1` +- `${RELEASE_DATE}`: the intended release date of this browser release; for ESR schedule-driven releases, this should match the upstream Firefox release date + - **example**: `2024-10-29` -**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed -**NOTE** This can/is often done in conjunction with the equivalent Mullvad Browser release prep issue +</details> <details> - <summary>Building</summary> + <summary>Build Configuration</summary> + +### tor-browser: https://gitlab.torproject.org/tpo/applications/tor-browser.git + +- [ ] Tag `tor-browser` in tor-browser.git + - **example**: `tor-browser-128.4.0esr-14.5-1-build1` ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git Tor Browser Alpha (and Nightly) are on the `main` branch -- [ ] Update `rbm.conf` - - [ ] `var/torbrowser_version` : update to next version - - [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)` - - [ ] `var/browser_release_date` : update to build date. For the build to be reproducible, the date should be in the past when building. - - [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from` : update to previous Desktop version - - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update - - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail -- [ ] Update Desktop-specific build configs - - [ ] Update `projects/firefox/config` - - [ ] `browser_build` : update to match `tor-browser` tag - - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased -- [ ] Update Android-specific build configs - - [ ] Update `projects/geckoview/config` - - [ ] `browser_build` : update to match `tor-browser` tag - - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased - - [ ] ***(Optional)*** Update `projects/application-services/config`: - **NOTE** we don't currently have any of our own patches for this project - - [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)` -- [ ] Update `projects/translation/config`: - - [ ] run `make list_translation_updates-alpha` to get updated hashes - - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch - - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch - - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch -- [ ] Update common build configs - - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript - - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for OpenSSL updates here : https://www.openssl.org/source/ - - [ ] ***(Optional)*** If new 3.0.X version available, update `projects/openssl/config` - - [ ] `version` : update to next 3.0.X version - - [ ] `input_files/sha256sum` : update to sha256 sum of source tarball - - [ ] Check for zlib updates here: https://github.com/madler/zlib/releases - - [ ] **(Optional)** If new tag available, update `projects/zlib/config` - - [ ] `version` : update to next release tag - - [ ] Check for Zstandard updates here: https://github.com/facebook/zstd/releases - - [ ] **(Optional)** If new tag available, update `projects/zstd/config` - - [ ] `version` : update to next release tag - - [ ] `git_hash`: update to the commit corresponding to the tag (we don't check signatures for Zstandard) - - [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags - - [ ] ***(Optional)*** Update `projects/tor/config` - - [ ] `version` : update to latest `-alpha` tag or release tag if newer (ping dgoulet or ahf if unsure) - - [ ] Check for go updates here : https://go.dev/dl - - **NOTE** : In general, Tor Browser Alpha uses the latest Stable major series Go version, but there are sometimes exceptions. Check with the anti-censorship team before doing a major version update in case there is incompatibilities. - - [ ] ***(Optional)*** Update `projects/go/config` - - [ ] `version` : update go version - - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page) - - [ ] Check for manual updates by running (from `tor-browser-build` root): `./tools/update_manual.py` - - [ ] ***(Optional)*** If new version is available: - - [ ] Upload the downloaded `manual_$PIPELINEID.zip` file to `tb-build-02.torproject.org` - - The script will tell if it's necessary to - - [ ] Deploy to `tb-builder`'s `public_html` directory: - - `sudo -u tb-builder cp manual_$PIPELINEID.zip ~tb-builder/public_html/.` - - [ ] Add `projects/manual/config` to the stage area if the script updated it. -- [ ] Update `ChangeLog-TBB.txt` - - [ ] Ensure `ChangeLog-TBB.txt` is sync'd between alpha and stable branches - - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones - - [ ] Run `./tools/fetch_changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs` - - Make sure you have `requests` installed (e.g., `apt install python3-requests`) - - The first time you run this script you will need to generate an access token; the script will guide you - - `$updateArgs` should be these arguments, depending on what you actually updated: - - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case) - - [ ] `--tor` - - [ ] `--no-script` - - [ ] `--openssl` - - [ ] `--zlib` - - [ ] `--zstd` - - [ ] `--go` - - E.g., `./tools/fetch_changelogs.py 41028 --date 'December 19 2023' --firefox 115.6.0esr --tor 0.4.8.10 --no-script 11.4.29 --zlib 1.3 --go 1.21.5 --openssl 3.0.12` - - `--date $date` is optional, if omitted it will be the date on which you run the command - - [ ] Copy the output of the script to the beginning of `ChangeLog-TBB.txt` and adjust its output +- [ ] Changelog bookkeeping: + - [ ] Ensure all commits to `tor-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue + - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Android, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels +- [ ] Create a release preparation branch from the `main` branch +- [ ] Run release preparation script: + - **NOTE**: You can omit the `--tor-browser` argument if this is for a jointt Tor and Mullvad Browser release + - **⚠️ WARNING**: You may need to manually update the `firefox/config` and `geckoview/config` files' `browser_build` field if `tor-browser.git` has not yet been tagged (e.g. if security backports have not yet been merged and tagged) + ```bash + ./tools/relprep.py --tor-browser --date ${RELEASE_DATE} ${TOR_BROWSER_VERSION} + ``` +- [ ] Review build configuration changes: + - [ ] `rbm.conf` + - [ ] `var/torbrowser_version`: updated to next browser version + - [ ] `var/torbrowser_build`: updated to `${TOR_BROWSER_BUILD_N}` + - [ ] `var/browser_release_date`: updated to build date. For the build to be reproducible, the date should be in the past when building. + - **⚠️ WARNING**: If we have updated `var/torbrowser_build` without updating the `firefox` or `geckoview` tags, then we can leave this unchanged to avoid forcing a firefox re-build (e.g. when bumping `var/torbrwoser_build` to build2, build3, etc due to non-firefox related build issues) + - [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from`: updated to previous Desktop version + - **NOTE**: We try to build incrementals for the previous 3 desktop versions + - **⚠️ WARNING**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail + - [ ] `projects/firefox/config` + - [ ] `browser_build`: updated to match `tor-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] `projects/geckoview/config` + - [ ] `browser_build`: updated to match `tor-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] ***(Optional)*** `projects/translation/config`: + - [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch + - [ ] `steps/tor-browser/git_hash`: updated with `HEAD` commit of project's `tor-browser` branch + - [ ] `steps/fenix/git_hash`: updated with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch + - [ ] ***(Optional)*** `projects/browser/config`: + - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] ***(Optional)*** `projects/openssl/config`: https://www.openssl.org/source/ + - **NOTE**: Only if new LTS version (3.0.X currrently) available + - [ ] `version`: updated to next LTS version + - [ ] `input_files/sha256sum`: updated to sha256 sum of source tarball + - [ ] **(Optional)** `projects/zlib/config`: https://github.com/madler/zlib/releases + - **NOTE**: Only if new tag available + - [ ] `version`: updated to next release tag + - [ ] **(Optional)** `projects/zstd/config`: https://github.com/facebook/zstd/releases + - **NOTE**: Only if new tag available; Android-only for now + - [ ] `version`: updated to next release tag + - [ ] `git_hash`: updated to the commit corresponding to the tag (we don't check signatures for Zstandard) + - [ ] **(Optional)** `projects/tor/config` https://gitlab.torproject.org/tpo/core/tor/-/tags + - [ ] `version`: updated to latest `-alpha` tag or release tag if newer (ping **dgoulet** or **ahf** if unsure) + - [ ] **(Optional)** `projects/go/config` https://go.dev/dl + - **NOTE**: In general, Tor Browser Alpha uses the latest Stable major series Go version, but there are sometimes exceptions. Check with the anti-censorship team before doing a major version update in case there is incompatibilities. + - [ ] `version`: updated go version + - [ ] `input_files/sha256sum` for `go`: update sha256sum of archive (sha256 sums are displayed on the go download page) + - [ ] **(Optional)** `projects/manual/config` + - [ ] `version`: updated to latest pipeline id + - [ ] `input_files/shasum` for `manual`: updated to manual hash + - [ ] Upload the downloaded `manual_${PIPELINEID}.zip` file to `tb-build-02.torproject.org` + - [ ] Deploy to `tb-builder`'s `public_html` directory: + - [ ] Run: + ```bash + sudo -u tb-builder cp manual_${PIPELINEID}.zip ~tb-builder/public_html/. + ``` + - `sudo` documentation for TPO machines: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/doc/accounts#changingres… + - [ ] `ChangeLog-TBB.txt`: ensure correctness + - [ ] Browser name correct + - [ ] Release date correct + - [ ] No Android updates on a desktop-only release and vice-versa + - [ ] All issues added under correct platform + - [ ] ESR updates correct + - [ ] Component updates correct - [ ] Open MR with above changes, using the template for release preparations + - **NOTE**: target the `main` branch - [ ] Merge - [ ] Sign+Tag - **NOTE** this must be done by one of: @@ -115,55 +123,53 @@ Tor Browser Alpha (and Nightly) are on the `main` branch - ma1 - morgan - pierov - - [ ] Run: `make torbrowser-signtag-alpha` + - [ ] Run: + ```bash + make torbrowser-signtag-alpha + ``` - [ ] Push tag to `upstream` - [ ] Build the tag: - - Run `make torbrowser-alpha && make torbrowser-incrementals-alpha` + - [ ] Run: + ```bash + make torbrowser-alpha && make torbrowser-incrementals-alpha + ``` - [ ] Tor Project build machine - [ ] Local developer machine - [ ] Submit build request to Mullvad infrastructure: - **NOTE** this requires a devmole authentication token - - Run `make torbrowser-kick-devmole-build` -- [ ] Ensure builders have matching builds + - **NOTE** this also requires you be connected to a Swedish Mulvad VPN exit + - [ ] Run: + ```bash + make torbrowser-kick-devmole-build + ``` </details> <details> - <summary>Communications</summary> - -### notify stakeholders -- [ ] **(Once builds confirmed matching)** Email tor-qa mailing list with release information - - [ ] tor-qa: tor-qa(a)lists.torproject.org - - **Subject** - ``` - Tor Browser $(TOR_BROWSER_VERION) (Android, Windows, macOS, Linux) - ``` - - **Body** - ``` - Hello, - - Unsigned Tor Browser $(TOR_BROWSER_VERSION) alpha candidate builds are now available for testing: - - - https://tb-build-02.torproject.org/~$(BUILDER)/builds/torbrowser/alpha/unsi… - - The full changelog can be found here: - - - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/$(TB… - ``` -- [ ] ***(Optional, only around build/packaging changes)*** Email packagers: - - [ ] Tails dev mailing list: tails-dev(a)boum.org - - [ ] Guardian Project: nathan(a)guardianproject.info - - [ ] FreeBSD port: freebsd(a)sysctl.cz  - - [ ] OpenBSD port: caspar(a)schutijser.com  - - [ ] Anti-Censorship: meskio(a)torproject.org - - [ ] Note any changes which may affect packaging/downstream integration -- [ ] ***(Optional, only after internal API-breaking changes)*** Email downstream project maintainers: - - [ ] selenium-tor: matzfan(a)tempr.email  -- [ ] ***(Optional, after ESR migration)*** Email external partners: - - [ ] Cloudflare: ask-research(a)cloudflare.com - - **NOTE** : We need to provide them with updated user agent string so they can update their internal machinery to prevent Tor Browser users from getting so many CAPTCHAs - - [ ] Startpage: admin(a)startpage.com - - **NOTE** : Startpage also needs the updated user-agent string for better experience on their onion service sites. + <summary>Website</summary> + + ### downloads: https://gitlab.torproject.org/tpo/web/tpo.git + - [ ] `databags/versions.ini`: Update the downloads versions + - `torbrowser-stable/version`: catch-all for latest stable version + - `torbrowser-alpha/version`: catch-all for latest alpha version + - `torbrowser-legacy/version`: catch-all for latest ESR-115 version + - `torbrowser-*-stable/version`: platform-specific stable versions + - `torbrowser-*-alpha/version`: platform-specific alpha versions + - `torbrowser-*-legacy/version`: platform-specific legacy versions + - [ ] Push to origin as new branch and create MR + - [ ] Review + - [ ] Merge + - **⚠️ WARNING**: Do not deploy yet! + + ### blog: https://gitlab.torproject.org/tpo/web/blog.git + - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory) + - [ ] Note any ESR update + - [ ] Thank any users which have contributed patches + - [ ] **(Optional)** Draft any additional sections for new features which need testing, known issues, etc + - [ ] Push to origin as new branch and open MR + - [ ] Review + - [ ] Merge + - **⚠️ WARNING**: Do not deploy yet! </details> @@ -171,38 +177,34 @@ Tor Browser Alpha (and Nightly) are on the `main` branch <summary>Signing</summary> ### release signing -- **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long - [ ] Assign this issue to the signer, one of: - boklm + - ma1 - morgan -- [ ] On `$(STAGING_SERVER)`, ensure updated: - - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)` + - pierov +- [ ] Ensure all builders have matching builds +- [ ] On `${STAGING_SERVER}`, ensure updated: + - **NOTE** Having a local git branch with `main` as the upstream branch with these values saved means you only need to periodically `git pull --rebase` and update the `set-config.tbb-version` file + - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N} && git checkout tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N}` - [ ] `tor-browser-build/tools/signing/set-config.hosts` - - `ssh_host_builder` : ssh hostname of machine with unsigned builds - - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory) - - `ssh_host_linux_signer` : ssh hostname of linux signing machine + - `ssh_host_builder`: ssh hostname of machine with unsigned builds + - `ssh_host_linux_signer`: ssh hostname of linux signing machine + - `builder_tor_browser_build_dir`: path on `ssh_host_builder` to root of builder's `tor-browser-build` clone containing unsigned builds - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect` - - `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos + - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos - [ ] `set-config.update-responses` - - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git` + - `update_responses_repository_dir`: directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git` - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` - - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) - - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) - - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script: - - `cd tor-browser-build/tools/signing/` - - `./do-all-signing.torbrowser` -- **NOTE**: at this point the signed binaries should have been copied to `staticiforme` -- [ ] Update `staticiforme.torproject.org`: - - From `screen` session on `staticiforme.torproject.org`: - - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` - - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-alpha.sh` - - [ ] Remove old release data from following places: - - **NOTE** : Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) - - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` - - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` - - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` + - `tbb_version`: tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) + - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) + - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script: + - [ ] Run: + ```bash + cd tor-browser-build/tools/signing/ && ./do-all-signing.torbrowser + ``` + - **NOTE**: on successful execution, the signed binaries and mars should have been copied to `staticiforme` and update responses pushed </details> @@ -242,6 +244,28 @@ popd <details> <summary>Publishing</summary> +### website +- [ ] On `staticiforme.torproject.org`, static update components: + - [ ] Run: + ```bash + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` +- [ ] Deploy `tor-website` MR +- [ ] Deploy `tor-blog` MR +- [ ] On `staticiforme.torproject.org`, enable update responses: + - [ ] Run: + ```bash + sudo -u tb-release ./deploy_update_responses-alpha.sh + ``` +- [ ] On `staticiforme.torproject.org`, remove old release: + - **NOTE**: Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) + - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` + - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` + - [ ] Run: + ```bash + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` + ### Google Play: https://play.google.com/apps/publish - [ ] Publish APKs to Google Play: - Select `Tor Browser (Alpha)` app @@ -256,46 +280,70 @@ popd - [ ] 100% rollout when publishing a security-driven release - [ ] Update rollout percentage to 100% after confirmed no major issues -### website: https://gitlab.torproject.org/tpo/web/tpo.git -- [ ] `databags/versions.ini` : Update the downloads versions - - `torbrowser-stable/version` : sort of a catch-all for latest stable version - - `torbrowser-alpha/version` : sort of a catch-all for latest stable version - - `torbrowser-*-stable/version` : platform-specific stable versions - - `torbrowser-*-alpha/version` : platform-specific alpha versions - - `tor-stable`,`tor-alpha` : set by tor devs, do not touch -- [ ] Push to origin as new branch, open 'Draft :' MR -- [ ] Remove `Draft:` from MR once signed-packages are accessible on https://dist.torproject.org -- [ ] Merge -- [ ] Publish after CI passes and builds are published - -### blog: https://gitlab.torproject.org/tpo/web/blog.git -- [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory) - - [ ] Note any ESR update - - [ ] Note any updates to dependencies (OpenSSL, zlib, NoScript, tor, etc) - - [ ] Thank any users which have contributed patches - - [ ] **(Optional)** Draft any additional sections for new features which need testing, known issues, etc -- [ ] Push to origin as new branch, open `Draft:` MR -- [ ] Merge once signed-packages are accessible on https://dist.torproject.org -- [ ] Publish after CI passes and website has been updated +</details> + +<details> + <summary>Communications</summary> ### tor-announce mailing list -- [ ] Email tor-announce mailing list: tor-announce(a)lists.torproject.org +- [ ] Email tor-announce mailing list + - **Recipients** + ``` + tor-announce(a)lists.torproject.org + ``` - **Subject** ``` - New Release: Tor Browser $(TOR_BROWSER_VERSION) (Android, Windows, macOS, Linux) + New Release: Tor Browser ${TOR_BROWSER_VERSION} (Android, Windows, macOS, Linux) ``` - **Body** ``` Hi everyone, - Tor Browser $(TOR_BROWSER_VERSION) has now been published for all platforms. For details please see our blog post: - - $(BLOG_POST_URL) + Tor Browser ${TOR_BROWSER_VERSION} has now been published for all platforms. For details please see our blog post: + - ${BLOG_POST_URL} Changelog: - # paste changleog as quote here + # paste changelog as quote here ``` +### packagers +- [ ] ***(Optional, only around build/packaging changes)*** Email packagers: + - **Recipients** + - Tails dev mailing list: tails-dev(a)boum.org + - Guardian Project: nathan(a)guardianproject.info + - FreeBSD port: freebsd(a)sysctl.cz  + - OpenBSD port: caspar(a)schutijser.com  + - torbrowser-launcher: mail(a)asciiwolf.com  + - Anti-Censorship: meskio(a)torproject.org  + ``` + tails-dev(a)boum.org nathan(a)guardianproject.info freebsd(a)sysctl.cz caspar(a)schutijser.com mail(a)asciiwolf.com meskio(a)torproject.org + ``` + - **Subject** + ``` + New Release: Tor Browser ${TOR_BROWSER_VERSION} (Android, Windows, macOS, Linux) + ``` + - [ ] Note any changes which may affect packaging/downstream integration + +### downstream projects +- [ ] ***(Optional, only after internal API-breaking changes)*** Email downstream project maintainers: + - **Recipients** + - selenium-tor: matzfan(a)tempr.email  + ``` + matzfan(a)tempr.email + ``` + - **Subject** + ``` + Breaking Changes in Tor Browser ${TOR_BROWSER_VERSION} + ``` + - [ ] Note any internal API changes which may affect browser automation + +### upstream services +- [ ] ***(Optional, after ESR migration)*** Email external partners: + - [ ] Cloudflare: ask-research(a)cloudflare.com + - **NOTE**: We need to provide them with updated user agent string so they can update their internal machinery to prevent Tor Browser users from getting so many CAPTCHAs + - [ ] Startpage: admin(a)startpage.com + - **NOTE**: Startpage also needs the updated user-agent string for better experience on their onion service sites. + </details> /label ~"Release Prep" - ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Legacy.md ===================================== @@ -0,0 +1,320 @@ +# Release Prep Tor Browser Legacy + +- **NOTE** It is assumed the `tor-browser` release rebase and security backport tasks have been completed + +<details> + <summary>Explanation of variables</summary> + +- `${BUILD_SERVER}`: the server the main builder is using to build a browser release +- `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER} + - **example**: `pierov` +- `${STAGING_SERVER}`: the server the signer is using to to run the signing process +- `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc + - **example**: `91.6.0` +- `${TOR_BROWSER_MAJOR}`: the Tor Browser major version + - **example**: `11` +- `${TOR_BROWSER_MINOR}`: the Tor Browser minor version + - **example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `${TOR_BROWSER_VERSION}`: the Tor Browser version in the format + - **example**: `12.5a3`, `12.0.3` +- `${BUILD_N}`: a project's build revision within a its branch; this is separate from the `${TOR_BROWSER_BUILD_N}` value; many of the Firefox-related projects have a `${BUILD_N}` suffix and may differ between projects even when they contribute to the same build. + - **example**: `build1` +- `${TOR_BROWSER_BUILD_N}`: the tor-browser build revision for a given Tor Browser release; used in tagging git commits + - **example**: `build2` + - **⚠️ WARNING**: A project's `${BUILD_N}` and `${TOR_BROWSER_BUILD_N}` may be the same, but it is possible for them to diverge. For example : + - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `${BUILD_N}` value will increase, while the `${TOR_BROWSER_BUILD_N}` value may stay at `build1` (but the `${TOR_BROWSER_VERSION}` will increase) + - if we have build failures unrelated to `tor-browser`, the `${TOR_BROWSER_BUILD_N}` value will increase while the `${BUILD_N}` will stay the same. +- `${TOR_BROWSER_VERSION}`: the published Tor Browser version + - **example**: `11.5a6`, `11.0.7` +- `${TBB_BUILD_TAG}`: the `tor-browser-build` build tag used to build a given Tor Browser version + - **example**: `tbb-12.5a7-build1` +- `${RELEASE_DATE}`: the intended release date of this browser release; for ESR schedule-driven releases, this should match the upstream Firefox release date + - **example**: `2024-10-29` + +</details> + +<details> + <summary>Build Configuration</summary> + +### tor-browser: https://gitlab.torproject.org/tpo/applications/tor-browser.git + +- [ ] Tag `tor-browser` in tor-browser.git + - **example**: `tor-browser-115.17.0esr-13.5-1-build1` + +### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git +Tor Browser Legacy is on the `maint-13.5` branch + +- [ ] Changelog bookkeeping: + - [ ] Ensure all commits to `tor-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue + - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels +- [ ] Create a release preparation branch from the `maint-13.5` branch +- [ ] Run release preparation script: + - **⚠️ WARNING**: You may need to manually update the `firefox/config` file's `browser_build` field if `tor-browser.git` has not yet been tagged (e.g. if security backports have not yet been merged and tagged) + ```bash + ./tools/relprep.py --tor-browser --date ${RELEASE_DATE} ${TOR_BROWSER_VERSION} + ``` +- [ ] Review build configuration changes: + - [ ] `rbm.conf` + - [ ] `var/torbrowser_version`: updated to next browser version + - [ ] `var/torbrowser_build`: updated to `${TOR_BROWSER_BUILD_N}` + - [ ] `var/browser_release_date`: updated to build date. For the build to be reproducible, the date should be in the past when building. + - **⚠️ WARNING**: If we have updated `var/torbrowser_build` without updating the `firefox`, then we can leave this unchanged to avoid forcing a firefox re-build (e.g. when bumping `var/torbrwoser_build` to build2, build3, etc due to non-firefox related build issues) + - [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from`: updated to previous Desktop version + - **NOTE**: We try to build incrementals for the previous 3 desktop versions + - **⚠️ WARNING**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail + - [ ] `projects/firefox/config` + - [ ] `browser_build`: updated to match `tor-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] ***(Optional)*** `projects/translation/config`: + - [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch + - [ ] `steps/tor-browser/git_hash`: updated with `HEAD` commit of project's `tor-browser` branch + - [ ] ***(Optional)*** `projects/browser/config`: + - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] ***(Optional)*** `projects/openssl/config`: https://www.openssl.org/source/ + - **NOTE**: Only if new LTS version (3.0.X currrently) available + - [ ] `version`: updated to next LTS version + - [ ] `input_files/sha256sum`: updated to sha256 sum of source tarball + - [ ] **(Optional)** `projects/zlib/config`: https://github.com/madler/zlib/releases + - **NOTE**: Only if new tag available + - [ ] `version`: updated to next release tag + - [ ] **(Optional)** `projects/zstd/config`: https://github.com/facebook/zstd/releases + - **NOTE**: Only if new tag available + - [ ] `version`: updated to next release tag + - [ ] `git_hash`: updated to the commit corresponding to the tag (we don't check signatures for Zstandard) + - [ ] **(Optional)** `projects/tor/config` https://gitlab.torproject.org/tpo/core/tor/-/tags + - [ ] `version`: updated to latest non `-alpha` tag or release tag if newer (ping **dgoulet** or **ahf** if unsure) + - [ ] **(Optional)** `projects/go/config` https://go.dev/dl + - [ ] `go_1_22`: updated to latest 1.22 version + - [ ] `input_files/sha256sum` for `go`: update sha256sum of archive (sha256 sums are displayed on the go download page) + - [ ] **(Optional)** `projects/manual/config` + - [ ] `version`: updated to latest pipeline id + - [ ] `input_files/shasum` for `manual`: updated to manual hash + - [ ] Upload the downloaded `manual_${PIPELINEID}.zip` file to `tb-build-02.torproject.org` + - [ ] Deploy to `tb-builder`'s `public_html` directory: + - [ ] Run: + ```bash + sudo -u tb-builder cp manual_${PIPELINEID}.zip ~tb-builder/public_html/. + ``` + - `sudo` documentation for TPO machines: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/doc/accounts#changingres… + - [ ] `ChangeLog-TBB.txt`: ensure correctness + - [ ] Browser name correct + - [ ] Release date correct + - [ ] No Android updates + - [ ] All issues added under correct platform + - [ ] ESR updates correct + - [ ] Component updates correct +- [ ] Open MR with above changes, using the template for release preparations + - **NOTE**: target the `maint-13.5` branch +- [ ] Merge +- [ ] Sign+Tag + - **NOTE** this must be done by one of: + - boklm + - dan + - ma1 + - morgan + - pierov + - [ ] Run: + ```bash + make torbrowser-signtag-release + ``` + - [ ] Push tag to `upstream` +- [ ] Build the tag: + - [ ] Run: + ```bash + make torbrowser-release && make torbrowser-incrementals-release + ``` + - [ ] Tor Project build machine + - [ ] Local developer machine + - [ ] Submit build request to Mullvad infrastructure: + - **NOTE** this requires a devmole authentication token + - **NOTE** this also requires you be connected to a Swedish Mulvad VPN exit + - [ ] Run: + ```bash + make torbrowser-kick-devmole-build + ``` + +</details> + +<details> + <summary>Website</summary> + + ### downloads: https://gitlab.torproject.org/tpo/web/tpo.git + - [ ] `databags/versions.ini`: Update the downloads versions + - `torbrowser-stable/version`: catch-all for latest stable version + - `torbrowser-alpha/version`: catch-all for latest alpha version + - `torbrowser-legacy/version`: catch-all for latest ESR-115 version + - `torbrowser-*-stable/version`: platform-specific stable versions + - `torbrowser-*-alpha/version`: platform-specific alpha versions + - `torbrowser-*-legacy/version`: platform-specific legacy versions + - `tor-stable`,`tor-alpha`: set by tor devs, do not touch + - [ ] Push to origin as new branch and create MR + - [ ] Review + - [ ] Merge + - **⚠️ WARNING**: Do not deploy yet! + +</details> + +<details> + <summary>Signing</summary> + +### release signing +- [ ] Assign this issue to the signer, one of: + - boklm + - ma1 + - morgan + - pierov +- [ ] Ensure all builders have matching builds +- [ ] On `${STAGING_SERVER}`, ensure updated: + - **NOTE** Having a local git branch with `maint-13.5` as the upstream branch with these values saved means you only need to periodically `git pull --rebase` and update the `set-config.tbb-version` file + - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N} && git checkout tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N}` + - [ ] `tor-browser-build/tools/signing/set-config.hosts` + - `ssh_host_builder`: ssh hostname of machine with unsigned builds + - `ssh_host_linux_signer`: ssh hostname of linux signing machine + - `builder_tor_browser_build_dir`: path on `ssh_host_builder` to root of builder's `tor-browser-build` clone containing unsigned builds + - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect` + - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos + - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` + - `tbb_version`: tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) + - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) + - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script: + - [ ] Run: + ```bash + cd tor-browser-build/tools/signing/ && ./do-all-signing.torbrowser + ``` + - **NOTE**: on successful execution, the signed binaries and mars should have been copied to `staticiforme` and update responses pushed + +</details> + +<details> + <summary>Signature verification</summary> + + <details> + <summary>Check whether the .exe files got properly signed and timestamped</summary> + +```bash +# Point OSSLSIGNCODE to your osslsigncode binary +pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION +OSSLSIGNCODE=/path/to/osslsigncode +../../../tools/authenticode_check.sh +popd +``` + + </details> + <details> + <summary>Check whether the MAR files got properly signed</summary> + +```bash +# Point NSSDB to your nssdb containing the mar signing certificate +# Point SIGNMAR to your signmar binary +# Point LD_LIBRARY_PATH to your mar-tools directory +pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION +NSSDB=/path/to/nssdb +SIGNMAR=/path/to/mar-tools/signmar +LD_LIBRARY_PATH=/path/to/mar-tools/ +../../../tools/marsigning_check.sh +popd +``` + + </details> +</details> + +<details> + <summary>Publishing</summary> + +### website +- [ ] On `staticiforme.torproject.org`, static update components: + - [ ] Run: + ```bash + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` +- [ ] Deploy `tor-website` MR +- [ ] On `staticiforme.torproject.org`, remove old release: + - **NOTE**: Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) + - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` + - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` + - [ ] Run: + ```bash + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` +- [ ] **(Optional)** Generate and deploy new update responses + - **NOTE**: This is only required if there will be no corresponding 14.0 release (i.e. this is an emergency legacy-only 13.5 release). Normally, legacy update responses are generated and deployed as part of the 14.0 release. + - **⚠️ WARNING**: This is a little bit off the beaten track, ping boklm or morgan if you have any doubts + - From the `maint-14.0` branch: + - [ ] Update `rbm.conf` + - [ ] `var/torbrowser_legacy_version`: update to `${TOR_BROWSER_VERSION}` + - **NOTE** this is the browser version for the legacy branch, not the 14.0 branch + - [ ] `var/torbrowser_legacy_platform_version`: update to `${ESR_VERSION}` + - **NOTE** this is ESR version for the legacy branch, not the 14.0 branch + - [ ] Generate update responses: + - [ ] Run: + ```bash + make torbrowser-update_responses-release + ``` + - On `staticiforme.torproject.org`, deploy new update responses: + - **NOTE**: for now this is a bit janky, we should somehow update the workflow to be a bit less hacky + - [ ] Edit an existing `deploy_update_responses-release.sh` script in your `HOME` directory with the newly pushed commit hash + - **example**: (hash: `d938943`) + ```bash + #!/bin/bash + set -e + + echo "Deploying version 14.0" + echo "update_responses_commit: d938943" + + cd "/srv/aus1-master.torproject.org/htdocs/torbrowser" + git fetch + changed_files="$(git diff --name-only HEAD d938943)" + if echo "$changed_files" | grep -qv "release" + then + echo >&2 "Error: checking out new update_response_commit will changes" + echo >&2 "some files outside of the release directory:" + echo "$changed_files" | grep -v "release" >&2 + echo >&2 "--" + echo >&2 "If this is really what you want to do, edit this script to" + echo >&2 "remove the line 'exit 1' and run it again." + echo >&2 "See tor-browser-build#41168 for more details." + exit 1 + fi + git checkout "d938943" + + static-update-component aus1.torproject.org + ``` + - [ ] Enable update responses: + ```bash + sudo -u tb-release ./deploy_update_responses-release.sh + ``` + +</details> + +<details> + <summary>Communications</summary> + +### tor-announce mailing list +- [ ] Email tor-announce mailing list + - **Recipients** + ``` + tor-announce(a)lists.torproject.org + ``` + - **Subject** + ``` + New Release: Tor Browser ${TOR_BROWSER_VERSION} (Windows, macOS) + ``` + - **Body** + ``` + Hi everyone, + + Tor Browser ${TOR_BROWSER_VERSION} has now been published for legacy Windows and macOS platforms. For details please see our blog post: + - ${BLOG_POST_URL} + + Changelog: + # paste changelog as quote here + ``` + +</details> + +/label ~"Release Prep" ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Stable.md ===================================== @@ -1,117 +1,120 @@ +# Release Prep Tor Browser Stable + +- **NOTE** It is assumed the `tor-browser` release rebase and security backport tasks have been completed +- **NOTE** This can/is often done in conjunction with the equivalent Mullvad Browser release prep issue + <details> <summary>Explanation of variables</summary> -- `$(BUILD_SERVER)` : the server the main builder is using to build a tor-browser release -- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER) - - **example** : `pierov` -- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process -- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc - - **example** : `91.6.0` -- `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version - - **example** : `11` -- `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version - - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` -- `$(TOR_BROWSER_VERSION)` : the Tor Browser version in the format - - **example** : `12.5a3`, `12.0.3` -- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(TOR_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build. - - **example** : `build1` -- `$(TOR_BROWSER_BUILD_N)` : the tor-browser build revision for a given Tor Browser release; used in tagging git commits - - **example** : `build2` - - **NOTE** : A project's `$(BUILD_N)` and `$(TOR_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example : - - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(TOR_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(TOR_BROWSER_VERSION)` will increase) - - if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same. -- `$(TOR_BROWSER_VERSION)` : the published Tor Browser version - - **example** : `11.5a6`, `11.0.7` -- `$(TBB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Tor Browser version - - **example** : `tbb-12.0.7-build1` -</details> +- `${BUILD_SERVER}`: the server the main builder is using to build a browser release +- `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER} + - **example**: `pierov` +- `${STAGING_SERVER}`: the server the signer is using to to run the signing process +- `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc + - **example**: `91.6.0` +- `${TOR_BROWSER_MAJOR}`: the Tor Browser major version + - **example**: `11` +- `${TOR_BROWSER_MINOR}`: the Tor Browser minor version + - **example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `${TOR_BROWSER_VERSION}`: the Tor Browser version in the format + - **example**: `12.5a3`, `12.0.3` +- `${BUILD_N}`: a project's build revision within a its branch; this is separate from the `${TOR_BROWSER_BUILD_N}` value; many of the Firefox-related projects have a `${BUILD_N}` suffix and may differ between projects even when they contribute to the same build. + - **example**: `build1` +- `${TOR_BROWSER_BUILD_N}`: the tor-browser build revision for a given Tor Browser release; used in tagging git commits + - **example**: `build2` + - **⚠️ WARNING**: A project's `${BUILD_N}` and `${TOR_BROWSER_BUILD_N}` may be the same, but it is possible for them to diverge. For example : + - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `${BUILD_N}` value will increase, while the `${TOR_BROWSER_BUILD_N}` value may stay at `build1` (but the `${TOR_BROWSER_VERSION}` will increase) + - if we have build failures unrelated to `tor-browser`, the `${TOR_BROWSER_BUILD_N}` value will increase while the `${BUILD_N}` will stay the same. +- `${TOR_BROWSER_VERSION}`: the published Tor Browser version + - **example**: `11.5a6`, `11.0.7` +- `${TBB_BUILD_TAG}`: the `tor-browser-build` build tag used to build a given Tor Browser version + - **example**: `tbb-12.5a7-build1` +- `${RELEASE_DATE}`: the intended release date of this browser release; for ESR schedule-driven releases, this should match the upstream Firefox release date + - **example**: `2024-10-29` -**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed -**NOTE** This can/is often done in conjunction with the equivalent Mullvad Browser release prep issue +</details> <details> - <summary>Building</summary> + <summary>Build Configuration</summary> + +### tor-browser: https://gitlab.torproject.org/tpo/applications/tor-browser.git + +- [ ] Tag `tor-browser` in tor-browser.git + - **example**: `tor-browser-128.4.0esr-14.0-1-build1` ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git -Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)` (and possibly more specific) branches. - -- [ ] Update `rbm.conf` - - [ ] `var/torbrowser_version` : update to next version - - [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)` - - [ ] `var/browser_release_date` : update to build date. For the build to be reproducible, the date should be in the past when building. - - [ ] `var/torbrowser_legacy_version` : update to next version in the legacy-13.5 branch - - [ ] `var/torbrowser_legacy_platform_version` : update to firefox platform version in the legacy-13.5 branch - - [ ] ***(Desktop Only)***`var/torbrowser_incremental_from` : update to previous Desktop version - - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update - - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail -- [ ] Update Desktop-specific build configs - - [ ] Update `projects/firefox/config` - - [ ] `browser_build` : update to match `tor-browser` tag - - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased -- [ ] Update Android-specific build configs - - [ ] Update `projects/geckoview/config` - - [ ] `browser_build` : update to match `tor-browser` tag - - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased - - [ ] ***(Optional)*** Update `projects/tor-android-service/config` - - [ ] `git_hash` : update with `HEAD` commit of project's `main` branch - - [ ] ***(Optional)*** Update `projects/application-services/config`: - **NOTE** we don't currently have any of our own patches for this project - - [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)` - - [ ] ***(Optional)*** Update `projects/firefox-android/config`: - - [ ] `fenix_version` : update to match stable `firefox-android` build tag - - [ ] `browser_branch` : update to match stable `firefox-android` build tag - - [ ] `browser_build` : update to match stable `firefox-android` build tag - variant: Beta -- [ ] Update `projects/translation/config`: - - [ ] run `make list_translation_updates-release` to get updated hashes - - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch - - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch - - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch -- [ ] Update common build configs - - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript - - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for OpenSSL updates here : https://www.openssl.org/source/ - - [ ] ***(Optional)*** If new 3.0.X version available, update `projects/openssl/config` - - [ ] `version` : update to next 3.0.X version - - [ ] `input_files/sha256sum` : update to sha256 sum of source tarball - - [ ] Check for zlib updates here: https://github.com/madler/zlib/releases - - [ ] **(Optional)** If new tag available, update `projects/zlib/config` - - [ ] `version` : update to next release tag - - [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags - - [ ] ***(Optional)*** Update `projects/tor/config` - - [ ] `version` : update to latest non `-alpha` tag (ping dgoulet or ahf if unsure) - - [ ] Check for go updates here : https://go.dev/dl - - **NOTE** : In general, Tor Browser Stable uses the latest of the *previous* Stable major series Go version, but there are sometimes exceptions. Check with the anti-censorship team before doing a major version update in case there is incompatibilities. - - [ ] ***(Optional)*** Update `projects/go/config` - - [ ] `version` : update go version - - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page) - - [ ] Check for manual updates by running (from `tor-browser-build` root): `./tools/fetch-manual.py` - - [ ] ***(Optional)*** If new version is available: - - [ ] Upload the downloaded `manual_$PIPELINEID.zip` file to `tb-build-02.torproject.org` - - [ ] Deploy to `tb-builder`'s `public_html` directory: - - `sudo -u tb-builder cp manual_$PIPELINEID.zip ~tb-builder/public_html/.` - - [ ] Update `projects/manual/config`: - - [ ] Change the `version` to `$PIPELINEID` - - [ ] Update `sha256sum` in the `input_files` section -- [ ] Update `ChangeLog-TBB.txt` - - [ ] Ensure `ChangeLog-TBB.txt` is sync'd between alpha and stable branches - - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones - - [ ] Run `./tools/fetch-changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs` - - Make sure you have `requests` installed (e.g., `apt install python3-requests`) - - The first time you run this script you will need to generate an access token; the script will guide you - - `$updateArgs` should be these arguments, depending on what you actually updated: - - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case) - - [ ] `--tor` - - [ ] `--no-script` - - [ ] `--openssl` - - [ ] `--zlib` - - [ ] `--go` - - E.g., `./tools/fetch-changelogs.py 41028 --date 'December 19 2023' --firefox 115.6.0esr --tor 0.4.8.10 --no-script 11.4.29 --zlib 1.3 --go 1.21.5 --openssl 3.0.12` - - `--date $date` is optional, if omitted it will be the date on which you run the command - - [ ] Copy the output of the script to the beginning of `ChangeLog-TBB.txt` and adjust its output +Tor Browser Stable is on the `maint-${TOR_BROWSER_MAJOR}.${TOR_BROWSER_MINOR}` branch + +- [ ] Changelog bookkeeping: + - [ ] Ensure all commits to `tor-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue + - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Android, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels +- [ ] Create a release preparation branch from the current `maint-XX.Y` branch +- [ ] Run release preparation script: + - **NOTE**: You can omit the `--tor-browser` argument if this is for a joint Tor and Mullvad Browser release + - **⚠️ WARNING**: You may need to manually update the `firefox/config` and `geckoview/config` files' `browser_build` field if `tor-browser.git` has not yet been tagged (e.g. if security backports have not yet been merged and tagged) + ```bash + ./tools/relprep.py --tor-browser --date ${RELEASE_DATE} ${TOR_BROWSER_VERSION} + ``` +- [ ] Review build configuration changes: + - [ ] `rbm.conf` + - [ ] `var/torbrowser_version`: updated to next browser version + - [ ] `var/torbrowser_build`: updated to `${TOR_BROWSER_BUILD_N}` + - [ ] `var/browser_release_date`: updated to build date. For the build to be reproducible, the date should be in the past when building. + - **⚠️ WARNING**: If we have updated `var/torbrowser_build` without updating the `firefox` or `geckoview` tags, then we can leave this unchanged to avoid forcing a firefox re-build (e.g. when bumping `var/torbrwoser_build` to build2, build3, etc due to non-firefox related build issues) + - [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from`: updated to previous Desktop version + - **NOTE**: We try to build incrementals for the previous 3 desktop versions + - **⚠️ WARNING**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail +- [ ] `projects/firefox/config` + - [ ] `browser_build`: updated to match `tor-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] `projects/geckoview/config` + - [ ] `browser_build`: updated to match `tor-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] ***(Optional)*** `projects/translation/config`: + - [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch + - [ ] `steps/tor-browser/git_hash`: updated with `HEAD` commit of project's `tor-browser` branch + - [ ] `steps/fenix/git_hash`: updated with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch + - [ ] ***(Optional)*** `projects/browser/config`: + - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] ***(Optional)*** `projects/openssl/config`: https://www.openssl.org/source/ + - **NOTE**: Only if new LTS version (3.0.X currrently) available + - [ ] `version`: updated to next LTS version + - [ ] `input_files/sha256sum`: updated to sha256 sum of source tarball + - [ ] **(Optional)** `projects/zlib/config`: https://github.com/madler/zlib/releases + - **NOTE**: Only if new tag available + - [ ] `version`: updated to next release tag + - [ ] **(Optional)** `projects/zstd/config`: https://github.com/facebook/zstd/releases + - **NOTE**: Only if new tag available; Android-only for now + - [ ] `version`: updated to next release tag + - [ ] `git_hash`: updated to the commit corresponding to the tag (we don't check signatures for Zstandard) + - [ ] **(Optional)** `projects/tor/config` https://gitlab.torproject.org/tpo/core/tor/-/tags + - [ ] `version`: updated to latest non `-alpha` tag or release tag if newer (ping **dgoulet** or **ahf** if unsure) + - [ ] **(Optional)** `projects/go/config` https://go.dev/dl + - **NOTE**: In general, Tor Browser Alpha uses the latest Stable major series Go version, but there are sometimes exceptions. Check with the anti-censorship team before doing a major version update in case there is incompatibilities. + - [ ] `version`: updated go version + - [ ] `input_files/sha256sum` for `go`: update sha256sum of archive (sha256 sums are displayed on the go download page) + - [ ] **(Optional)** `projects/manual/config` + - [ ] `version`: updated to latest pipeline id + - [ ] `input_files/shasum` for `manual`: updated to manual hash + - [ ] Upload the downloaded `manual_${PIPELINEID}.zip` file to `tb-build-02.torproject.org` + - [ ] Deploy to `tb-builder`'s `public_html` directory: + - [ ] Run: + ```bash + sudo -u tb-builder cp manual_${PIPELINEID}.zip ~tb-builder/public_html/. + ``` + - `sudo` documentation for TPO machines: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/doc/accounts#changingres… + - [ ] `ChangeLog-TBB.txt`: ensure correctness + - [ ] Browser name correct + - [ ] Release date correct + - [ ] No Android updates on a desktop-only release and vice-versa + - [ ] All issues added under correct platform + - [ ] ESR updates correct + - [ ] Component updates correct - [ ] Open MR with above changes, using the template for release preparations + - **NOTE**: target the `maint-14.0` branch - [ ] Merge - [ ] Sign+Tag - **NOTE** this must be done by one of: @@ -120,47 +123,53 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE - ma1 - morgan - pierov - - [ ] Run: `make torbrowser-signtag-release` + - [ ] Run: + ```bash + make torbrowser-signtag-release + ``` - [ ] Push tag to `upstream` - [ ] Build the tag: - - Run `make torbrowser-release && make torbrowser-incrementals-release` + - [ ] Run: + ```bash + make torbrowser-release && make torbrowser-incrementals-release + ``` - [ ] Tor Project build machine - [ ] Local developer machine - [ ] Submit build request to Mullvad infrastructure: - **NOTE** this requires a devmole authentication token - - Run `make torbrowser-kick-devmole-build` -- [ ] Ensure builders have matching builds + - **NOTE** this also requires you be connected to a Swedish Mulvad VPN exit + - [ ] Run: + ```bash + make torbrowser-kick-devmole-build + ``` </details> <details> - <summary>Communications</summary> - -### notify stakeholders -- [ ] **(Once builds confirmed matching)** Email tor-qa mailing list with release information - - [ ] tor-qa: tor-qa(a)lists.torproject.org - - **Subject** - ``` - Tor Browser $(TOR_BROWSER_VERION) (Android, Windows, macOS, Linux) - ``` - - **Body** - ``` - Hello, - - Unsigned Tor Browser $(TOR_BROWSER_VERSION) release candidate builds are now available for testing: - - - https://tb-build-02.torproject.org/~$(BUILDER)/builds/torbrowser/release/un… - - The full changelog can be found here: - - - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/$(TB… - ``` -- [ ] Email packagers: - - [ ] Tails dev mailing list: tails-dev(a)boum.org - - [ ] Guardian Project: nathan(a)guardianproject.info - - [ ] FreeBSD port: freebsd(a)sysctl.cz  - - [ ] OpenBSD port: caspar(a)schutijser.com  - - [ ] Note any changes which may affect packaging/downstream integration + <summary>Website</summary> + + ### downloads: https://gitlab.torproject.org/tpo/web/tpo.git + - [ ] `databags/versions.ini`: Update the downloads versions + - `torbrowser-stable/version`: catch-all for latest stable version + - `torbrowser-alpha/version`: catch-all for latest alpha version + - `torbrowser-legacy/version`: catch-all for latest ESR-115 version + - `torbrowser-*-stable/version`: platform-specific stable versions + - `torbrowser-*-alpha/version`: platform-specific alpha versions + - `torbrowser-*-legacy/version`: platform-specific legacy versions + - [ ] Push to origin as new branch and create MR + - [ ] Review + - [ ] Merge + - **⚠️ WARNING**: Do not deploy yet! + + ### blog: https://gitlab.torproject.org/tpo/web/blog.git + - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory) + - [ ] Note any ESR update + - [ ] Thank any users which have contributed patches + - [ ] **(Optional)** Draft any additional sections for new features which need testing, known issues, etc + - [ ] Push to origin as new branch and open MR + - [ ] Review + - [ ] Merge + - **⚠️ WARNING**: Do not deploy yet! </details> @@ -168,38 +177,37 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE <summary>Signing</summary> ### release signing -- **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long - [ ] Assign this issue to the signer, one of: - boklm + - ma1 - morgan -- [ ] On `$(STAGING_SERVER)`, ensure updated: - - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)` + - pierov +- [ ] Ensure all builders have matching builds +- [ ] Verify the associated legacy `maint-13.5` release has been signed and deployed + - **⚠️ WARNING**: Do not continue if the legacy channel has not been fully signed and published yet; it is needed for update-response generation! + - **NOTE** Stable releases without a corresponding legacy release may ignore this +- [ ] On `${STAGING_SERVER}`, ensure updated: + - **NOTE** Having a local git branch with `maint-14.0` as the upstream branch with these values saved means you only need to periodically `git pull --rebase` and update the `set-config.tbb-version` file + - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N} && git checkout tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N}` - [ ] `tor-browser-build/tools/signing/set-config.hosts` - - `ssh_host_builder` : ssh hostname of machine with unsigned builds - - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory) - - `ssh_host_linux_signer` : ssh hostname of linux signing machine + - `ssh_host_builder`: ssh hostname of machine with unsigned builds + - `ssh_host_linux_signer`: ssh hostname of linux signing machine + - `builder_tor_browser_build_dir`: path on `ssh_host_builder` to root of builder's `tor-browser-build` clone containing unsigned builds - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect` - - `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos + - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos - [ ] `set-config.update-responses` - - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git` + - `update_responses_repository_dir`: directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git` - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` - - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) - - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) - - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script: - - `cd tor-browser-build/tools/signing/` - - `./do-all-signing.torbrowser` -- **NOTE**: at this point the signed binaries should have been copied to `staticiforme` -- [ ] Update `staticiforme.torproject.org`: - - From `screen` session on `staticiforme.torproject.org`: - - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` - - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-release.sh` - - [ ] Remove old release data from following places: - - **NOTE** : Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) - - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` - - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` - - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` + - `tbb_version`: tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) + - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) + - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script: + - [ ] Run: + ```bash + cd tor-browser-build/tools/signing/ && ./do-all-signing.torbrowser + ``` + - **NOTE**: on successful execution, the signed binaries and mars should have been copied to `staticiforme` and update responses pushed </details> @@ -239,6 +247,28 @@ popd <details> <summary>Publishing</summary> +### website +- [ ] On `staticiforme.torproject.org`, static update components: + - [ ] Run: + ```bash + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` +- [ ] Deploy `tor-website` MR +- [ ] Deploy `tor-blog` MR +- [ ] On `staticiforme.torproject.org`, enable update responses: + - [ ] Run: + ```bash + sudo -u tb-release ./deploy_update_responses-release.sh + ``` +- [ ] On `staticiforme.torproject.org`, remove old release: + - **NOTE**: Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) + - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` + - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` + - [ ] Run: + ```bash + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` + ### Google Play: https://play.google.com/apps/publish - [ ] Publish APKs to Google Play: - Select `Tor Browser` app @@ -253,45 +283,59 @@ popd - [ ] 100% rollout when publishing a security-driven release - [ ] Update rollout percentage to 100% after confirmed no major issues -### website: https://gitlab.torproject.org/tpo/web/tpo.git -- [ ] `databags/versions.ini` : Update the downloads versions - - `torbrowser-stable/version` : sort of a catch-all for latest stable version - - `torbrowser-alpha/version` : sort of a catch-all for latest stable version - - `torbrowser-*-stable/version` : platform-specific stable versions - - `torbrowser-*-alpha/version` : platform-specific alpha versions - - `tor-stable`,`tor-alpha` : set by tor devs, do not touch -- [ ] Push to origin as new branch, open 'Draft :' MR -- [ ] Remove `Draft:` from MR once signed-packages are accessible on https://dist.torproject.org -- [ ] Merge -- [ ] Publish after CI passes and builds are published +</details> -### blog: https://gitlab.torproject.org/tpo/web/blog.git -- [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory) - - [ ] Note any ESR update - - [ ] Note any updates to dependencies (OpenSSL, zlib, NoScript, tor, etc) - - [ ] Thank any users which have contributed patches -- [ ] Push to origin as new branch, open `Draft:` MR -- [ ] Merge once signed-packages are accessible on https://dist.torproject.org -- [ ] Publish after CI passes and website has been updated +<details> + <summary>Communications</summary> ### tor-announce mailing list -- [ ] Email tor-announce mailing list: tor-announce(a)lists.torproject.org +- [ ] Email tor-announce mailing list + - **Recipients** + ``` + tor-announce(a)lists.torproject.org + ``` - **Subject** ``` - New Release: Tor Browser $(TOR_BROWSER_VERSION) (Android, Windows, macOS, Linux) + New Release: Tor Browser ${TOR_BROWSER_VERSION} (Android, Windows, macOS, Linux) ``` - **Body** ``` Hi everyone, - Tor Browser $(TOR_BROWSER_VERSION) has now been published for all platforms. For details please see our blog post: - - $(BLOG_POST_URL) + Tor Browser ${TOR_BROWSER_VERSION} has now been published for all platforms. For details please see our blog post: + - ${BLOG_POST_URL} Changelog: - # paste changleog as quote here + # paste changelog as quote here + ``` + +### packagers +- [ ] Email packagers: + - **Recipients** + - Tails dev mailing list: tails-dev(a)boum.org + - Guardian Project: nathan(a)guardianproject.info + - FreeBSD port: freebsd(a)sysctl.cz  + - OpenBSD port: caspar(a)schutijser.com  + - torbrowser-launcher: mail(a)asciiwolf.com  + - Anti-Censorship: meskio(a)torproject.org  ``` + tails-dev(a)boum.org nathan(a)guardianproject.info freebsd(a)sysctl.cz caspar(a)schutijser.com mail(a)asciiwolf.com meskio(a)torproject.org + ``` + - **Subject** + ``` + New Release: Tor Browser ${TOR_BROWSER_VERSION} (Android, Windows, macOS, Linux) + ``` + - **Body** + ``` + Hi everyone, + + Tor Browser ${TOR_BROWSER_VERSION} has now been published for all platforms. For details please see our blog post: + - ${BLOG_POST_URL} + Changelog: + # paste changelog as quote here + ``` + - [ ] Note any changes which may affect packaging/downstream integration </details> /label ~"Release Prep" - View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 19 commits: Update release prep issue templates
by morgan (＠morgan) 25 Oct '24

25 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 00f5ea36 by Morgan at 2024-10-23T21:02:54+00:00 Update release prep issue templates - - - - - 9d89e5ba by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates added note about tags and relprep.py interactions - - - - - 1739114b by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates added ⚠️ icons for warnings - - - - - d81f1a90 by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates fix some typos and add example for when to not update the var/browser_release_date param - - - - - b3b6863a by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates add note about joint tor/mullvad browser releases to relprep.py section - - - - - 2634d715 by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates add note for zstd being android-only - - - - - 95379b55 by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates add warning about addons.mozilla.org urls - - - - - 52778c09 by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates add clarification on openssl versions - - - - - cb4d86d0 by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates add sudo documentation link - - - - - 016d034c by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates add --date arg to relprep.py script invocation - - - - - 4cf18985 by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates add more ⚠️ WARNING to explanation of variables section - - - - - 2fe2103b by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates update notes on incrementals - - - - - 382609cc by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates further changelog checks - - - - - aabf4fdb by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates add explicit tor-browser-build release preparation step - - - - - cb3f93a5 by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates update set-config.hosts section to include builder_tor_browser_build_dir - - - - - b8196933 by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates removed update-responses specific steps from legacy - - - - - 181d513f by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates add verification step to tor browser stable to wait for legacy to be signed (for update response generation) - - - - - 474cdc87 by Morgan at 2024-10-23T21:02:54+00:00 fixup! Update release prep issue templates too much spacing in openssl entry - - - - - 434d85d5 by Morgan at 2024-10-23T21:56:43+00:00 fixup! Update release prep issue templates added directions for deploying 13.5 update responses when there is no corresponding 14.0 release - - - - - 5 changed files: - .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md - .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md - .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md - + .gitlab/issue_templates/Release Prep - Tor Browser Legacy.md - .gitlab/issue_templates/Release Prep - Tor Browser Stable.md Changes: ===================================== .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md ===================================== @@ -1,82 +1,89 @@ +- **NOTE** It is assumed the `mullvad-browser` alpha rebase and security backport tasks have been completed +- **NOTE** This can/is often done in conjunction with the equivalent Tor Browser release prep issue + <details> <summary>Explanation of variables</summary> -- `$(BUILD_SERVER)` : the server the main builder is using to build a mullvad-browser release -- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER) - - **example** : `pierov` -- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process -- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building mullvad-browser tags, labels, etc - - **example** : `91.6.0` -- `$(MULLVAD_BROWSER_MAJOR)` : the Mullvad Browser major version - - **example** : `11` -- `$(MULLVAD_BROWSER_MINOR)` : the Mullvad Browser minor version - - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` -- `$(MULLVAD_BROWSER_VERSION)` : the Mullvad Browser version in the format - - **example** : `12.5a3`, `12.0.3` -- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(MULLVAD_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build. - - **example** : `build1` -- `$(MULLVAD_BROWSER_BUILD_N)` : the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits - - **example** : `build2` - - **NOTE** : A project's `$(BUILD_N)` and `$(MULLVAD_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For **example** : - - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(MULLVAD_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(MULLVAD_BROWSER_VERSION)` will increase) - - if we have build failures unrelated to `mullvad-browser`, the `$(MULLVAD_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same. -- `$(MULLVAD_BROWSER_VERSION)` : the published Mullvad Browser version - - **example** : `11.5a6`, `11.0.7` -- `$(MB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Mullvad Browser version - - **example** : `mb-12.0.7-build1` -</details> - -**NOTE** It is assumed that the `tor-browser` alpha rebase and security backport tasks have been completed +- `${BUILD_SERVER}`: the server the main builder is using to build a browser release +- `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER} + - **example**: `pierov` +- `${STAGING_SERVER}`: the server the signer is using to to run the signing process +- `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc + - **example**: `91.6.0` +- `${MULLVAD_BROWSER_MAJOR}`: the Mullvad Browser major version + - **example**: `11` +- `${MULLVAD_BROWSER_MINOR}`: the Mullvad Browser minor version + - **example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `${MULLVAD_BROWSER_VERSION}`: the Mullvad Browser version in the format + - **example**: `12.5a3`, `12.0.3` +- `${BUILD_N}`: a project's build revision within a its branch; this is separate from the `${MULLVAD_BROWSER_BUILD_N}` value; many of the Firefox-related projects have a `${BUILD_N}` suffix and may differ between projects even when they contribute to the same build. + - **example**: `build1` +- `${MULLVAD_BROWSER_BUILD_N}`: the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits + - **example**: `build2` + - **⚠️ WARNING**: A project's `${BUILD_N}` and `${MULLVAD_BROWSER_BUILD_N}` may be the same, but it is possible for them to diverge. For **example** : + - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `${BUILD_N}` value will increase, while the `${MULLVAD_BROWSER_BUILD_N}` value may stay at `build1` (but the `${MULLVAD_BROWSER_VERSION}` will increase) + - if we have build failures unrelated to `mullvad-browser`, the `${MULLVAD_BROWSER_BUILD_N}` value will increase while the `${BUILD_N}` will stay the same. +- `${MULLVAD_BROWSER_VERSION}`: the published Mullvad Browser version + - **example**: `11.5a6`, `11.0.7` +- `${MB_BUILD_TAG}`: the `tor-browser-build` build tag used to build a given Mullvad Browser version + - **example**: `mb-12.0.7-build1` +- `${RELEASE_DATE}`: the intended release date of this browser release; for ESR schedule-driven releases, this should match the upstream Firefox release date + - **example**: `2024-10-29` -**NOTE** This can/is often done in conjunction with the equivalent Tor Browser release prep issue +</details> <details> - <summary>Building</summary> + <summary>Build Configuration</summary> ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git Mullvad Browser Alpha (and Nightly) are on the `main` branch -- [ ] Update `rbm.conf` - - [ ] `var/torbrowser_version` : update to next version - - [ ] `var/torbrowser_build` : update to `$(MULLVAD_BROWSER_BUILD_N)` - - [ ] `var/browser_release_date` : update to build date. For the build to be reproducible, the date should be in the past when building. - - [ ] `var/torbrowser_incremental_from` : update to previous Desktop version - - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update - - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make mullvadbrowser-incrementals-*` step will fail -- [ ] Update build configs - - [ ] Update `projects/firefox/config` - - [ ] `browser_build` : update to match `mullvad-browser` tag - - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased - - [ ] Update `projects/translation/config`: - - [ ] run `make list_translation_updates-alpha` to get updated hashes - - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch - - [ ] `steps/mullvad-browser/git_hash` : update with `HEAD` commit of project's `mullvad-browser` branch -- [ ] Update common build configs - - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript - - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for uBlock-origin updates here : https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ - - [ ] ***(Optional)*** If new version available, update `ublock-origin` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for Mullvad Browser Extension updates here : https://github.com/mullvad/browser-extension/releases - - [ ] ***(Optional)*** If new version available, update `mullvad-extension` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` -- [ ] Update `ChangeLog-MB.txt` - - [ ] Ensure `ChangeLog-MB.txt` is sync'd between alpha and stable branches - - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones - - [ ] Run `./tools/fetch_changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs` - - Make sure you have `requests` installed (e.g., `apt install python3-requests`) - - The first time you run this script you will need to generate an access token; the script will guide you - - `$updateArgs` should be these arguments, depending on what you actually updated: - - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case) - - [ ] `--no-script` - - [ ] `--ublock` - - E.g., `./tools/fetch_changelogs.py 41029 --date 'December 19 2023' --firefox 115.6.0esr --no-script 11.4.29 --ublock 1.54.0` - - `--date $date` is optional, if omitted it will be the date on which you run the command - - [ ] Copy the output of the script to the beginning of `ChangeLog-MB.txt` and adjust its output +- [ ] Tag `mullvad-browser` in mullvad-browser.git + - **example**: `mullvad-browser-128.3.0esr-14.0-1-build1` +- [ ] Changelog bookkeeping: + - [ ] Ensure all commits to `mullvad-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue + - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels +- [ ] Create a release preparation branch from the `main` branch +- [ ] Run release preparation script: + - **NOTE**: You can omit the `--mullvad-browser` argument if this is for a joint Tor and Mullvad Browser release + ```bash + ./tools/relprep.py --mullvad-browser --date ${RELEASE_DATE} ${MULLVAD_BROWSER_VERSION} + ``` + - **⚠️ WARNING**: You may need to manually update the `firefox/config` file's `browser_build` field if `mullvad-browser.git` has not yet been tagged (e.g. if security backports have not yet been merged and tagged) +- [ ] Review build configuration changes: + - [ ] `rbm.conf` + - [ ] `var/torbrowser_version`: updated to next browser version + - [ ] `var/torbrowser_build`: updated to `${MULLVAD_BROWSER_BUILD_N}` + - [ ] `var/browser_release_date`: updated to build date. For the build to be reproducible, the date should be in the past when building. + - **⚠️ WARNING**: If we have updated `var/torbrowser_build` without updating the `firefox` tag, then we can leave this unchanged to avoid forcing a firefox re-build (e.g. when bumping `var/torbrwoser_build` to build2, build3, etc due to non-firefox related build issues) + - [ ] `var/torbrowser_incremental_from`: updated to previous Desktop version + - **NOTE**: We try to build incrementals for the previous 3 desktop versions + - **⚠️ WARNING**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail + - [ ] `projects/firefox/config` + - [ ] `browser_build`: updated to match `mullvad-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] ***(Optional)*** `projects/translation/config`: + - [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch + - [ ] `steps/mullvad-browser/git_hash`: updated with `HEAD` commit of project's `mullvad-browser` branch + - [ ] ***(Optional)*** `projects/browser/config`: + - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] uBlock-origin: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] Mullvad Browser extension: https://github.com/mullvad/browser-extension/releases + - [ ] `URL` updated + - [ ] `sha256sum` updated + - [ ] `ChangeLog-MB.txt`: ensure correctness + - [ ] Browser name correct + - [ ] Release date correct + - [ ] No Android updates + - [ ] All issues added under correct platform + - [ ] ESR updates correct + - [ ] Component updates correct - [ ] Open MR with above changes, using the template for release preparations - [ ] Merge - [ ] Sign+Tag @@ -86,16 +93,25 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch - ma1 - morgan - pierov - - [ ] Run: `make mullvadbrowser-signtag-alpha` + - [ ] Run: + ``` + make mullvadbrowser-signtag-alpha + ``` - [ ] Push tag to `upstream` - [ ] Build the tag: - - Run `make mullvadbrowser-alpha && make mullvadbrowser-incrementals-alpha` on: + - [ ] Run: + ``` + make mullvadbrowser-alpha && make mullvadbrowser-incrementals-alpha + ``` - [ ] Tor Project build machine - [ ] Local developer machine - [ ] Submit build request to Mullvad infrastructure: - **NOTE** this requires a devmole authentication token - - Run `make mullvadbrowser-kick-devmole-build` -- [ ] Ensure builders have matching builds + - [ ] Run: + ``` + make mullvadbrowser-kick-devmole-build + ``` +- [ ] Ensure all builders have matching builds </details> @@ -105,64 +121,78 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch ### release signing - [ ] Assign this issue to the signer, one of: - boklm + - ma1 - morgan -- [ ] On `$(STAGING_SERVER)`, ensure updated: - - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N) && git checkout tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N)` + - pierov +- [ ] Ensure all builders have matching builds +- [ ] On `${STAGING_SERVER}`, ensure updated: + - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-${MULLVAD_BROWSER_VERSION}-${MULLVAD_BROWSER_BUILD_N} && git checkout tbb-${MULLVAD_BROWSER_VERSION}-${MULLVAD_BROWSER_BUILD_N}` - [ ] `tor-browser-build/tools/signing/set-config.hosts` - - `ssh_host_builder` : ssh hostname of machine with unsigned builds - - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory) - - `ssh_host_linux_signer` : ssh hostname of linux signing machine + - `ssh_host_builder`: ssh hostname of machine with unsigned builds + - `ssh_host_linux_signer`: ssh hostname of linux signing machine + - `builder_tor_browser_build_dir`: path on `ssh_host_builder` to root of builder's `tor-browser-build` clone containing unsigned builds - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect` - - `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos + - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos - [ ] `set-config.update-responses` - - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git` + - `update_responses_repository_dir`: directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git` - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` - - `tbb_version` : mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) - - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) - - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script: - - `cd tor-browser-build/tools/signing/` - - `./do-all-signing.mullvadbrowser` -- **NOTE**: at this point the signed binaries should have been copied to `staticiforme` -- [ ] Update `staticiforme.torproject.org`: - - From `screen` session on `staticiforme.torproject.org`: - - [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser` - - [ ] Static update components (again) : `static-update-component dist.torproject.org` + - `tbb_version`: mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) + - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) + - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script: + - [ ] Run: + ``` + cd tor-browser-build/tools/signing/ && ./do-all-signing.mullvadbrowser + ``` + - **NOTE**: on successful execution, the signed binaries and mars should have been copied to `staticiforme` and update responses pushed </details> <details> <summary>Publishing</summary> +### website +- [ ] On `staticiforme.torproject.org`, remove old release and publish new: + - [ ] `/srv/dist-master.torproject.org/htdocs/mullvadbrowser` + - [ ] Run: + ``` + static-update-component dist.torproject.org + ``` + ### mullvad-browser (GitHub): https://github.com/mullvad/mullvad-browser/ - [ ] Assign this issue to someone with mullvad commit access, one of: - boklm - ma1 - morgan - pierov +- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build: + - **Tag**: `${MULLVAD_BROWSER_VERSION}` + - **example**: `12.5a7` + - **Message**: `${ESR_VERSION}esr-based ${MULLVAD_BROWSER_VERSION}` + - **example**: `102.12.0esr-based 12.5a7` - [ ] Push this release's associated `mullvad-browser.git` branch to github - [ ] Push this release's associated tags to github: - [ ] Firefox ESR tag - - **example** : `FIREFOX_102_12_0esr_BUILD1` + - **example**: `FIREFOX_102_12_0esr_BUILD1` - [ ] `base-browser` tag - - **example** : `base-browser-102.12.0esr-12.0-1-build1` - - [ ] `mullvad-browser` tag - - **example** : `mullvad-browser-102.12.0esr-12.0-1-build1` -- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build: - - **Tag**: `$(MULLVAD_BROWSER_VERSION)` - - **example** : `12.5a7` - - **Message**: `$(ESR_VERSION)esr-based $(MULLVAD_BROWSER_VERSION)` - - **example** : `102.12.0esr-based 12.5a7` - - [ ] Push tag to github - -### email -- [ ] **(Once branch+tags pushed to GitHub)** Email Mullvad with release information: - - [ ] support alias: support(a)mullvadvpn.net - - [ ] Rui: rui(a)mullvad.net + - **example**: `base-browser-102.12.0esr-12.0-1-build1` + - [ ] `mullvad-browser` build tag + - **example**: `mullvad-browser-102.12.0esr-12.0-1-build1` + - [ ] `mullvad-browser` release tag + - **example**: `12.0.11` + +### Mullvad +- [ ] Email Mullvad with release information: + - **Recipients** + - Mullvad support alias: support(a)mullvadvpn.net + - Rui Hildt: rui(a)mullvad.net + ``` + support(a)mullvadvpn.net rui(a)mullvad.net + ``` - **Subject** ``` - New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (signed) + New build: Mullvad Browser ${MULLVAD_BROWSER_VERION} (signed) ``` - **Body** ``` @@ -170,28 +200,34 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch Branch+Tags have been pushed to Mullvad's GitHub repo. - - signed builds: https://dist.torproject.org/mullvadbrowser/$(MULLVAD_BROWSER_VERSION) - - update_response hashes: $(MULLVAD_UPDATE_RESPONSES_HASH) + - signed builds: https://dist.torproject.org/mullvadbrowser/${MULLVAD_BROWSER_VERSION} + - update_response hashes: ${MULLVAD_UPDATE_RESPONSES_HASH} changelog: + # paste changelog as quote here ... ``` </details> <details> - <summary>Downstream</summary> + <summary>Packaging</summary> -### notify packagers -These steps depend on Mullvad having updated their [GitHub Releases](https://github.com/mullvad/mullvad-browser/releases/) page with the latest release -- [ ] **(Optional)** Email downstream consumers: + + +### packagers +- [ ] **(Optional, Once Packages are pushed to GitHub)** - **NOTE**: This is an optional step and only necessary close a major release/transition from alpha to stable, or if there are major packing changes these developers need to be aware of - - [ ] flathub package maintainer: proletarius101(a)protonmail.com - - [ ] arch package maintainer: bootctl(a)gmail.com - - [ ] nixOS package maintainer: dev(a)felschr.com + - **Recipients** + - flathub package maintainer: proletarius101(a)protonmail.com + - arch package maintainer: bootctl(a)gmail.com + - nixOS package maintainer: dev(a)felschr.com + ``` + proletarius101(a)protonmail.com bootctl(a)gmail.com dev(a)felschr.com + ``` - **Subject** ``` - Mullvad Browser $(MULLVAD_BROWSER_VERSION) released + Mullvad Browser ${MULLVAD_BROWSER_VERSION} released ``` - **Body** ``` @@ -208,4 +244,3 @@ These steps depend on Mullvad having updated their [GitHub Releases](https://git /label ~"Release Prep" /label ~"Sponsor 131" - ===================================== .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md ===================================== @@ -1,82 +1,89 @@ +- **NOTE** It is assumed the `mullvad-browser` release rebase and security backport tasks have been completed +- **NOTE** This can/is often done in conjunction with the equivalent Tor Browser release prep issue + <details> <summary>Explanation of variables</summary> -- `$(BUILD_SERVER)` : the server the main builder is using to build a mullvad-browser release -- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER) - - **example** : `pierov` -- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process -- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building mullvad-browser tags, labels, etc - - **example** : `91.6.0` -- `$(MULLVAD_BROWSER_MAJOR)` : the Mullvad Browser major version - - **example** : `11` -- `$(MULLVAD_BROWSER_MINOR)` : the Mullvad Browser minor version - - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` -- `$(MULLVAD_BROWSER_VERSION)` : the Mullvad Browser version in the format - - **example** : `12.5a3`, `12.0.3` -- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(MULLVAD_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build. - - **example** : `build1` -- `$(MULLVAD_BROWSER_BUILD_N)` : the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits - - **example** : `build2` - - **NOTE** : A project's `$(BUILD_N)` and `$(MULLVAD_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For **example** : - - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(MULLVAD_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(MULLVAD_BROWSER_VERSION)` will increase) - - if we have build failures unrelated to `mullvad-browser`, the `$(MULLVAD_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same. -- `$(MULLVAD_BROWSER_VERSION)` : the published Mullvad Browser version - - **example** : `11.5a6`, `11.0.7` -- `$(MB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Mullvad Browser version - - **example** : `mb-12.0.7-build1` -</details> - -**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed +- `${BUILD_SERVER}`: the server the main builder is using to build a browser release +- `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER} + - **example**: `pierov` +- `${STAGING_SERVER}`: the server the signer is using to to run the signing process +- `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc + - **example**: `91.6.0` +- `${MULLVAD_BROWSER_MAJOR}`: the Mullvad Browser major version + - **example**: `11` +- `${MULLVAD_BROWSER_MINOR}`: the Mullvad Browser minor version + - **example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `${MULLVAD_BROWSER_VERSION}`: the Mullvad Browser version in the format + - **example**: `12.5a3`, `12.0.3` +- `${BUILD_N}`: a project's build revision within a its branch; this is separate from the `${MULLVAD_BROWSER_BUILD_N}` value; many of the Firefox-related projects have a `${BUILD_N}` suffix and may differ between projects even when they contribute to the same build. + - **example**: `build1` +- `${MULLVAD_BROWSER_BUILD_N}`: the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits + - **example**: `build2` + - **⚠️ WARNING**: A project's `${BUILD_N}` and `${MULLVAD_BROWSER_BUILD_N}` may be the same, but it is possible for them to diverge. For **example** : + - if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `${BUILD_N}` value will increase, while the `${MULLVAD_BROWSER_BUILD_N}` value may stay at `build1` (but the `${MULLVAD_BROWSER_VERSION}` will increase) + - if we have build failures unrelated to `mullvad-browser`, the `${MULLVAD_BROWSER_BUILD_N}` value will increase while the `${BUILD_N}` will stay the same. +- `${MULLVAD_BROWSER_VERSION}`: the published Mullvad Browser version + - **example**: `11.5a6`, `11.0.7` +- `${MB_BUILD_TAG}`: the `tor-browser-build` build tag used to build a given Mullvad Browser version + - **example**: `mb-12.0.7-build1` +- `${RELEASE_DATE}`: the intended release date of this browser release; for ESR schedule-driven releases, this should match the upstream Firefox release date + - **example**: `2024-10-29` -**NOTE** This can/is often done in conjunction with the equivalent Tor Browser release prep issue +</details> <details> - <summary>Building</summary> + <summary>Build Configuration</summary> ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git -Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MULLVAD_BROWSER_MINOR)` (and possibly more specific) branches - -- [ ] Update `rbm.conf` - - [ ] `var/torbrowser_version` : update to next version - - [ ] `var/torbrowser_build` : update to `$(MULLVAD_BROWSER_BUILD_N)` - - [ ] `var/browser_release_date` : update to build date. For the build to be reproducible, the date should be in the past when building. - - [ ] `var/torbrowser_incremental_from` : update to previous Desktop version - - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update - - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make mullvadbrowser-incrementals-*` step will fail -- [ ] Update build configs - - [ ] Update `projects/firefox/config` - - [ ] `browser_build` : update to match `mullvad-browser` tag - - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased - - [ ] Update `projects/translation/config`: - - [ ] run `make list_translation_updates-release` to get updated hashes - - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch - - [ ] `steps/mullvad-browser/git_hash` : update with `HEAD` commit of project's `mullvad-browser` branch -- [ ] Update common build configs - - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript - - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for uBlock-origin updates here : https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ - - [ ] ***(Optional)*** If new version available, update `ublock-origin` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for Mullvad Browser Extension updates here : https://github.com/mullvad/browser-extension/releases - - [ ] ***(Optional)*** If new version available, update `mullvad-extension` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` -- [ ] Update `ChangeLog-MB.txt` - - [ ] Ensure `ChangeLog-MB.txt` is sync'd between alpha and stable branches - - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones - - [ ] Run `./tools/fetch-changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs` - - Make sure you have `requests` installed (e.g., `apt install python3-requests`) - - The first time you run this script you will need to generate an access token; the script will guide you - - `$updateArgs` should be these arguments, depending on what you actually updated: - - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case) - - [ ] `--no-script` - - [ ] `--ublock` - - E.g., `./tools/fetch-changelogs.py 41029 --date 'December 19 2023' --firefox 115.6.0esr --no-script 11.4.29 --ublock 1.54.0` - - `--date $date` is optional, if omitted it will be the date on which you run the command - - [ ] Copy the output of the script to the beginning of `ChangeLog-MB.txt` and adjust its output +Mullvad Browser Release are on the `maint-${MULLVAD_BROWSER_MAJOR}.${MULLVAD_BROWSER_MINOR}` branch + +- [ ] Tag `mullvad-browser` in mullvad-browser.git + - **example**: `mullvad-browser-128.3.0esr-14.0-1-build1` +- [ ] Changelog bookkeeping: + - [ ] Ensure all commits to `mullvad-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue + - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels +- [ ] Create a release preparation branch from the current `maint-XX.Y` branch +- [ ] Run release preparation script: + - **NOTE**: You can omit the `--mullvad-browser` argument if this is for a joint Tor and Mullvad Browser release + ```bash + ./tools/relprep.py --mullvad-browser --date ${RELEASE_DATE} ${MULLVAD_BROWSER_VERSION} + ``` + - **⚠️ WARNING**: You may need to manually update the `firefox/config` file's `browser_build` field if `mullvad-browser.git` has not yet been tagged (e.g. if security backports have not yet been merged and tagged) +- [ ] Review build configuration changes: + - [ ] `rbm.conf` + - [ ] `var/torbrowser_version`: updated to next browser version + - [ ] `var/torbrowser_build`: updated to `${MULLVAD_BROWSER_BUILD_N}` + - [ ] `var/browser_release_date`: updated to build date. For the build to be reproducible, the date should be in the past when building. + - **⚠️ WARNING**: If we have updated `var/torbrowser_build` without updating the `firefox` tag, then we can leave this unchanged to avoid forcing a firefox re-build (e.g. when bumping `var/torbrwoser_build` to build2, build3, etc due to non-firefox related build issues) + - [ ] `var/torbrowser_incremental_from`: updated to previous Desktop version + - **NOTE**: We try to build incrementals for the previous 3 desktop versions + - **⚠️ WARNING**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail + - [ ] `projects/firefox/config` + - [ ] `browser_build`: updated to match `mullvad-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] ***(Optional)*** `projects/translation/config`: + - [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch + - [ ] `steps/mullvad-browser/git_hash`: updated with `HEAD` commit of project's `mullvad-browser` branch + - [ ] ***(Optional)*** `projects/browser/config`: + - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] uBlock-origin: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] Mullvad Browser extension: https://github.com/mullvad/browser-extension/releases + - [ ] `URL` updated + - [ ] `sha256sum` updated + - [ ] `ChangeLog-MB.txt`: ensure correctness + - [ ] Browser name correct + - [ ] Release date correct + - [ ] No Android updates + - [ ] All issues added under correct platform + - [ ] ESR updates correct + - [ ] Component updates correct - [ ] Open MR with above changes, using the template for release preparations - [ ] Merge - [ ] Sign+Tag @@ -86,16 +93,24 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU - ma1 - morgan - pierov - - [ ] Run: `make mullvadbrowser-signtag-release` + - [ ] Run: + ``` + make mullvadbrowser-signtag-release + ``` - [ ] Push tag to `upstream` - [ ] Build the tag: - - Run `make mullvadbrowser-release && make mullvadbrowser-incrementals-release` + - [ ] Run: + ``` + make mullvadbrowser-release && make mullvadbrowser-incrementals-release + ``` - [ ] Tor Project build machine - [ ] Local developer machine - [ ] Submit build request to Mullvad infrastructure: - **NOTE** this requires a devmole authentication token - - Run `make mullvadbrowser-kick-devmole-build` -- [ ] Ensure builders have matching builds + - [ ] Run: + ``` + make mullvadbrowser-kick-devmole-build + ``` </details> @@ -105,64 +120,79 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU ### release signing - [ ] Assign this issue to the signer, one of: - boklm + - ma1 - morgan -- [ ] On `$(STAGING_SERVER)`, ensure updated: - - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N) && git checkout tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N)` - - [ ] `tor-browser-build/tools/signing/set-config.hosts` - - `ssh_host_builder` : ssh hostname of machine with unsigned builds - - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory) - - `ssh_host_linux_signer` : ssh hostname of linux signing machine + - pierov +- [ ] Ensure all builders have matching builds +- [ ] On `${STAGING_SERVER}`, ensure updated: + - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-${MULLVAD_BROWSER_VERSION}-${MULLVAD_BROWSER_BUILD_N} && git checkout tbb-${MULLVAD_BROWSER_VERSION}-${MULLVAD_BROWSER_BUILD_N}` + - [ ] `tor-browser-build/tools/signing/set-config.hosts` + - `ssh_host_builder`: ssh hostname of machine with unsigned builds + - `ssh_host_linux_signer`: ssh hostname of linux signing machine + - `builder_tor_browser_build_dir`: path on `ssh_host_builder` to root of builder's `tor-browser-build` clone containing unsigned builds - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect` - - `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos + - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos - [ ] `set-config.update-responses` - - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git` + - `update_responses_repository_dir`: directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git` - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` - - `tbb_version` : mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) - - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) - - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script: - - `cd tor-browser-build/tools/signing/` - - `./do-all-signing.mullvadbrowser` -- **NOTE**: at this point the signed binaries should have been copied to `staticiforme` -- [ ] Update `staticiforme.torproject.org`: - - From `screen` session on `staticiforme.torproject.org`: - - [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser` - - [ ] Static update components (again) : `static-update-component dist.torproject.org` + - `tbb_version`: mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) + - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) + - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script: + - [ ] Run: + ``` + cd tor-browser-build/tools/signing/ && ./do-all-signing.mullvadbrowser + ``` + - **NOTE**: on successful execution, the signed binaries and mars should have been copied to `staticiforme` and update responses pushed </details> <details> <summary>Publishing</summary> +### website +- [ ] On `staticiforme.torproject.org`, remove old release and publish new: + - [ ] `/srv/dist-master.torproject.org/htdocs/mullvadbrowser` + - [ ] Run: + ``` + static-update-component dist.torproject.org + ``` + ### mullvad-browser (GitHub): https://github.com/mullvad/mullvad-browser/ - [ ] Assign this issue to someone with mullvad commit access, one of: - boklm - ma1 - morgan - pierov +- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build: + - **Tag**: `${MULLVAD_BROWSER_VERSION}` + - **example**: `12.5a7` + - **Message**: `${ESR_VERSION}esr-based ${MULLVAD_BROWSER_VERSION}` + - **example**: `102.12.0esr-based 12.5a7` - [ ] Push this release's associated `mullvad-browser.git` branch to github - [ ] Push this release's associated tags to github: - [ ] Firefox ESR tag - - **example** : `FIREFOX_102_12_0esr_BUILD1` + - **example**: `FIREFOX_102_12_0esr_BUILD1` - [ ] `base-browser` tag - - **example** : `base-browser-102.12.0esr-12.0-1-build1` - - [ ] `mullvad-browser` tag - - **example** : `mullvad-browser-102.12.0esr-12.0-1-build1` -- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build: - - **Tag**: `$(MULLVAD_BROWSER_VERSION)` - - **example** : `12.0.7` - - **Message**: `$(ESR_VERSION)esr-based $(MULLVAD_BROWSER_VERSION)` - - **example** : `102.12.0esr-based 12.0.7` - - [ ] Push tag to github - -### email -- [ ] **(Once branch+tags pushed to GitHub)** Email Mullvad with release information: - - [ ] support alias: support(a)mullvadvpn.net - - [ ] Rui: rui(a)mullvad.net + - **example**: `base-browser-102.12.0esr-12.0-1-build1` + - [ ] `mullvad-browser` build tag + - **example**: `mullvad-browser-102.12.0esr-12.0-1-build1` + - [ ] `mullvad-browser` release tag + - **example**: `12.0.11` + + +### Mullvad +- [ ] Email Mullvad with release information: + - **Recipients** + - Mullvad support alias: support(a)mullvadvpn.net + - Rui Hildt: rui(a)mullvad.net + ``` + support(a)mullvadvpn.net rui(a)mullvad.net + ``` - **Subject** ``` - New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (signed) + New build: Mullvad Browser ${MULLVAD_BROWSER_VERION} (signed) ``` - **Body** ``` @@ -170,27 +200,31 @@ Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MU Branch+Tags have been pushed to Mullvad's GitHub repo. - - signed builds: https://dist.torproject.org/mullvadbrowser/$(MULLVAD_BROWSER_VERSION) - - update_response hashes: $(MULLVAD_UPDATE_RESPONSES_HASH) + - signed builds: https://dist.torproject.org/mullvadbrowser/${MULLVAD_BROWSER_VERSION} + - update_response hashes: ${MULLVAD_UPDATE_RESPONSES_HASH} changelog: + # paste changelog as quote here ... ``` </details> <details> - <summary>Downstream</summary> - -### notify packagers -These steps depend on Mullvad having updated their [GitHub Releases](https://github.com/mullvad/mullvad-browser/releases/) page with the latest release -- [ ] Email downstream consumers: - - [ ] flathub package maintainer: proletarius101(a)protonmail.com - - [ ] arch package maintainer: bootctl(a)gmail.com - - [ ] nixOS package maintainer: dev(a)felschr.com + <summary>Packaging</summary> + +### packagers +- [ ] **(Once Packages are pushed to GitHub)** + - **Recipients** + - flathub package maintainer: proletarius101(a)protonmail.com + - arch package maintainer: bootctl(a)gmail.com + - nixOS package maintainer: dev(a)felschr.com + ``` + proletarius101(a)protonmail.com bootctl(a)gmail.com dev(a)felschr.com + ``` - **Subject** ``` - Mullvad Browser $(MULLVAD_BROWSER_VERSION) released + Mullvad Browser ${MULLVAD_BROWSER_VERSION} released ``` - **Body** ``` @@ -204,11 +238,12 @@ These steps depend on Mullvad having updated their [GitHub Releases](https://git ``` ### merge requests -- [ ] homebrew: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/m/mullvad-brows… - - **NOTE**: should just need to update `version` and `sha256` to latest +- [ ] **(Once Packages are pushed to GitHub)** + - [ ] homebrew: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/m/mullvad-brows… + - **NOTE**: a bot seems to pick this up without needing our intervention these days + - **NOTE**: should just need to update `version` and `sha256` to latest </details> /label ~"Release Prep" -/label ~"Sponsor 131" - +/label ~"Sponsor 131" ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md ===================================== @@ -1,111 +1,113 @@ +- **NOTE** It is assumed the `tor-browser` alpha rebase and security backport tasks have been completed +- **NOTE** This can/is often done in conjunction with the equivalent Mullvad Browser release prep issue + <details> <summary>Explanation of variables</summary> -- `$(BUILD_SERVER)` : the server the main builder is using to build a tor-browser release -- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER) - - **example** : `pierov` -- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process -- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc - - **example** : `91.6.0` -- `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version - - **example** : `11` -- `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version - - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` -- `$(TOR_BROWSER_VERSION)` : the Tor Browser version in the format - - **example** : `12.5a3`, `12.0.3` -- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(TOR_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build. - - **example** : `build1` -- `$(TOR_BROWSER_BUILD_N)` : the tor-browser build revision for a given Tor Browser release; used in tagging git commits - - **example** : `build2` - - **NOTE** : A project's `$(BUILD_N)` and `$(TOR_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example : - - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(TOR_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(TOR_BROWSER_VERSION)` will increase) - - if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same. -- `$(TOR_BROWSER_VERSION)` : the published Tor Browser version - - **example** : `11.5a6`, `11.0.7` -- `$(TBB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Tor Browser version - - **example** : `tbb-12.5a7-build1` -</details> +- `${BUILD_SERVER}`: the server the main builder is using to build a browser release +- `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER} + - **example**: `pierov` +- `${STAGING_SERVER}`: the server the signer is using to to run the signing process +- `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc + - **example**: `91.6.0` +- `${TOR_BROWSER_MAJOR}`: the Tor Browser major version + - **example**: `11` +- `${TOR_BROWSER_MINOR}`: the Tor Browser minor version + - **example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `${TOR_BROWSER_VERSION}`: the Tor Browser version in the format + - **example**: `12.5a3`, `12.0.3` +- `${BUILD_N}`: a project's build revision within a its branch; this is separate from the `${TOR_BROWSER_BUILD_N}` value; many of the Firefox-related projects have a `${BUILD_N}` suffix and may differ between projects even when they contribute to the same build. + - **example**: `build1` +- `${TOR_BROWSER_BUILD_N}`: the tor-browser build revision for a given Tor Browser release; used in tagging git commits + - **example**: `build2` + - **⚠️ WARNING**: A project's `${BUILD_N}` and `${TOR_BROWSER_BUILD_N}` may be the same, but it is possible for them to diverge. For example : + - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `${BUILD_N}` value will increase, while the `${TOR_BROWSER_BUILD_N}` value may stay at `build1` (but the `${TOR_BROWSER_VERSION}` will increase) + - if we have build failures unrelated to `tor-browser`, the `${TOR_BROWSER_BUILD_N}` value will increase while the `${BUILD_N}` will stay the same. +- `${TOR_BROWSER_VERSION}`: the published Tor Browser version + - **example**: `11.5a6`, `11.0.7` +- `${TBB_BUILD_TAG}`: the `tor-browser-build` build tag used to build a given Tor Browser version + - **example**: `tbb-12.5a7-build1` +- `${RELEASE_DATE}`: the intended release date of this browser release; for ESR schedule-driven releases, this should match the upstream Firefox release date + - **example**: `2024-10-29` -**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed -**NOTE** This can/is often done in conjunction with the equivalent Mullvad Browser release prep issue +</details> <details> - <summary>Building</summary> + <summary>Build Configuration</summary> ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git Tor Browser Alpha (and Nightly) are on the `main` branch -- [ ] Update `rbm.conf` - - [ ] `var/torbrowser_version` : update to next version - - [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)` - - [ ] `var/browser_release_date` : update to build date. For the build to be reproducible, the date should be in the past when building. - - [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from` : update to previous Desktop version - - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update - - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail -- [ ] Update Desktop-specific build configs - - [ ] Update `projects/firefox/config` - - [ ] `browser_build` : update to match `tor-browser` tag - - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased -- [ ] Update Android-specific build configs - - [ ] Update `projects/geckoview/config` - - [ ] `browser_build` : update to match `tor-browser` tag - - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased - - [ ] ***(Optional)*** Update `projects/application-services/config`: - **NOTE** we don't currently have any of our own patches for this project - - [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)` -- [ ] Update `projects/translation/config`: - - [ ] run `make list_translation_updates-alpha` to get updated hashes - - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch - - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch - - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch -- [ ] Update common build configs - - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript - - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for OpenSSL updates here : https://www.openssl.org/source/ - - [ ] ***(Optional)*** If new 3.0.X version available, update `projects/openssl/config` - - [ ] `version` : update to next 3.0.X version - - [ ] `input_files/sha256sum` : update to sha256 sum of source tarball - - [ ] Check for zlib updates here: https://github.com/madler/zlib/releases - - [ ] **(Optional)** If new tag available, update `projects/zlib/config` - - [ ] `version` : update to next release tag - - [ ] Check for Zstandard updates here: https://github.com/facebook/zstd/releases - - [ ] **(Optional)** If new tag available, update `projects/zstd/config` - - [ ] `version` : update to next release tag - - [ ] `git_hash`: update to the commit corresponding to the tag (we don't check signatures for Zstandard) - - [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags - - [ ] ***(Optional)*** Update `projects/tor/config` - - [ ] `version` : update to latest `-alpha` tag or release tag if newer (ping dgoulet or ahf if unsure) - - [ ] Check for go updates here : https://go.dev/dl - - **NOTE** : In general, Tor Browser Alpha uses the latest Stable major series Go version, but there are sometimes exceptions. Check with the anti-censorship team before doing a major version update in case there is incompatibilities. - - [ ] ***(Optional)*** Update `projects/go/config` - - [ ] `version` : update go version - - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page) - - [ ] Check for manual updates by running (from `tor-browser-build` root): `./tools/update_manual.py` - - [ ] ***(Optional)*** If new version is available: - - [ ] Upload the downloaded `manual_$PIPELINEID.zip` file to `tb-build-02.torproject.org` - - The script will tell if it's necessary to - - [ ] Deploy to `tb-builder`'s `public_html` directory: - - `sudo -u tb-builder cp manual_$PIPELINEID.zip ~tb-builder/public_html/.` - - [ ] Add `projects/manual/config` to the stage area if the script updated it. -- [ ] Update `ChangeLog-TBB.txt` - - [ ] Ensure `ChangeLog-TBB.txt` is sync'd between alpha and stable branches - - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones - - [ ] Run `./tools/fetch_changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs` - - Make sure you have `requests` installed (e.g., `apt install python3-requests`) - - The first time you run this script you will need to generate an access token; the script will guide you - - `$updateArgs` should be these arguments, depending on what you actually updated: - - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case) - - [ ] `--tor` - - [ ] `--no-script` - - [ ] `--openssl` - - [ ] `--zlib` - - [ ] `--zstd` - - [ ] `--go` - - E.g., `./tools/fetch_changelogs.py 41028 --date 'December 19 2023' --firefox 115.6.0esr --tor 0.4.8.10 --no-script 11.4.29 --zlib 1.3 --go 1.21.5 --openssl 3.0.12` - - `--date $date` is optional, if omitted it will be the date on which you run the command - - [ ] Copy the output of the script to the beginning of `ChangeLog-TBB.txt` and adjust its output +- [ ] Tag `tor-browser` in tor-browser.git + - **example**: `tor-browser-128.3.0esr-14.0-1-build1` +- [ ] Changelog bookkeeping: + - [ ] Ensure all commits to `tor-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue + - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Android, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels +- [ ] Create a release preparation branch from the `main` branch +- [ ] Run release preparation script: + - **NOTE**: You can omit the `--tor-browser` argument if this is for a jointt Tor and Mullvad Browser release + ```bash + ./tools/relprep.py --tor-browser --date ${RELEASE_DATE} ${TOR_BROWSER_VERSION} + ``` + - **⚠️ WARNING**: You may need to manually update the `firefox/config` and `geckoview/config` files' `browser_build` field if `tor-browser.git` has not yet been tagged (e.g. if security backports have not yet been merged and tagged) +- [ ] Review build configuration changes: + - [ ] `rbm.conf` + - [ ] `var/torbrowser_version`: updated to next browser version + - [ ] `var/torbrowser_build`: updated to `${TOR_BROWSER_BUILD_N}` + - [ ] `var/browser_release_date`: updated to build date. For the build to be reproducible, the date should be in the past when building. + - **⚠️ WARNING**: If we have updated `var/torbrowser_build` without updating the `firefox` or `geckoview` tags, then we can leave this unchanged to avoid forcing a firefox re-build (e.g. when bumping `var/torbrwoser_build` to build2, build3, etc due to non-firefox related build issues) + - [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from`: updated to previous Desktop version + - **NOTE**: We try to build incrementals for the previous 3 desktop versions + - **⚠️ WARNING**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail + - [ ] `projects/firefox/config` + - [ ] `browser_build`: updated to match `tor-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] `projects/geckoview/config` + - [ ] `browser_build`: updated to match `tor-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] ***(Optional)*** `projects/translation/config`: + - [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch + - [ ] `steps/tor-browser/git_hash`: updated with `HEAD` commit of project's `tor-browser` branch + - [ ] `steps/fenix/git_hash`: updated with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch + - [ ] ***(Optional)*** `projects/browser/config`: + - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] ***(Optional)*** `projects/openssl/config`: https://www.openssl.org/source/ + - **NOTE**: Only if new LTS version (3.0.X currrently) available + - [ ] `version`: updated to next LTS version + - [ ] `input_files/sha256sum`: updated to sha256 sum of source tarball + - [ ] **(Optional)** `projects/zlib/config`: https://github.com/madler/zlib/releases + - **NOTE**: Only if new tag available + - [ ] `version`: updated to next release tag + - [ ] **(Optional)** `projects/zstd/config`: https://github.com/facebook/zstd/releases + - **NOTE**: Only if new tag available; Android-only for now + - [ ] `version`: updated to next release tag + - [ ] `git_hash`: updated to the commit corresponding to the tag (we don't check signatures for Zstandard) + - [ ] **(Optional)** `projects/tor/config` https://gitlab.torproject.org/tpo/core/tor/-/tags + - [ ] `version`: updated to latest `-alpha` tag or release tag if newer (ping **dgoulet** or **ahf** if unsure) + - [ ] **(Optional)** `projects/go/config` https://go.dev/dl + - **NOTE**: In general, Tor Browser Alpha uses the latest Stable major series Go version, but there are sometimes exceptions. Check with the anti-censorship team before doing a major version update in case there is incompatibilities. + - [ ] `version`: updated go version + - [ ] `input_files/sha256sum` for `go`: update sha256sum of archive (sha256 sums are displayed on the go download page) + - [ ] **(Optional)** `projects/manual/config` + - [ ] `version`: updated to latest pipeline id + - [ ] `input_files/shasum` for `manual`: updated to manual hash + - [ ] Upload the downloaded `manual_${PIPELINEID}.zip` file to `tb-build-02.torproject.org` + - [ ] Deploy to `tb-builder`'s `public_html` directory: + - [ ] Run: + ``` + sudo -u tb-builder cp manual_${PIPELINEID}.zip ~tb-builder/public_html/. + ``` + - [`sudo` documentation for TPO machines](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/doc/accounts#c… + - [ ] `ChangeLog-TBB.txt`: ensure correctness + - [ ] Browser name correct + - [ ] Release date correct + - [ ] No Android updates on a desktop-only release and vice-versa + - [ ] All issues added under correct platform + - [ ] ESR updates correct + - [ ] Component updates correct - [ ] Open MR with above changes, using the template for release preparations - [ ] Merge - [ ] Sign+Tag @@ -115,55 +117,52 @@ Tor Browser Alpha (and Nightly) are on the `main` branch - ma1 - morgan - pierov - - [ ] Run: `make torbrowser-signtag-alpha` + - [ ] Run: + ``` + make torbrowser-signtag-alpha + ``` - [ ] Push tag to `upstream` - [ ] Build the tag: - - Run `make torbrowser-alpha && make torbrowser-incrementals-alpha` + - [ ] Run: + ``` + make torbrowser-alpha && make torbrowser-incrementals-alpha + ``` - [ ] Tor Project build machine - [ ] Local developer machine - [ ] Submit build request to Mullvad infrastructure: - **NOTE** this requires a devmole authentication token - - Run `make torbrowser-kick-devmole-build` -- [ ] Ensure builders have matching builds + - [ ] Run: + ``` + make torbrowser-kick-devmole-build + ``` </details> <details> - <summary>Communications</summary> - -### notify stakeholders -- [ ] **(Once builds confirmed matching)** Email tor-qa mailing list with release information - - [ ] tor-qa: tor-qa(a)lists.torproject.org - - **Subject** - ``` - Tor Browser $(TOR_BROWSER_VERION) (Android, Windows, macOS, Linux) - ``` - - **Body** - ``` - Hello, - - Unsigned Tor Browser $(TOR_BROWSER_VERSION) alpha candidate builds are now available for testing: - - - https://tb-build-02.torproject.org/~$(BUILDER)/builds/torbrowser/alpha/unsi… - - The full changelog can be found here: - - - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/$(TB… - ``` -- [ ] ***(Optional, only around build/packaging changes)*** Email packagers: - - [ ] Tails dev mailing list: tails-dev(a)boum.org - - [ ] Guardian Project: nathan(a)guardianproject.info - - [ ] FreeBSD port: freebsd(a)sysctl.cz  - - [ ] OpenBSD port: caspar(a)schutijser.com  - - [ ] Anti-Censorship: meskio(a)torproject.org - - [ ] Note any changes which may affect packaging/downstream integration -- [ ] ***(Optional, only after internal API-breaking changes)*** Email downstream project maintainers: - - [ ] selenium-tor: matzfan(a)tempr.email  -- [ ] ***(Optional, after ESR migration)*** Email external partners: - - [ ] Cloudflare: ask-research(a)cloudflare.com - - **NOTE** : We need to provide them with updated user agent string so they can update their internal machinery to prevent Tor Browser users from getting so many CAPTCHAs - - [ ] Startpage: admin(a)startpage.com - - **NOTE** : Startpage also needs the updated user-agent string for better experience on their onion service sites. + <summary>Website</summary> + + ### downloads: https://gitlab.torproject.org/tpo/web/tpo.git + - [ ] `databags/versions.ini`: Update the downloads versions + - `torbrowser-stable/version`: catch-all for latest stable version + - `torbrowser-alpha/version`: catch-all for latest alpha version + - `torbrowser-legacy/version`: catch-all for latest ESR-115 version + - `torbrowser-*-stable/version`: platform-specific stable versions + - `torbrowser-*-alpha/version`: platform-specific alpha versions + - `torbrowser-*-legacy/version`: platform-specific legacy versions + - [ ] Push to origin as new branch and create MR + - [ ] Review + - [ ] Merge + - **⚠️ WARNING**: Do not deploy yet! + + ### blog: https://gitlab.torproject.org/tpo/web/blog.git + - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory) + - [ ] Note any ESR update + - [ ] Thank any users which have contributed patches + - [ ] **(Optional)** Draft any additional sections for new features which need testing, known issues, etc + - [ ] Push to origin as new branch and open MR + - [ ] Review + - [ ] Merge + - **⚠️ WARNING**: Do not deploy yet! </details> @@ -171,38 +170,33 @@ Tor Browser Alpha (and Nightly) are on the `main` branch <summary>Signing</summary> ### release signing -- **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long - [ ] Assign this issue to the signer, one of: - boklm + - ma1 - morgan -- [ ] On `$(STAGING_SERVER)`, ensure updated: - - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)` + - pierov +- [ ] Ensure all builders have matching builds +- [ ] On `${STAGING_SERVER}`, ensure updated: + - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N} && git checkout tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N}` - [ ] `tor-browser-build/tools/signing/set-config.hosts` - - `ssh_host_builder` : ssh hostname of machine with unsigned builds - - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory) - - `ssh_host_linux_signer` : ssh hostname of linux signing machine + - `ssh_host_builder`: ssh hostname of machine with unsigned builds + - `ssh_host_linux_signer`: ssh hostname of linux signing machine + - `builder_tor_browser_build_dir`: path on `ssh_host_builder` to root of builder's `tor-browser-build` clone containing unsigned builds - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect` - - `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos + - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos - [ ] `set-config.update-responses` - - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git` + - `update_responses_repository_dir`: directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git` - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` - - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) - - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) - - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script: - - `cd tor-browser-build/tools/signing/` - - `./do-all-signing.torbrowser` -- **NOTE**: at this point the signed binaries should have been copied to `staticiforme` -- [ ] Update `staticiforme.torproject.org`: - - From `screen` session on `staticiforme.torproject.org`: - - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` - - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-alpha.sh` - - [ ] Remove old release data from following places: - - **NOTE** : Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) - - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` - - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` - - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` + - `tbb_version`: tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) + - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) + - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script: + - [ ] Run: + ``` + cd tor-browser-build/tools/signing/ && ./do-all-signing.torbrowser + ``` + - **NOTE**: on successful execution, the signed binaries and mars should have been copied to `staticiforme` and update responses pushed </details> @@ -242,6 +236,26 @@ popd <details> <summary>Publishing</summary> +### website +- [ ] On `staticiforme.torproject.org`, static update components: + ``` + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` +- [ ] Deploy `tor-website` MR +- [ ] Deploy `tor-blog` MR +- [ ] On `staticiforme.torproject.org`, enable update responses: + ``` + sudo -u tb-release ./deploy_update_responses-alpha.sh + ``` +- [ ] On `staticiforme.torproject.org`, remove old release: + - **NOTE**: Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) + - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` + - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` + - [ ] Run: + ``` + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` + ### Google Play: https://play.google.com/apps/publish - [ ] Publish APKs to Google Play: - Select `Tor Browser (Alpha)` app @@ -256,46 +270,70 @@ popd - [ ] 100% rollout when publishing a security-driven release - [ ] Update rollout percentage to 100% after confirmed no major issues -### website: https://gitlab.torproject.org/tpo/web/tpo.git -- [ ] `databags/versions.ini` : Update the downloads versions - - `torbrowser-stable/version` : sort of a catch-all for latest stable version - - `torbrowser-alpha/version` : sort of a catch-all for latest stable version - - `torbrowser-*-stable/version` : platform-specific stable versions - - `torbrowser-*-alpha/version` : platform-specific alpha versions - - `tor-stable`,`tor-alpha` : set by tor devs, do not touch -- [ ] Push to origin as new branch, open 'Draft :' MR -- [ ] Remove `Draft:` from MR once signed-packages are accessible on https://dist.torproject.org -- [ ] Merge -- [ ] Publish after CI passes and builds are published - -### blog: https://gitlab.torproject.org/tpo/web/blog.git -- [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory) - - [ ] Note any ESR update - - [ ] Note any updates to dependencies (OpenSSL, zlib, NoScript, tor, etc) - - [ ] Thank any users which have contributed patches - - [ ] **(Optional)** Draft any additional sections for new features which need testing, known issues, etc -- [ ] Push to origin as new branch, open `Draft:` MR -- [ ] Merge once signed-packages are accessible on https://dist.torproject.org -- [ ] Publish after CI passes and website has been updated +</details> + +<details> + <summary>Communications</summary> ### tor-announce mailing list -- [ ] Email tor-announce mailing list: tor-announce(a)lists.torproject.org +- [ ] Email tor-announce mailing list + - **Recipients** + ``` + tor-announce(a)lists.torproject.org + ``` - **Subject** ``` - New Release: Tor Browser $(TOR_BROWSER_VERSION) (Android, Windows, macOS, Linux) + New Release: Tor Browser ${TOR_BROWSER_VERSION} (Android, Windows, macOS, Linux) ``` - **Body** ``` Hi everyone, - Tor Browser $(TOR_BROWSER_VERSION) has now been published for all platforms. For details please see our blog post: - - $(BLOG_POST_URL) + Tor Browser ${TOR_BROWSER_VERSION} has now been published for all platforms. For details please see our blog post: + - ${BLOG_POST_URL} Changelog: - # paste changleog as quote here + # paste changelog as quote here + ``` + +### packagers +- [ ] ***(Optional, only around build/packaging changes)*** Email packagers: + - **Recipients** + - Tails dev mailing list: tails-dev(a)boum.org + - Guardian Project: nathan(a)guardianproject.info + - FreeBSD port: freebsd(a)sysctl.cz  + - OpenBSD port: caspar(a)schutijser.com  + - torbrowser-launcher: mail(a)asciiwolf.com  + - Anti-Censorship: meskio(a)torproject.org  + ``` + tails-dev(a)boum.org nathan(a)guardianproject.info freebsd(a)sysctl.cz caspar(a)schutijser.com mail(a)asciiwolf.com meskio(a)torproject.org + ``` + - **Subject** ``` + New Release: Tor Browser ${TOR_BROWSER_VERSION} (Android, Windows, macOS, Linux) + ``` + - [ ] Note any changes which may affect packaging/downstream integration + +### downstream projects +- [ ] ***(Optional, only after internal API-breaking changes)*** Email downstream project maintainers: + - **Recipients** + - selenium-tor: matzfan(a)tempr.email  + ``` + matzfan(a)tempr.email + ``` + - **Subject** + ``` + Breaking Changes in Tor Browser ${TOR_BROWSER_VERSION} + ``` + - [ ] Note any internal API changes which may affect browser automation + +### upstream services +- [ ] ***(Optional, after ESR migration)*** Email external partners: + - [ ] Cloudflare: ask-research(a)cloudflare.com + - **NOTE**: We need to provide them with updated user agent string so they can update their internal machinery to prevent Tor Browser users from getting so many CAPTCHAs + - [ ] Startpage: admin(a)startpage.com + - **NOTE**: Startpage also needs the updated user-agent string for better experience on their onion service sites. </details> /label ~"Release Prep" - ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Legacy.md ===================================== @@ -0,0 +1,311 @@ +- **NOTE** It is assumed the `tor-browser` release rebase and security backport tasks have been completed + +<details> + <summary>Explanation of variables</summary> + +- `${BUILD_SERVER}`: the server the main builder is using to build a browser release +- `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER} + - **example**: `pierov` +- `${STAGING_SERVER}`: the server the signer is using to to run the signing process +- `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc + - **example**: `91.6.0` +- `${TOR_BROWSER_MAJOR}`: the Tor Browser major version + - **example**: `11` +- `${TOR_BROWSER_MINOR}`: the Tor Browser minor version + - **example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `${TOR_BROWSER_VERSION}`: the Tor Browser version in the format + - **example**: `12.5a3`, `12.0.3` +- `${BUILD_N}`: a project's build revision within a its branch; this is separate from the `${TOR_BROWSER_BUILD_N}` value; many of the Firefox-related projects have a `${BUILD_N}` suffix and may differ between projects even when they contribute to the same build. + - **example**: `build1` +- `${TOR_BROWSER_BUILD_N}`: the tor-browser build revision for a given Tor Browser release; used in tagging git commits + - **example**: `build2` + - **⚠️ WARNING**: A project's `${BUILD_N}` and `${TOR_BROWSER_BUILD_N}` may be the same, but it is possible for them to diverge. For example : + - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `${BUILD_N}` value will increase, while the `${TOR_BROWSER_BUILD_N}` value may stay at `build1` (but the `${TOR_BROWSER_VERSION}` will increase) + - if we have build failures unrelated to `tor-browser`, the `${TOR_BROWSER_BUILD_N}` value will increase while the `${BUILD_N}` will stay the same. +- `${TOR_BROWSER_VERSION}`: the published Tor Browser version + - **example**: `11.5a6`, `11.0.7` +- `${TBB_BUILD_TAG}`: the `tor-browser-build` build tag used to build a given Tor Browser version + - **example**: `tbb-12.5a7-build1` +- `${RELEASE_DATE}`: the intended release date of this browser release; for ESR schedule-driven releases, this should match the upstream Firefox release date + - **example**: `2024-10-29` + +</details> + +<details> + <summary>Build Configuration</summary> + +### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git +Tor Browser Legacy is on the `maint-13.5` branch + +- [ ] Tag `tor-browser` in tor-browser.git + - **example**: `tor-browser-115.17.0esr-13.5-1-build1` +- [ ] Changelog bookkeeping: + - [ ] Ensure all commits to `tor-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue + - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels +- [ ] Create a release preparation branch from the `maint-13.5` branch +- [ ] Run release preparation script: + ```bash + ./tools/relprep.py --tor-browser --date ${RELEASE_DATE} ${TOR_BROWSER_VERSION} + ``` + - **⚠️ WARNING**: You may need to manually update the `firefox/config` file's `browser_build` field if `tor-browser.git` has not yet been tagged (e.g. if security backports have not yet been merged and tagged) +- [ ] Review build configuration changes: + - [ ] `rbm.conf` + - [ ] `var/torbrowser_version`: updated to next browser version + - [ ] `var/torbrowser_build`: updated to `${TOR_BROWSER_BUILD_N}` + - [ ] `var/browser_release_date`: updated to build date. For the build to be reproducible, the date should be in the past when building. + - **⚠️ WARNING**: If we have updated `var/torbrowser_build` without updating the `firefox`, then we can leave this unchanged to avoid forcing a firefox re-build (e.g. when bumping `var/torbrwoser_build` to build2, build3, etc due to non-firefox related build issues) + - [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from`: updated to previous Desktop version + - **NOTE**: We try to build incrementals for the previous 3 desktop versions + - **⚠️ WARNING**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail + - [ ] `projects/firefox/config` + - [ ] `browser_build`: updated to match `tor-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] ***(Optional)*** `projects/translation/config`: + - [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch + - [ ] `steps/tor-browser/git_hash`: updated with `HEAD` commit of project's `tor-browser` branch + - [ ] ***(Optional)*** `projects/browser/config`: + - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] ***(Optional)*** `projects/openssl/config`: https://www.openssl.org/source/ + - **NOTE**: Only if new LTS version (3.0.X currrently) available + - [ ] `version`: updated to next LTS version + - [ ] `input_files/sha256sum`: updated to sha256 sum of source tarball + - [ ] **(Optional)** `projects/zlib/config`: https://github.com/madler/zlib/releases + - **NOTE**: Only if new tag available + - [ ] `version`: updated to next release tag + - [ ] **(Optional)** `projects/zstd/config`: https://github.com/facebook/zstd/releases + - **NOTE**: Only if new tag available + - [ ] `version`: updated to next release tag + - [ ] `git_hash`: updated to the commit corresponding to the tag (we don't check signatures for Zstandard) + - [ ] **(Optional)** `projects/tor/config` https://gitlab.torproject.org/tpo/core/tor/-/tags + - [ ] `version`: updated to latest non `-alpha` tag or release tag if newer (ping **dgoulet** or **ahf** if unsure) + - [ ] **(Optional)** `projects/go/config` https://go.dev/dl + - [ ] `go_1_22`: updated to latest 1.22 version + - [ ] `input_files/sha256sum` for `go`: update sha256sum of archive (sha256 sums are displayed on the go download page) + - [ ] **(Optional)** `projects/manual/config` + - [ ] `version`: updated to latest pipeline id + - [ ] `input_files/shasum` for `manual`: updated to manual hash + - [ ] Upload the downloaded `manual_${PIPELINEID}.zip` file to `tb-build-02.torproject.org` + - [ ] Deploy to `tb-builder`'s `public_html` directory: + - [ ] Run: + ``` + sudo -u tb-builder cp manual_${PIPELINEID}.zip ~tb-builder/public_html/. + ``` + - [`sudo` documentation for TPO machines](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/doc/accounts#c… + - [ ] `ChangeLog-TBB.txt`: ensure correctness + - [ ] Browser name correct + - [ ] Release date correct + - [ ] No Android updates + - [ ] All issues added under correct platform + - [ ] ESR updates correct + - [ ] Component updates correct +- [ ] Open MR with above changes, using the template for release preparations +- [ ] Merge +- [ ] Sign+Tag + - **NOTE** this must be done by one of: + - boklm + - dan + - ma1 + - morgan + - pierov + - [ ] Run: + ``` + make torbrowser-signtag-release + ``` + - [ ] Push tag to `upstream` +- [ ] Build the tag: + - [ ] Run: + ``` + make torbrowser-release && make torbrowser-incrementals-release + ``` + - [ ] Tor Project build machine + - [ ] Local developer machine + - [ ] Submit build request to Mullvad infrastructure: + - **NOTE** this requires a devmole authentication token + - [ ] Run: + ``` + make torbrowser-kick-devmole-build + ``` + +</details> + +<details> + <summary>Website</summary> + + ### downloads: https://gitlab.torproject.org/tpo/web/tpo.git + - [ ] `databags/versions.ini`: Update the downloads versions + - `torbrowser-stable/version`: catch-all for latest stable version + - `torbrowser-alpha/version`: catch-all for latest alpha version + - `torbrowser-legacy/version`: catch-all for latest ESR-115 version + - `torbrowser-*-stable/version`: platform-specific stable versions + - `torbrowser-*-alpha/version`: platform-specific alpha versions + - `torbrowser-*-legacy/version`: platform-specific legacy versions + - `tor-stable`,`tor-alpha`: set by tor devs, do not touch + - [ ] Push to origin as new branch and create MR + - [ ] Review + - [ ] Merge + - **⚠️ WARNING**: Do not deploy yet! + +</details> + +<details> + <summary>Signing</summary> + +### release signing +- [ ] Assign this issue to the signer, one of: + - boklm + - ma1 + - morgan + - pierov +- [ ] Ensure all builders have matching builds +- [ ] On `${STAGING_SERVER}`, ensure updated: + - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N} && git checkout tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N}` + - [ ] `tor-browser-build/tools/signing/set-config.hosts` + - `ssh_host_builder`: ssh hostname of machine with unsigned builds + - `ssh_host_linux_signer`: ssh hostname of linux signing machine + - `builder_tor_browser_build_dir`: path on `ssh_host_builder` to root of builder's `tor-browser-build` clone containing unsigned builds + - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect` + - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos + - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` + - `tbb_version`: tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) + - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) + - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script: + - [ ] Run: + ``` + cd tor-browser-build/tools/signing/ && ./do-all-signing.torbrowser + ``` + - **NOTE**: on successful execution, the signed binaries and mars should have been copied to `staticiforme` and update responses pushed + +</details> + +<details> + <summary>Signature verification</summary> + + <details> + <summary>Check whether the .exe files got properly signed and timestamped</summary> + +```bash +# Point OSSLSIGNCODE to your osslsigncode binary +pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION +OSSLSIGNCODE=/path/to/osslsigncode +../../../tools/authenticode_check.sh +popd +``` + + </details> + <details> + <summary>Check whether the MAR files got properly signed</summary> + +```bash +# Point NSSDB to your nssdb containing the mar signing certificate +# Point SIGNMAR to your signmar binary +# Point LD_LIBRARY_PATH to your mar-tools directory +pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION +NSSDB=/path/to/nssdb +SIGNMAR=/path/to/mar-tools/signmar +LD_LIBRARY_PATH=/path/to/mar-tools/ +../../../tools/marsigning_check.sh +popd +``` + + </details> +</details> + +<details> + <summary>Publishing</summary> + +### website +- [ ] On `staticiforme.torproject.org`, static update components: + ``` + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` +- [ ] Deploy `tor-website` MR +- [ ] On `staticiforme.torproject.org`, remove old release: + - **NOTE**: Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) + - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` + - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` + - [ ] Run: + ``` + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` +- [ ] **(Optional)** Generate and deploy new update responses + - **NOTE**: This is only required if there will be no corresponding 14.0 release (i.e. this is an emergency legacy-only 13.5 release). Normally, legacy update responses are generated and deployed as part of the 14.0 release. + - **⚠️ WARNING**: This is a little bit off the beaten track, ping boklm or morgan if you have any doubts + - From the `maint-14.0` branch: + - [ ] Update `rbm.conf` + - [ ] `var/torbrowser_legacy_version`: update to `${TOR_BROWSER_VERSION}` + - **NOTE** this is the browser version for the legacy branch, not the 14.0 branch + - [ ] `var/torbrowser_legacy_platform_version`: update to `${ESR_VERSION}` + - **NOTE** this is ESR version for the legacy branch, not the 14.0 branch + - [ ] Generate update responses: + - [ ] Run: + ``` + make torbrowser-update_responses-release + ``` + - On `staticiforme.torproject.org`, deploy new update responses: + - **NOTE**: for now this is a bit janky, we should somehow update the workflow to be a bit less hacky + - [ ] Edit an existing `deploy_update_responses-release.sh` script in your `HOME` directory with the newly pushed commit hash + - **example**: (hash: `d938943`) + ```bash + #!/bin/bash + set -e + + echo "Deploying version 14.0" + echo "update_responses_commit: d938943" + + cd "/srv/aus1-master.torproject.org/htdocs/torbrowser" + git fetch + changed_files="$(git diff --name-only HEAD d938943)" + if echo "$changed_files" | grep -qv "release" + then + echo >&2 "Error: checking out new update_response_commit will changes" + echo >&2 "some files outside of the release directory:" + echo "$changed_files" | grep -v "release" >&2 + echo >&2 "--" + echo >&2 "If this is really what you want to do, edit this script to" + echo >&2 "remove the line 'exit 1' and run it again." + echo >&2 "See tor-browser-build#41168 for more details." + exit 1 + fi + git checkout "d938943" + + static-update-component aus1.torproject.org + ``` + - [ ] Enable update responses: + ```bash + sudo -u tb-release ./deploy_update_responses-release.sh + ``` + +</details> + +<details> + <summary>Communications</summary> + +### tor-announce mailing list +- [ ] Email tor-announce mailing list + - **Recipients** + ``` + tor-announce(a)lists.torproject.org + ``` + - **Subject** + ``` + New Release: Tor Browser ${TOR_BROWSER_VERSION} (Windows, macOS) + ``` + - **Body** + ``` + Hi everyone, + + Tor Browser ${TOR_BROWSER_VERSION} has now been published for legacy Windows and macOS platforms. For details please see our blog post: + - ${BLOG_POST_URL} + + Changelog: + # paste changelog as quote here + ``` + +</details> + +/label ~"Release Prep" ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Stable.md ===================================== @@ -1,116 +1,113 @@ +- **NOTE** It is assumed the `tor-browser` release rebase and security backport tasks have been completed +- **NOTE** This can/is often done in conjunction with the equivalent Mullvad Browser release prep issue + <details> <summary>Explanation of variables</summary> -- `$(BUILD_SERVER)` : the server the main builder is using to build a tor-browser release -- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER) - - **example** : `pierov` -- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process -- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc - - **example** : `91.6.0` -- `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version - - **example** : `11` -- `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version - - **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` -- `$(TOR_BROWSER_VERSION)` : the Tor Browser version in the format - - **example** : `12.5a3`, `12.0.3` -- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(TOR_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build. - - **example** : `build1` -- `$(TOR_BROWSER_BUILD_N)` : the tor-browser build revision for a given Tor Browser release; used in tagging git commits - - **example** : `build2` - - **NOTE** : A project's `$(BUILD_N)` and `$(TOR_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example : - - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(TOR_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(TOR_BROWSER_VERSION)` will increase) - - if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same. -- `$(TOR_BROWSER_VERSION)` : the published Tor Browser version - - **example** : `11.5a6`, `11.0.7` -- `$(TBB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Tor Browser version - - **example** : `tbb-12.0.7-build1` -</details> +- `${BUILD_SERVER}`: the server the main builder is using to build a browser release +- `${BUILDER}`: whomever is building the release on the ${BUILD_SERVER} + - **example**: `pierov` +- `${STAGING_SERVER}`: the server the signer is using to to run the signing process +- `${ESR_VERSION}`: the Mozilla defined ESR version, used in various places for building browser tags, labels, etc + - **example**: `91.6.0` +- `${TOR_BROWSER_MAJOR}`: the Tor Browser major version + - **example**: `11` +- `${TOR_BROWSER_MINOR}`: the Tor Browser minor version + - **example**: either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `${TOR_BROWSER_VERSION}`: the Tor Browser version in the format + - **example**: `12.5a3`, `12.0.3` +- `${BUILD_N}`: a project's build revision within a its branch; this is separate from the `${TOR_BROWSER_BUILD_N}` value; many of the Firefox-related projects have a `${BUILD_N}` suffix and may differ between projects even when they contribute to the same build. + - **example**: `build1` +- `${TOR_BROWSER_BUILD_N}`: the tor-browser build revision for a given Tor Browser release; used in tagging git commits + - **example**: `build2` + - **⚠️ WARNING**: A project's `${BUILD_N}` and `${TOR_BROWSER_BUILD_N}` may be the same, but it is possible for them to diverge. For example : + - if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `${BUILD_N}` value will increase, while the `${TOR_BROWSER_BUILD_N}` value may stay at `build1` (but the `${TOR_BROWSER_VERSION}` will increase) + - if we have build failures unrelated to `tor-browser`, the `${TOR_BROWSER_BUILD_N}` value will increase while the `${BUILD_N}` will stay the same. +- `${TOR_BROWSER_VERSION}`: the published Tor Browser version + - **example**: `11.5a6`, `11.0.7` +- `${TBB_BUILD_TAG}`: the `tor-browser-build` build tag used to build a given Tor Browser version + - **example**: `tbb-12.5a7-build1` +- `${RELEASE_DATE}`: the intended release date of this browser release; for ESR schedule-driven releases, this should match the upstream Firefox release date + - **example**: `2024-10-29` -**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed -**NOTE** This can/is often done in conjunction with the equivalent Mullvad Browser release prep issue +</details> <details> - <summary>Building</summary> + <summary>Build Configuration</summary> ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git -Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)` (and possibly more specific) branches. - -- [ ] Update `rbm.conf` - - [ ] `var/torbrowser_version` : update to next version - - [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)` - - [ ] `var/browser_release_date` : update to build date. For the build to be reproducible, the date should be in the past when building. - - [ ] `var/torbrowser_legacy_version` : update to next version in the legacy-13.5 branch - - [ ] `var/torbrowser_legacy_platform_version` : update to firefox platform version in the legacy-13.5 branch - - [ ] ***(Desktop Only)***`var/torbrowser_incremental_from` : update to previous Desktop version - - **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update - - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail -- [ ] Update Desktop-specific build configs - - [ ] Update `projects/firefox/config` - - [ ] `browser_build` : update to match `tor-browser` tag - - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased -- [ ] Update Android-specific build configs - - [ ] Update `projects/geckoview/config` - - [ ] `browser_build` : update to match `tor-browser` tag - - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased - - [ ] ***(Optional)*** Update `projects/tor-android-service/config` - - [ ] `git_hash` : update with `HEAD` commit of project's `main` branch - - [ ] ***(Optional)*** Update `projects/application-services/config`: - **NOTE** we don't currently have any of our own patches for this project - - [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)` - - [ ] ***(Optional)*** Update `projects/firefox-android/config`: - - [ ] `fenix_version` : update to match stable `firefox-android` build tag - - [ ] `browser_branch` : update to match stable `firefox-android` build tag - - [ ] `browser_build` : update to match stable `firefox-android` build tag - variant: Beta -- [ ] Update `projects/translation/config`: - - [ ] run `make list_translation_updates-release` to get updated hashes - - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch - - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch - - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch -- [ ] Update common build configs - - [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript - - [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config` - - [ ] `URL` - - [ ] `sha256sum` - - [ ] Check for OpenSSL updates here : https://www.openssl.org/source/ - - [ ] ***(Optional)*** If new 3.0.X version available, update `projects/openssl/config` - - [ ] `version` : update to next 3.0.X version - - [ ] `input_files/sha256sum` : update to sha256 sum of source tarball - - [ ] Check for zlib updates here: https://github.com/madler/zlib/releases - - [ ] **(Optional)** If new tag available, update `projects/zlib/config` - - [ ] `version` : update to next release tag - - [ ] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags - - [ ] ***(Optional)*** Update `projects/tor/config` - - [ ] `version` : update to latest non `-alpha` tag (ping dgoulet or ahf if unsure) - - [ ] Check for go updates here : https://go.dev/dl - - **NOTE** : In general, Tor Browser Stable uses the latest of the *previous* Stable major series Go version, but there are sometimes exceptions. Check with the anti-censorship team before doing a major version update in case there is incompatibilities. - - [ ] ***(Optional)*** Update `projects/go/config` - - [ ] `version` : update go version - - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page) - - [ ] Check for manual updates by running (from `tor-browser-build` root): `./tools/fetch-manual.py` - - [ ] ***(Optional)*** If new version is available: - - [ ] Upload the downloaded `manual_$PIPELINEID.zip` file to `tb-build-02.torproject.org` - - [ ] Deploy to `tb-builder`'s `public_html` directory: - - `sudo -u tb-builder cp manual_$PIPELINEID.zip ~tb-builder/public_html/.` - - [ ] Update `projects/manual/config`: - - [ ] Change the `version` to `$PIPELINEID` - - [ ] Update `sha256sum` in the `input_files` section -- [ ] Update `ChangeLog-TBB.txt` - - [ ] Ensure `ChangeLog-TBB.txt` is sync'd between alpha and stable branches - - [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones - - [ ] Run `./tools/fetch-changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs` - - Make sure you have `requests` installed (e.g., `apt install python3-requests`) - - The first time you run this script you will need to generate an access token; the script will guide you - - `$updateArgs` should be these arguments, depending on what you actually updated: - - [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case) - - [ ] `--tor` - - [ ] `--no-script` - - [ ] `--openssl` - - [ ] `--zlib` - - [ ] `--go` - - E.g., `./tools/fetch-changelogs.py 41028 --date 'December 19 2023' --firefox 115.6.0esr --tor 0.4.8.10 --no-script 11.4.29 --zlib 1.3 --go 1.21.5 --openssl 3.0.12` - - `--date $date` is optional, if omitted it will be the date on which you run the command - - [ ] Copy the output of the script to the beginning of `ChangeLog-TBB.txt` and adjust its output +Tor Browser Release are on the `maint-${TOR_BROWSER_MAJOR}.${TOR_BROWSER_MINOR}` branch + +- [ ] Tag `tor-browser` in tor-browser.git + - **example**: `tor-browser-128.3.0esr-14.0-1-build1` +- [ ] Changelog bookkeeping: + - [ ] Ensure all commits to `tor-browser` and `tor-browser-build` for this release have an associated issue linked to this release preparation issue + - [ ] Ensure each issue has a platform (~Windows, ~MacOS, ~Linux, ~Android, ~Desktop, ~"All Platforms") and potentially ~"Build System" labels +- [ ] Create a release preparation branch from the current `maint-XX.Y` branch +- [ ] Run release preparation script: + - **NOTE**: You can omit the `--tor-browser` argument if this is for a joint Tor and Mullvad Browser release + ```bash + ./tools/relprep.py --tor-browser --date ${RELEASE_DATE} ${TOR_BROWSER_VERSION} + ``` + - **⚠️ WARNING**: You may need to manually update the `firefox/config` and `geckoview/config` files' `browser_build` field if `tor-browser.git` has not yet been tagged (e.g. if security backports have not yet been merged and tagged) +- [ ] Review build configuration changes: + - [ ] `rbm.conf` + - [ ] `var/torbrowser_version`: updated to next browser version + - [ ] `var/torbrowser_build`: updated to `${TOR_BROWSER_BUILD_N}` + - [ ] `var/browser_release_date`: updated to build date. For the build to be reproducible, the date should be in the past when building. + - **⚠️ WARNING**: If we have updated `var/torbrowser_build` without updating the `firefox` or `geckoview` tags, then we can leave this unchanged to avoid forcing a firefox re-build (e.g. when bumping `var/torbrwoser_build` to build2, build3, etc due to non-firefox related build issues) + - [ ] ***(Desktop Only)*** `var/torbrowser_incremental_from`: updated to previous Desktop version + - **NOTE**: We try to build incrementals for the previous 3 desktop versions + - **⚠️ WARNING**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail +- [ ] `projects/firefox/config` + - [ ] `browser_build`: updated to match `tor-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] `projects/geckoview/config` + - [ ] `browser_build`: updated to match `tor-browser` tag + - [ ] ***(Optional)*** `var/firefox_platform_version`: updated to latest `${ESR_VERSION}` if rebased + - [ ] ***(Optional)*** `projects/translation/config`: + - [ ] `steps/base-browser/git_hash`: updated with `HEAD` commit of project's `base-browser` branch + - [ ] `steps/tor-browser/git_hash`: updated with `HEAD` commit of project's `tor-browser` branch + - [ ] `steps/fenix/git_hash`: updated with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch + - [ ] ***(Optional)*** `projects/browser/config`: + - [ ] NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript + - [ ] `URL` updated + - **⚠️ WARNING**: If preparing the release manually, updating the version number in the url is not sufficient, as each version has a random unique id in the download url + - [ ] `sha256sum` updated + - [ ] ***(Optional)*** `projects/openssl/config`: https://www.openssl.org/source/ + - **NOTE**: Only if new LTS version (3.0.X currrently) available + - [ ] `version`: updated to next LTS version + - [ ] `input_files/sha256sum`: updated to sha256 sum of source tarball + - [ ] **(Optional)** `projects/zlib/config`: https://github.com/madler/zlib/releases + - **NOTE**: Only if new tag available + - [ ] `version`: updated to next release tag + - [ ] **(Optional)** `projects/zstd/config`: https://github.com/facebook/zstd/releases + - **NOTE**: Only if new tag available; Android-only for now + - [ ] `version`: updated to next release tag + - [ ] `git_hash`: updated to the commit corresponding to the tag (we don't check signatures for Zstandard) + - [ ] **(Optional)** `projects/tor/config` https://gitlab.torproject.org/tpo/core/tor/-/tags + - [ ] `version`: updated to latest non `-alpha` tag or release tag if newer (ping **dgoulet** or **ahf** if unsure) + - [ ] **(Optional)** `projects/go/config` https://go.dev/dl + - **NOTE**: In general, Tor Browser Alpha uses the latest Stable major series Go version, but there are sometimes exceptions. Check with the anti-censorship team before doing a major version update in case there is incompatibilities. + - [ ] `version`: updated go version + - [ ] `input_files/sha256sum` for `go`: update sha256sum of archive (sha256 sums are displayed on the go download page) + - [ ] **(Optional)** `projects/manual/config` + - [ ] `version`: updated to latest pipeline id + - [ ] `input_files/shasum` for `manual`: updated to manual hash + - [ ] Upload the downloaded `manual_${PIPELINEID}.zip` file to `tb-build-02.torproject.org` + - [ ] Deploy to `tb-builder`'s `public_html` directory: + - [ ] Run: + ``` + sudo -u tb-builder cp manual_${PIPELINEID}.zip ~tb-builder/public_html/. + ``` + - [`sudo` documentation for TPO machines](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/doc/accounts#c… + - [ ] `ChangeLog-TBB.txt`: ensure correctness + - [ ] Browser name correct + - [ ] Release date correct + - [ ] No Android updates on a desktop-only release and vice-versa + - [ ] All issues added under correct platform + - [ ] ESR updates correct + - [ ] Component updates correct - [ ] Open MR with above changes, using the template for release preparations - [ ] Merge - [ ] Sign+Tag @@ -120,47 +117,52 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE - ma1 - morgan - pierov - - [ ] Run: `make torbrowser-signtag-release` + - [ ] Run: + ``` + make torbrowser-signtag-release + ``` - [ ] Push tag to `upstream` - [ ] Build the tag: - - Run `make torbrowser-release && make torbrowser-incrementals-release` + - [ ] Run: + ``` + make torbrowser-release && make torbrowser-incrementals-release + ``` - [ ] Tor Project build machine - [ ] Local developer machine - [ ] Submit build request to Mullvad infrastructure: - **NOTE** this requires a devmole authentication token - - Run `make torbrowser-kick-devmole-build` -- [ ] Ensure builders have matching builds + - [ ] Run: + ``` + make torbrowser-kick-devmole-build + ``` </details> <details> - <summary>Communications</summary> - -### notify stakeholders -- [ ] **(Once builds confirmed matching)** Email tor-qa mailing list with release information - - [ ] tor-qa: tor-qa(a)lists.torproject.org - - **Subject** - ``` - Tor Browser $(TOR_BROWSER_VERION) (Android, Windows, macOS, Linux) - ``` - - **Body** - ``` - Hello, - - Unsigned Tor Browser $(TOR_BROWSER_VERSION) release candidate builds are now available for testing: - - - https://tb-build-02.torproject.org/~$(BUILDER)/builds/torbrowser/release/un… - - The full changelog can be found here: - - - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/$(TB… - ``` -- [ ] Email packagers: - - [ ] Tails dev mailing list: tails-dev(a)boum.org - - [ ] Guardian Project: nathan(a)guardianproject.info - - [ ] FreeBSD port: freebsd(a)sysctl.cz  - - [ ] OpenBSD port: caspar(a)schutijser.com  - - [ ] Note any changes which may affect packaging/downstream integration + <summary>Website</summary> + + ### downloads: https://gitlab.torproject.org/tpo/web/tpo.git + - [ ] `databags/versions.ini`: Update the downloads versions + - `torbrowser-stable/version`: catch-all for latest stable version + - `torbrowser-alpha/version`: catch-all for latest alpha version + - `torbrowser-legacy/version`: catch-all for latest ESR-115 version + - `torbrowser-*-stable/version`: platform-specific stable versions + - `torbrowser-*-alpha/version`: platform-specific alpha versions + - `torbrowser-*-legacy/version`: platform-specific legacy versions + - [ ] Push to origin as new branch and create MR + - [ ] Review + - [ ] Merge + - **⚠️ WARNING**: Do not deploy yet! + + ### blog: https://gitlab.torproject.org/tpo/web/blog.git + - [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory) + - [ ] Note any ESR update + - [ ] Thank any users which have contributed patches + - [ ] **(Optional)** Draft any additional sections for new features which need testing, known issues, etc + - [ ] Push to origin as new branch and open MR + - [ ] Review + - [ ] Merge + - **⚠️ WARNING**: Do not deploy yet! </details> @@ -168,38 +170,36 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE <summary>Signing</summary> ### release signing -- **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long - [ ] Assign this issue to the signer, one of: - boklm + - ma1 - morgan -- [ ] On `$(STAGING_SERVER)`, ensure updated: - - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)` + - pierov +- [ ] Ensure all builders have matching builds +- [ ] Verify the associated legacy `maint-13.5` release has been signed and deployed + - **⚠️ WARNING**: Do not continue if the legacy channel has not been fully signed and published yet; it is needed for update-response generation! + - **NOTE** Stable releases without a corresponding legacy release may ignore this +- [ ] On `${STAGING_SERVER}`, ensure updated: + - [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N} && git checkout tbb-${TOR_BROWSER_VERSION}-${TOR_BROWSER_BUILD_N}` - [ ] `tor-browser-build/tools/signing/set-config.hosts` - - `ssh_host_builder` : ssh hostname of machine with unsigned builds - - **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory) - - `ssh_host_linux_signer` : ssh hostname of linux signing machine + - `ssh_host_builder`: ssh hostname of machine with unsigned builds + - `ssh_host_linux_signer`: ssh hostname of linux signing machine + - `builder_tor_browser_build_dir`: path on `ssh_host_builder` to root of builder's `tor-browser-build` clone containing unsigned builds - [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect` - - `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos + - `appstoreconnect_api_key_path`: path to json file containing appstoreconnect api key infos - [ ] `set-config.update-responses` - - `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git` + - `update_responses_repository_dir`: directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git` - [ ] `tor-browser-build/tools/signing/set-config.tbb-version` - - `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) - - `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) - - `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 -- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script: - - `cd tor-browser-build/tools/signing/` - - `./do-all-signing.torbrowser` -- **NOTE**: at this point the signed binaries should have been copied to `staticiforme` -- [ ] Update `staticiforme.torproject.org`: - - From `screen` session on `staticiforme.torproject.org`: - - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` - - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-release.sh` - - [ ] Remove old release data from following places: - - **NOTE** : Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) - - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` - - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` - - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` + - `tbb_version`: tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`) + - `tbb_version_build`: the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`) + - `tbb_version_type`: either `alpha` for alpha releases or `release` for stable releases +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050 +- [ ] On `${STAGING_SERVER}` in a separate `screen` session, run do-all-signing script: + - [ ] Run: + ``` + cd tor-browser-build/tools/signing/ && ./do-all-signing.torbrowser + ``` + - **NOTE**: on successful execution, the signed binaries and mars should have been copied to `staticiforme` and update responses pushed </details> @@ -239,6 +239,26 @@ popd <details> <summary>Publishing</summary> +### website +- [ ] On `staticiforme.torproject.org`, static update components: + ``` + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` +- [ ] Deploy `tor-website` MR +- [ ] Deploy `tor-blog` MR +- [ ] On `staticiforme.torproject.org`, enable update responses: + ``` + sudo -u tb-release ./deploy_update_responses-release.sh + ``` +- [ ] On `staticiforme.torproject.org`, remove old release: + - **NOTE**: Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc) + - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` + - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` + - [ ] Run: + ``` + static-update-component cdn.torproject.org && static-update-component dist.torproject.org + ``` + ### Google Play: https://play.google.com/apps/publish - [ ] Publish APKs to Google Play: - Select `Tor Browser` app @@ -253,45 +273,59 @@ popd - [ ] 100% rollout when publishing a security-driven release - [ ] Update rollout percentage to 100% after confirmed no major issues -### website: https://gitlab.torproject.org/tpo/web/tpo.git -- [ ] `databags/versions.ini` : Update the downloads versions - - `torbrowser-stable/version` : sort of a catch-all for latest stable version - - `torbrowser-alpha/version` : sort of a catch-all for latest stable version - - `torbrowser-*-stable/version` : platform-specific stable versions - - `torbrowser-*-alpha/version` : platform-specific alpha versions - - `tor-stable`,`tor-alpha` : set by tor devs, do not touch -- [ ] Push to origin as new branch, open 'Draft :' MR -- [ ] Remove `Draft:` from MR once signed-packages are accessible on https://dist.torproject.org -- [ ] Merge -- [ ] Publish after CI passes and builds are published +</details> -### blog: https://gitlab.torproject.org/tpo/web/blog.git -- [ ] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory) - - [ ] Note any ESR update - - [ ] Note any updates to dependencies (OpenSSL, zlib, NoScript, tor, etc) - - [ ] Thank any users which have contributed patches -- [ ] Push to origin as new branch, open `Draft:` MR -- [ ] Merge once signed-packages are accessible on https://dist.torproject.org -- [ ] Publish after CI passes and website has been updated +<details> + <summary>Communications</summary> ### tor-announce mailing list -- [ ] Email tor-announce mailing list: tor-announce(a)lists.torproject.org +- [ ] Email tor-announce mailing list + - **Recipients** + ``` + tor-announce(a)lists.torproject.org + ``` - **Subject** ``` - New Release: Tor Browser $(TOR_BROWSER_VERSION) (Android, Windows, macOS, Linux) + New Release: Tor Browser ${TOR_BROWSER_VERSION} (Android, Windows, macOS, Linux) ``` - **Body** ``` Hi everyone, - Tor Browser $(TOR_BROWSER_VERSION) has now been published for all platforms. For details please see our blog post: - - $(BLOG_POST_URL) + Tor Browser ${TOR_BROWSER_VERSION} has now been published for all platforms. For details please see our blog post: + - ${BLOG_POST_URL} Changelog: - # paste changleog as quote here + # paste changelog as quote here ``` +### packagers +- [ ] Email packagers: + - **Recipients** + - Tails dev mailing list: tails-dev(a)boum.org + - Guardian Project: nathan(a)guardianproject.info + - FreeBSD port: freebsd(a)sysctl.cz  + - OpenBSD port: caspar(a)schutijser.com  + - torbrowser-launcher: mail(a)asciiwolf.com  + - Anti-Censorship: meskio(a)torproject.org  + ``` + tails-dev(a)boum.org nathan(a)guardianproject.info freebsd(a)sysctl.cz caspar(a)schutijser.com mail(a)asciiwolf.com meskio(a)torproject.org + ``` + - **Subject** + ``` + New Release: Tor Browser ${TOR_BROWSER_VERSION} (Android, Windows, macOS, Linux) + ``` + - **Body** + ``` + Hi everyone, + + Tor Browser ${TOR_BROWSER_VERSION} has now been published for all platforms. For details please see our blog post: + - ${BLOG_POST_URL} + + Changelog: + # paste changelog as quote here + ``` + - [ ] Note any changes which may affect packaging/downstream integration </details> /label ~"Release Prep" - View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-115.17.0esr-13.5-1-build2
by morgan (＠morgan) 24 Oct '24

24 Oct '24

morgan pushed new tag base-browser-115.17.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Deleted tag base-browser-115.17.0esr-13.5-1-build2
by morgan (＠morgan) 24 Oct '24

24 Oct '24

morgan deleted tag base-browser-115.17.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.17.0esr-13.5-1-build2
by morgan (＠morgan) 24 Oct '24

24 Oct '24

morgan pushed new tag tor-browser-115.17.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Deleted tag tor-browser-115.17.0esr-13.5-1-build2
by morgan (＠morgan) 24 Oct '24

24 Oct '24

morgan deleted tag tor-browser-115.17.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-13.5.9-build2
by Pier Angelo Vendrame (＠pierov) 24 Oct '24

24 Oct '24

Pier Angelo Vendrame pushed new tag tbb-13.5.9-build2 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41269: Fix Windows browser build break due to missing snowflake README.md
by Pier Angelo Vendrame (＠pierov) 24 Oct '24

24 Oct '24

Pier Angelo Vendrame pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 2ada0c7b by Morgan at 2024-10-24T18:45:00+00:00 Bug 41269: Fix Windows browser build break due to missing snowflake README.md - - - - - 2 changed files: - projects/browser/build - rbm.conf Changes: ===================================== projects/browser/build ===================================== @@ -108,9 +108,14 @@ mv [% c('input_files_by_name/noscript') %] "$TBDIR/$EXTSPATH/{73a6fe31-595d-460b [% END -%] # Move READMEs from tor-expert-bundle to the doc dir - mkdir -p "$TBDIR/$DOCSPATH/snowflake" [% IF c("var/macos_universal") %]"$TBDIR_AARCH64/$DOCSPATH/snowflake"[% END %] + # Windows does not have snowflake + [% IF !c("var/windows") -%] + mkdir -p "$TBDIR/$DOCSPATH/snowflake" [% IF c("var/macos_universal") %]"$TBDIR_AARCH64/$DOCSPATH/snowflake"[% END %] + [% END -%] mkdir -p "$TBDIR/$DOCSPATH/conjure" [% IF c("var/macos_universal") %]"$TBDIR_AARCH64/$DOCSPATH/conjure"[% END %] - mv_tbdir tor/pluggable_transports/README.SNOWFLAKE.md "$DOCSPATH/snowflake/README.md" + [% IF !c("var/windows") -%] + mv_tbdir tor/pluggable_transports/README.SNOWFLAKE.md "$DOCSPATH/snowflake/README.md" + [% END -%] mv_tbdir tor/pluggable_transports/README.CONJURE.md "$DOCSPATH/conjure/README.md" # Move the PTs to where TB expects them ===================================== rbm.conf ===================================== @@ -74,7 +74,7 @@ buildconf: var: torbrowser_version: '13.5.9' - torbrowser_build: 'build1' + torbrowser_build: 'build2' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. browser_release_date: '2024/10/24 16:02:53' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag mb-13.5.9-build1
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed new tag mb-13.5.9-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/mb-… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-13.5.9-build1
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed new tag tbb-13.5.9-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41255, 41283: Prepare Tor, Mullvad Browser 13.5.9
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 69161822 by hackademix at 2024-10-24T18:23:27+02:00 Bug 41255,41283: Prepare Tor,Mullvad Browser 13.5.9 - - - - - 9 changed files: - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/allowed_addons.json - projects/firefox/config - projects/geckoview/config - projects/manual/config - projects/tor/config - projects/translation/config - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -1,3 +1,12 @@ +Mullvad Browser 13.5.9 - October 28 2024 + * All Platforms + * Updated Firefox to 115.17.0esr + * Updated NoScript to 11.4.42 + * Bug 43174: Issue with custom home page on local filesystem [tor-browser] + * Bug 43207: Backport Mozbug 1886222 [tor-browser] + * Bug 43240: Backport security fixes from Firefox 132 [tor-browser] + * Bug 41273: relprep.py: bump Firefox and GV to a (yet) non-existing tag when the last one does not match HEAD [tor-browser-build] + Mullvad Browser 13.5.7 - October 08 2024 * All Platforms * Updated uBlock Origin to 1.60.0 ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,26 @@ +Tor Browser 13.5.9 - October 28 2024 + * Windows + macOS + Linux + * Updated Tor to 0.4.8.13 + * Bug 43240: Backport security fixes from Firefox 132 [tor-browser] + * Bug 41273: relprep.py: bump Firefox and GV to a (yet) non-existing tag when the last one does not match HEAD [tor-browser-build] + * Updated Firefox to 115.17.0esr + * Bug 42280: Weird connection attempt to multicast IPv6 ff00:::443 on "New identity" [tor-browser] + * Bug 43104: Local files and extensions can't be loaded in new windows before bootstrap [tor-browser] + * Bug 43169: compat: align userAgent in navigator + HTTP Header [tor-browser] + * Bug 43174: Issue with custom home page on local filesystem [tor-browser] + * Bug 43207: Backport Mozbug 1886222 [tor-browser] + * Windows + macOS + * Bug 41252: Disable updating update_responses in 13.5-legacy branch [tor-browser-build] + * Windows + * Bug 43206: Hide Snowflake UX in legacy Tor Browser on Windows [tor-browser] + * Android + * Updated GeckoView to 115.17.0esr + * Build System + * All Platforms + * Bug 41278: Hide legacy 13.5 Tor Browser blog posts after 13.5.7 [tor-browser-build] + * Windows + macOS + * Bug 41269: Simplify projects/go/config and friends once maint-13.5 is legacy Windows and macOS only [tor-browser-build] + Tor Browser 13.5.8 - October 14 2024 * Android * Updated NoScript to 11.4.42 ===================================== projects/browser/allowed_addons.json ===================================== @@ -17,7 +17,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/34/9734/13299734/13299734.pn…" } ], - "average_daily_users": 1213636, + "average_daily_users": 1226737, "categories": { "firefox": [ "web-development", @@ -218,10 +218,10 @@ "category": "recommended" }, "ratings": { - "average": 4.5267, - "bayesian_average": 4.5256323562411405, - "count": 5907, - "text_count": 1856 + "average": 4.5256, + "bayesian_average": 4.524535982963264, + "count": 5929, + "text_count": 1863 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/reviews/", "requires_payment": false, @@ -318,7 +318,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/versions/", - "weekly_downloads": 28552 + "weekly_downloads": 29155 }, "notes": null }, @@ -334,7 +334,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/56/7656/6937656/6937656.png?…" } ], - "average_daily_users": 257891, + "average_daily_users": 258272, "categories": { "firefox": [ "privacy-security" @@ -635,7 +635,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/versions/", - "weekly_downloads": 2980 + "weekly_downloads": 2826 }, "notes": null }, @@ -651,7 +651,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/73/4073/5474073/5474073.png?…" } ], - "average_daily_users": 1310964, + "average_daily_users": 1352970, "categories": { "firefox": [ "privacy-security" @@ -1170,9 +1170,9 @@ "category": "recommended" }, "ratings": { - "average": 4.8041, - "bayesian_average": 4.801419862395535, - "count": 2527, + "average": 4.8047, + "bayesian_average": 4.802025216140565, + "count": 2534, "text_count": 476 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/reviews/", @@ -1197,7 +1197,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/versions/", - "weekly_downloads": 14939 + "weekly_downloads": 14681 }, "notes": null }, @@ -1213,7 +1213,7 @@ "picture_url": null } ], - "average_daily_users": 8542786, + "average_daily_users": 8647578, "categories": { "firefox": [ "privacy-security" @@ -1378,7 +1378,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2024-10-12T13:25:21Z", + "last_updated": "2024-10-23T00:10:54Z", "name": { "ar": "uBlock Origin", "bg": "uBlock Origin", @@ -1523,10 +1523,10 @@ "category": "recommended" }, "ratings": { - "average": 4.7922, - "bayesian_average": 4.791837346304233, - "count": 18640, - "text_count": 4871 + "average": 4.7924, + "bayesian_average": 4.792038892729136, + "count": 18723, + "text_count": 4889 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/reviews/", "requires_payment": false, @@ -1589,7 +1589,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/versions/", - "weekly_downloads": 217905 + "weekly_downloads": 221176 }, "notes": null }, @@ -1605,7 +1605,7 @@ "picture_url": null } ], - "average_daily_users": 187335, + "average_daily_users": 188407, "categories": { "firefox": [ "photos-music-videos", @@ -1701,10 +1701,10 @@ "category": "recommended" }, "ratings": { - "average": 4.45, - "bayesian_average": 4.445212842032069, - "count": 1289, - "text_count": 501 + "average": 4.4508, + "bayesian_average": 4.446012881244534, + "count": 1291, + "text_count": 502 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/re…", "requires_payment": false, @@ -1726,7 +1726,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/ve…", - "weekly_downloads": 353 + "weekly_downloads": 373 }, "notes": null }, @@ -1742,7 +1742,7 @@ "picture_url": null } ], - "average_daily_users": 62764, + "average_daily_users": 62536, "categories": { "firefox": [ "privacy-security", @@ -1877,7 +1877,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/versions/", - "weekly_downloads": 382 + "weekly_downloads": 282 }, "notes": null }, @@ -1893,7 +1893,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/64/9064/12929064/12929064.pn…" } ], - "average_daily_users": 364513, + "average_daily_users": 366172, "categories": { "firefox": [ "search-tools", @@ -2110,10 +2110,10 @@ "category": "recommended" }, "ratings": { - "average": 4.6173, - "bayesian_average": 4.613162490310139, - "count": 1560, - "text_count": 313 + "average": 4.616, + "bayesian_average": 4.611874580501797, + "count": 1565, + "text_count": 316 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/reviews/", "requires_payment": false, @@ -2136,7 +2136,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/versions/", - "weekly_downloads": 4344 + "weekly_downloads": 4605 }, "notes": null }, @@ -2159,7 +2159,7 @@ "picture_url": null } ], - "average_daily_users": 122483, + "average_daily_users": 122622, "categories": { "firefox": [ "search-tools", @@ -2440,10 +2440,10 @@ "category": "recommended" }, "ratings": { - "average": 4.3776, - "bayesian_average": 4.373284794488685, - "count": 1401, - "text_count": 393 + "average": 4.3775, + "bayesian_average": 4.373186912323384, + "count": 1404, + "text_count": 394 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/reviews/", "requires_payment": false, @@ -2463,7 +2463,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/versions/", - "weekly_downloads": 19 + "weekly_downloads": 25 }, "notes": null }, @@ -2479,7 +2479,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/43/0143/143/143.png?modified…" } ], - "average_daily_users": 290837, + "average_daily_users": 291399, "categories": { "firefox": [ "privacy-security", @@ -2593,7 +2593,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2024-10-09T08:34:17Z", + "last_updated": "2024-10-23T06:50:19Z", "name": { "de": "NoScript", "el": "NoScript", @@ -2665,10 +2665,10 @@ "category": "recommended" }, "ratings": { - "average": 4.408, - "bayesian_average": 4.405333664117888, - "count": 2289, - "text_count": 871 + "average": 4.4082, + "bayesian_average": 4.4055307379635416, + "count": 2288, + "text_count": 870 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/reviews/", "requires_payment": false, @@ -2712,7 +2712,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/", - "weekly_downloads": 8154 + "weekly_downloads": 8484 }, "notes": null }, @@ -2728,7 +2728,7 @@ "picture_url": null } ], - "average_daily_users": 165178, + "average_daily_users": 165936, "categories": { "firefox": [ "photos-music-videos", @@ -2838,10 +2838,10 @@ "category": "recommended" }, "ratings": { - "average": 3.8255, - "bayesian_average": 3.8215152080376273, - "count": 1284, - "text_count": 464 + "average": 3.8266, + "bayesian_average": 3.822614769308675, + "count": 1286, + "text_count": 466 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/revi…", "requires_payment": false, @@ -2860,7 +2860,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/vers…", - "weekly_downloads": 1940 + "weekly_downloads": 1957 }, "notes": null } ===================================== projects/firefox/config ===================================== @@ -14,12 +14,12 @@ container: use_container: 1 var: - firefox_platform_version: 115.16.0 + firefox_platform_version: 115.17.0 firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '13.5' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 3 + browser_build: 2 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' ===================================== projects/geckoview/config ===================================== @@ -14,9 +14,9 @@ container: use_container: 1 var: - geckoview_version: 115.16.0esr + geckoview_version: 115.17.0esr browser_branch: 13.5-1 - browser_build: 3 + browser_build: 2 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' ===================================== projects/manual/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 # To update, see doc/how-to-update-the-manual.txt # Remember to update also the package's hash, with the version! -version: 210938 +version: 215922 filename: 'manual-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -23,6 +23,6 @@ input_files: - project: container-image - URL: 'https://build-sources.tbb.torproject.org/manual_[% c("version") %].zip' name: manual - sha256sum: eb83259f0525a14dae1a1c3944e1e5ac3a2f8111a42834ab0f401628c8a38791 + sha256sum: b5ed703f54d52e9f197320f3698e936d585a3fed23cc4f9fbf59edce2869f885 - filename: packagemanual.py name: package_script ===================================== projects/tor/config ===================================== @@ -1,6 +1,6 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' -version: 0.4.8.12 +version: 0.4.8.13 git_hash: 'tor-[% c("version") %]' git_url: https://gitlab.torproject.org/tpo/core/tor.git git_submodule: 1 ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: ceb66dd0937da14962cb535699242b2526e11f02 + git_hash: 3b1be2065b54939ed019d94174f137847bcf3c66 targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: 2e5133bd3f271bafc4578465103ae07567452b15 + git_hash: 64ab8361ee87846e46736bd18b12c1dfcd77fe75 targets: nightly: git_hash: 'tor-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: 0c637c9fa2c1ddf1e2bda1a63a0b0d974074d593 + git_hash: 08dbd4e2bb128e2c30941dfeb7800582589f3a21 compress_tar: 'zst' targets: nightly: ===================================== rbm.conf ===================================== @@ -73,11 +73,11 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '13.5.8' + torbrowser_version: '13.5.9' torbrowser_build: 'build1' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. - browser_release_date: '2024/10/14 17:30:00' + browser_release_date: '2024/10/24 16:02:53' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' updater_enabled: 1 build_mar: 1 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-115.17.0esr-13.5-1-build2
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed new tag mullvad-browser-115.17.0esr-13.5-1-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.17.0esr-13.5-1] 6 commits: Bug 1829029: clean up memory reporting for CacheFileIOManager r=necko-reviewers, valentin, a=RyanVM
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed to branch mullvad-browser-115.17.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 6bd54722 by Randell Jesup at 2024-10-24T17:12:05+02:00 Bug 1829029: clean up memory reporting for CacheFileIOManager r=necko-reviewers,valentin, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D221350 - - - - - 5ad1eeda by Valentin Gosu at 2024-10-24T17:12:06+02:00 Bug 1914521 - Make nsPartChannel inherit the content disposition of the multipart response a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D223728 Differential Revision: https://phabricator.services.mozilla.com/D224288 - - - - - 79901fa5 by Andrew McCreight at 2024-10-24T17:12:08+02:00 Bug 1919809 - Always clear mArgumentStorage in Console's Unlink. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D222803 Differential Revision: https://phabricator.services.mozilla.com/D224384 - - - - - a689cf5a by Paul Zuehlcke at 2024-10-24T17:12:09+02:00 Bug 1920423, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D224349 - - - - - 1d53f0f1 by Andrew McCreight at 2024-10-24T17:12:11+02:00 Bug 1923706 - Pass by value, not reference in CamerasChild::AllocateCapture. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D225121 Differential Revision: https://phabricator.services.mozilla.com/D225363 - - - - - 36a1ad53 by Kagami Sascha Rosylight at 2024-10-24T17:12:12+02:00 Bug 1924154 - Disallow too small record a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D225687 Differential Revision: https://phabricator.services.mozilla.com/D226147 - - - - - 8 changed files: - dom/console/Console.cpp - dom/media/systemservices/CamerasChild.cpp - dom/push/PushCrypto.sys.mjs - netwerk/cache2/CacheFileIOManager.cpp - netwerk/streamconv/converters/nsMultiMixedConv.cpp - netwerk/streamconv/converters/nsMultiMixedConv.h - toolkit/content/widgets/popupnotification.js - toolkit/themes/shared/popupnotification.css Changes: ===================================== dom/console/Console.cpp ===================================== @@ -802,6 +802,7 @@ NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(Console) NS_IMPL_CYCLE_COLLECTION_UNLINK(mDumpFunction) NS_IMPL_CYCLE_COLLECTION_UNLINK_WEAK_REFERENCE tmp->Shutdown(); + tmp->mArgumentStorage.clearAndFree(); NS_IMPL_CYCLE_COLLECTION_UNLINK_END NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(Console) ===================================== dom/media/systemservices/CamerasChild.cpp ===================================== @@ -331,7 +331,7 @@ int CamerasChild::AllocateCapture(CaptureEngine aCapEngine, LOG(("%s", __PRETTY_FUNCTION__)); nsCString unique_id(unique_idUTF8); nsCOMPtr<nsIRunnable> runnable = - mozilla::NewRunnableMethod<CaptureEngine, nsCString, const uint64_t&>( + mozilla::NewRunnableMethod<CaptureEngine, nsCString, uint64_t>( "camera::PCamerasChild::SendAllocateCapture", this, &CamerasChild::SendAllocateCapture, aCapEngine, unique_id, aWindowID); LockAndDispatch<> dispatcher(this, __func__, runnable, -1, mReplyInteger); ===================================== dom/push/PushCrypto.sys.mjs ===================================== @@ -108,6 +108,8 @@ function getEncryptionParams(encryptField) { // aes128gcm scheme. function getCryptoParamsFromPayload(payload) { if (payload.byteLength < 21) { + // The value 21 is from https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 + // | salt (16) | rs (4) | idlen (1) | keyid (idlen) | throw new CryptoError("Truncated header", BAD_CRYPTO); } let rs = @@ -115,8 +117,16 @@ function getCryptoParamsFromPayload(payload) { (payload[17] << 16) | (payload[18] << 8) | payload[19]; + if (rs < 18) { + // https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 + throw new CryptoError( + "Record sizes smaller than 18 are invalid", + BAD_RS_PARAM + ); + } let keyIdLen = payload[20]; if (keyIdLen != 65) { + // https://datatracker.ietf.org/doc/html/rfc8291/#section-4 throw new CryptoError("Invalid sender public key", BAD_DH_PARAM); } if (payload.byteLength <= 21 + keyIdLen) { @@ -171,8 +181,12 @@ export function getCryptoParamsFromHeaders(headers) { throw new CryptoError("Invalid salt parameter", BAD_SALT_PARAM); } var rs = enc.rs ? parseInt(enc.rs, 10) : 4096; - if (isNaN(rs)) { - throw new CryptoError("rs parameter must be a number", BAD_RS_PARAM); + if (isNaN(rs) || rs < 1 || rs > 68719476705) { + // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-encryption-encodin… + throw new CryptoError( + "rs parameter must be a number greater than 1 and smaller than 2^36-31", + BAD_RS_PARAM + ); } return { salt, @@ -791,6 +805,7 @@ class aes128gcmEncoder { // Perform the actual encryption of the payload. async encrypt(key, nonce) { if (this.rs < 18) { + // https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 throw new CryptoError("recordsize is too small", BAD_RS_PARAM); } @@ -869,6 +884,7 @@ class aes128gcmEncoder { createHeader(key) { // layout is "salt|32-bit-int|8-bit-int|key" if (key.byteLength != 65) { + // https://datatracker.ietf.org/doc/html/rfc8291/#section-4 throw new CryptoError("Invalid key length for header", BAD_DH_PARAM); } // the 2 ints ===================================== netwerk/cache2/CacheFileIOManager.cpp ===================================== @@ -4359,13 +4359,15 @@ class SizeOfHandlesRunnable : public Runnable { public: SizeOfHandlesRunnable(mozilla::MallocSizeOf mallocSizeOf, CacheFileHandles const& handles, - nsTArray<CacheFileHandle*> const& specialHandles) + nsTArray<CacheFileHandle*> const& specialHandles, + nsCOMPtr<nsITimer> const& metadataWritesTimer) : Runnable("net::SizeOfHandlesRunnable"), mMonitor("SizeOfHandlesRunnable.mMonitor"), mMonitorNotified(false), mMallocSizeOf(mallocSizeOf), mHandles(handles), mSpecialHandles(specialHandles), + mMetadataWritesTimer(metadataWritesTimer), mSize(0) {} size_t Get(CacheIOThread* thread) { @@ -4397,6 +4399,10 @@ class SizeOfHandlesRunnable : public Runnable { for (uint32_t i = 0; i < mSpecialHandles.Length(); ++i) { mSize += mSpecialHandles[i]->SizeOfIncludingThis(mMallocSizeOf); } + nsCOMPtr<nsISizeOf> sizeOf = do_QueryInterface(mMetadataWritesTimer); + if (sizeOf) { + mSize += sizeOf->SizeOfIncludingThis(mMallocSizeOf); + } mMonitorNotified = true; mon.Notify(); @@ -4404,11 +4410,12 @@ class SizeOfHandlesRunnable : public Runnable { } private: - mozilla::Monitor mMonitor MOZ_UNANNOTATED; + mozilla::Monitor mMonitor; bool mMonitorNotified; mozilla::MallocSizeOf mMallocSizeOf; CacheFileHandles const& mHandles; nsTArray<CacheFileHandle*> const& mSpecialHandles; + nsCOMPtr<nsITimer> const& mMetadataWritesTimer; size_t mSize; }; @@ -4422,10 +4429,11 @@ size_t CacheFileIOManager::SizeOfExcludingThisInternal( if (mIOThread) { n += mIOThread->SizeOfIncludingThis(mallocSizeOf); - // mHandles and mSpecialHandles must be accessed only on the I/O thread, - // must sync dispatch. + // mHandles, mSpecialHandles and mMetadataWritesTimer must be accessed + // only on the I/O thread, must sync dispatch. RefPtr<SizeOfHandlesRunnable> sizeOfHandlesRunnable = - new SizeOfHandlesRunnable(mallocSizeOf, mHandles, mSpecialHandles); + new SizeOfHandlesRunnable(mallocSizeOf, mHandles, mSpecialHandles, + mMetadataWritesTimer); n += sizeOfHandlesRunnable->Get(mIOThread); } @@ -4434,9 +4442,6 @@ size_t CacheFileIOManager::SizeOfExcludingThisInternal( sizeOf = do_QueryInterface(mCacheDirectory); if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); - sizeOf = do_QueryInterface(mMetadataWritesTimer); - if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); - sizeOf = do_QueryInterface(mTrashTimer); if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); ===================================== netwerk/streamconv/converters/nsMultiMixedConv.cpp ===================================== @@ -467,6 +467,12 @@ nsMultiMixedConv::OnStartRequest(nsIRequest* request) { if (NS_SUCCEEDED(rv)) { mRootContentSecurityPolicy = csp; } + nsCString contentDisposition; + rv = httpChannel->GetResponseHeader("content-disposition"_ns, + contentDisposition); + if (NS_SUCCEEDED(rv)) { + mRootContentDisposition = contentDisposition; + } } else { // try asking the channel directly rv = mChannel->GetContentType(contentType); @@ -837,7 +843,11 @@ nsresult nsMultiMixedConv::SendStart() { rv = mPartChannel->SetContentLength(mContentLength); if (NS_FAILED(rv)) return rv; - mPartChannel->SetContentDisposition(mContentDisposition); + if (!mRootContentDisposition.IsEmpty()) { + mPartChannel->SetContentDisposition(mRootContentDisposition); + } else { + mPartChannel->SetContentDisposition(mContentDisposition); + } // Each part of a multipart/replace response can be used // for the top level document. We must inform upper layers ===================================== netwerk/streamconv/converters/nsMultiMixedConv.h ===================================== @@ -150,15 +150,17 @@ class nsMultiMixedConv : public nsIStreamConverter { nsCOMPtr<nsIStreamListener> mFinalListener; // this guy gets the converted // data via his OnDataAvailable() - nsCOMPtr<nsIChannel> - mChannel; // The channel as we get in in OnStartRequest call - RefPtr<nsPartChannel> mPartChannel; // the channel for the given part we're - // processing. one channel per part. + // The channel as we get it in OnStartRequest call + nsCOMPtr<nsIChannel> mChannel; + // the channel for the given part we're + // processing. one channel per part. + RefPtr<nsPartChannel> mPartChannel; nsCOMPtr<nsISupports> mContext; nsCString mContentType; nsCString mContentDisposition; nsCString mContentSecurityPolicy; nsCString mRootContentSecurityPolicy; + nsCString mRootContentDisposition; uint64_t mContentLength{UINT64_MAX}; uint64_t mTotalSent{0}; ===================================== toolkit/content/widgets/popupnotification.js ===================================== @@ -15,7 +15,7 @@ ".popup-notification-description": "popupid,id=descriptionid", ".popup-notification-description > span:first-of-type": "text=label,popupid", - ".popup-notification-description > b:first-of-type": + ".popup-notification-description > .popup-notification-description-name": "text=name,popupid", ".popup-notification-description > span:nth-of-type(2)": "text=endlabel,popupid", @@ -82,7 +82,7 @@  - <description class="popup-notification-description"><html:span></html:span><html:b></html:b><html:span></html:span><html:b></html:b><html:span></html:span></description> + <description class="popup-notification-description"><html:span></html:span><html:b class="popup-notification-description-name"></html:b><html:span></html:span><html:b></html:b><html:span></html:span></description> <description class="popup-notification-hint-text"></description> </vbox> <toolbarbutton class="messageCloseButton close-icon popup-notification-closebutton tabbable" data-l10n-id="close-notification-message"></toolbarbutton> ===================================== toolkit/themes/shared/popupnotification.css ===================================== @@ -52,6 +52,16 @@ popupnotificationcontent { flex: 1 auto; } +/* + * Ensure that host names in PopupNotifications wrap. This targets the "name" + * element in the description container which is the "name" property of the + * PopupNotification. Name is what gets substituted from the l10n string using + * the placeholder <>. + */ +.popup-notification-description-name { + word-break: break-all; +} + .popup-notification-closebutton { margin-inline-end: -8px; margin-top: -8px; View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/a4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/a4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-115.17.0esr-13.5-1-build2
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed new tag base-browser-115.17.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.17.0esr-13.5-1] 6 commits: Bug 1829029: clean up memory reporting for CacheFileIOManager r=necko-reviewers, valentin, a=RyanVM
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed to branch base-browser-115.17.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 7d7421a9 by Randell Jesup at 2024-10-24T17:07:18+02:00 Bug 1829029: clean up memory reporting for CacheFileIOManager r=necko-reviewers,valentin, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D221350 - - - - - 486009a3 by Valentin Gosu at 2024-10-24T17:07:19+02:00 Bug 1914521 - Make nsPartChannel inherit the content disposition of the multipart response a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D223728 Differential Revision: https://phabricator.services.mozilla.com/D224288 - - - - - de348d2b by Andrew McCreight at 2024-10-24T17:07:21+02:00 Bug 1919809 - Always clear mArgumentStorage in Console's Unlink. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D222803 Differential Revision: https://phabricator.services.mozilla.com/D224384 - - - - - 72a03207 by Paul Zuehlcke at 2024-10-24T17:07:22+02:00 Bug 1920423, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D224349 - - - - - 5efccb49 by Andrew McCreight at 2024-10-24T17:07:23+02:00 Bug 1923706 - Pass by value, not reference in CamerasChild::AllocateCapture. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D225121 Differential Revision: https://phabricator.services.mozilla.com/D225363 - - - - - 4204d1a8 by Kagami Sascha Rosylight at 2024-10-24T17:07:25+02:00 Bug 1924154 - Disallow too small record a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D225687 Differential Revision: https://phabricator.services.mozilla.com/D226147 - - - - - 8 changed files: - dom/console/Console.cpp - dom/media/systemservices/CamerasChild.cpp - dom/push/PushCrypto.sys.mjs - netwerk/cache2/CacheFileIOManager.cpp - netwerk/streamconv/converters/nsMultiMixedConv.cpp - netwerk/streamconv/converters/nsMultiMixedConv.h - toolkit/content/widgets/popupnotification.js - toolkit/themes/shared/popupnotification.css Changes: ===================================== dom/console/Console.cpp ===================================== @@ -802,6 +802,7 @@ NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(Console) NS_IMPL_CYCLE_COLLECTION_UNLINK(mDumpFunction) NS_IMPL_CYCLE_COLLECTION_UNLINK_WEAK_REFERENCE tmp->Shutdown(); + tmp->mArgumentStorage.clearAndFree(); NS_IMPL_CYCLE_COLLECTION_UNLINK_END NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(Console) ===================================== dom/media/systemservices/CamerasChild.cpp ===================================== @@ -331,7 +331,7 @@ int CamerasChild::AllocateCapture(CaptureEngine aCapEngine, LOG(("%s", __PRETTY_FUNCTION__)); nsCString unique_id(unique_idUTF8); nsCOMPtr<nsIRunnable> runnable = - mozilla::NewRunnableMethod<CaptureEngine, nsCString, const uint64_t&>( + mozilla::NewRunnableMethod<CaptureEngine, nsCString, uint64_t>( "camera::PCamerasChild::SendAllocateCapture", this, &CamerasChild::SendAllocateCapture, aCapEngine, unique_id, aWindowID); LockAndDispatch<> dispatcher(this, __func__, runnable, -1, mReplyInteger); ===================================== dom/push/PushCrypto.sys.mjs ===================================== @@ -108,6 +108,8 @@ function getEncryptionParams(encryptField) { // aes128gcm scheme. function getCryptoParamsFromPayload(payload) { if (payload.byteLength < 21) { + // The value 21 is from https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 + // | salt (16) | rs (4) | idlen (1) | keyid (idlen) | throw new CryptoError("Truncated header", BAD_CRYPTO); } let rs = @@ -115,8 +117,16 @@ function getCryptoParamsFromPayload(payload) { (payload[17] << 16) | (payload[18] << 8) | payload[19]; + if (rs < 18) { + // https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 + throw new CryptoError( + "Record sizes smaller than 18 are invalid", + BAD_RS_PARAM + ); + } let keyIdLen = payload[20]; if (keyIdLen != 65) { + // https://datatracker.ietf.org/doc/html/rfc8291/#section-4 throw new CryptoError("Invalid sender public key", BAD_DH_PARAM); } if (payload.byteLength <= 21 + keyIdLen) { @@ -171,8 +181,12 @@ export function getCryptoParamsFromHeaders(headers) { throw new CryptoError("Invalid salt parameter", BAD_SALT_PARAM); } var rs = enc.rs ? parseInt(enc.rs, 10) : 4096; - if (isNaN(rs)) { - throw new CryptoError("rs parameter must be a number", BAD_RS_PARAM); + if (isNaN(rs) || rs < 1 || rs > 68719476705) { + // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-encryption-encodin… + throw new CryptoError( + "rs parameter must be a number greater than 1 and smaller than 2^36-31", + BAD_RS_PARAM + ); } return { salt, @@ -791,6 +805,7 @@ class aes128gcmEncoder { // Perform the actual encryption of the payload. async encrypt(key, nonce) { if (this.rs < 18) { + // https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 throw new CryptoError("recordsize is too small", BAD_RS_PARAM); } @@ -869,6 +884,7 @@ class aes128gcmEncoder { createHeader(key) { // layout is "salt|32-bit-int|8-bit-int|key" if (key.byteLength != 65) { + // https://datatracker.ietf.org/doc/html/rfc8291/#section-4 throw new CryptoError("Invalid key length for header", BAD_DH_PARAM); } // the 2 ints ===================================== netwerk/cache2/CacheFileIOManager.cpp ===================================== @@ -4359,13 +4359,15 @@ class SizeOfHandlesRunnable : public Runnable { public: SizeOfHandlesRunnable(mozilla::MallocSizeOf mallocSizeOf, CacheFileHandles const& handles, - nsTArray<CacheFileHandle*> const& specialHandles) + nsTArray<CacheFileHandle*> const& specialHandles, + nsCOMPtr<nsITimer> const& metadataWritesTimer) : Runnable("net::SizeOfHandlesRunnable"), mMonitor("SizeOfHandlesRunnable.mMonitor"), mMonitorNotified(false), mMallocSizeOf(mallocSizeOf), mHandles(handles), mSpecialHandles(specialHandles), + mMetadataWritesTimer(metadataWritesTimer), mSize(0) {} size_t Get(CacheIOThread* thread) { @@ -4397,6 +4399,10 @@ class SizeOfHandlesRunnable : public Runnable { for (uint32_t i = 0; i < mSpecialHandles.Length(); ++i) { mSize += mSpecialHandles[i]->SizeOfIncludingThis(mMallocSizeOf); } + nsCOMPtr<nsISizeOf> sizeOf = do_QueryInterface(mMetadataWritesTimer); + if (sizeOf) { + mSize += sizeOf->SizeOfIncludingThis(mMallocSizeOf); + } mMonitorNotified = true; mon.Notify(); @@ -4404,11 +4410,12 @@ class SizeOfHandlesRunnable : public Runnable { } private: - mozilla::Monitor mMonitor MOZ_UNANNOTATED; + mozilla::Monitor mMonitor; bool mMonitorNotified; mozilla::MallocSizeOf mMallocSizeOf; CacheFileHandles const& mHandles; nsTArray<CacheFileHandle*> const& mSpecialHandles; + nsCOMPtr<nsITimer> const& mMetadataWritesTimer; size_t mSize; }; @@ -4422,10 +4429,11 @@ size_t CacheFileIOManager::SizeOfExcludingThisInternal( if (mIOThread) { n += mIOThread->SizeOfIncludingThis(mallocSizeOf); - // mHandles and mSpecialHandles must be accessed only on the I/O thread, - // must sync dispatch. + // mHandles, mSpecialHandles and mMetadataWritesTimer must be accessed + // only on the I/O thread, must sync dispatch. RefPtr<SizeOfHandlesRunnable> sizeOfHandlesRunnable = - new SizeOfHandlesRunnable(mallocSizeOf, mHandles, mSpecialHandles); + new SizeOfHandlesRunnable(mallocSizeOf, mHandles, mSpecialHandles, + mMetadataWritesTimer); n += sizeOfHandlesRunnable->Get(mIOThread); } @@ -4434,9 +4442,6 @@ size_t CacheFileIOManager::SizeOfExcludingThisInternal( sizeOf = do_QueryInterface(mCacheDirectory); if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); - sizeOf = do_QueryInterface(mMetadataWritesTimer); - if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); - sizeOf = do_QueryInterface(mTrashTimer); if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); ===================================== netwerk/streamconv/converters/nsMultiMixedConv.cpp ===================================== @@ -467,6 +467,12 @@ nsMultiMixedConv::OnStartRequest(nsIRequest* request) { if (NS_SUCCEEDED(rv)) { mRootContentSecurityPolicy = csp; } + nsCString contentDisposition; + rv = httpChannel->GetResponseHeader("content-disposition"_ns, + contentDisposition); + if (NS_SUCCEEDED(rv)) { + mRootContentDisposition = contentDisposition; + } } else { // try asking the channel directly rv = mChannel->GetContentType(contentType); @@ -837,7 +843,11 @@ nsresult nsMultiMixedConv::SendStart() { rv = mPartChannel->SetContentLength(mContentLength); if (NS_FAILED(rv)) return rv; - mPartChannel->SetContentDisposition(mContentDisposition); + if (!mRootContentDisposition.IsEmpty()) { + mPartChannel->SetContentDisposition(mRootContentDisposition); + } else { + mPartChannel->SetContentDisposition(mContentDisposition); + } // Each part of a multipart/replace response can be used // for the top level document. We must inform upper layers ===================================== netwerk/streamconv/converters/nsMultiMixedConv.h ===================================== @@ -150,15 +150,17 @@ class nsMultiMixedConv : public nsIStreamConverter { nsCOMPtr<nsIStreamListener> mFinalListener; // this guy gets the converted // data via his OnDataAvailable() - nsCOMPtr<nsIChannel> - mChannel; // The channel as we get in in OnStartRequest call - RefPtr<nsPartChannel> mPartChannel; // the channel for the given part we're - // processing. one channel per part. + // The channel as we get it in OnStartRequest call + nsCOMPtr<nsIChannel> mChannel; + // the channel for the given part we're + // processing. one channel per part. + RefPtr<nsPartChannel> mPartChannel; nsCOMPtr<nsISupports> mContext; nsCString mContentType; nsCString mContentDisposition; nsCString mContentSecurityPolicy; nsCString mRootContentSecurityPolicy; + nsCString mRootContentDisposition; uint64_t mContentLength{UINT64_MAX}; uint64_t mTotalSent{0}; ===================================== toolkit/content/widgets/popupnotification.js ===================================== @@ -15,7 +15,7 @@ ".popup-notification-description": "popupid,id=descriptionid", ".popup-notification-description > span:first-of-type": "text=label,popupid", - ".popup-notification-description > b:first-of-type": + ".popup-notification-description > .popup-notification-description-name": "text=name,popupid", ".popup-notification-description > span:nth-of-type(2)": "text=endlabel,popupid", @@ -82,7 +82,7 @@  - <description class="popup-notification-description"><html:span></html:span><html:b></html:b><html:span></html:span><html:b></html:b><html:span></html:span></description> + <description class="popup-notification-description"><html:span></html:span><html:b class="popup-notification-description-name"></html:b><html:span></html:span><html:b></html:b><html:span></html:span></description> <description class="popup-notification-hint-text"></description> </vbox> <toolbarbutton class="messageCloseButton close-icon popup-notification-closebutton tabbable" data-l10n-id="close-notification-message"></toolbarbutton> ===================================== toolkit/themes/shared/popupnotification.css ===================================== @@ -52,6 +52,16 @@ popupnotificationcontent { flex: 1 auto; } +/* + * Ensure that host names in PopupNotifications wrap. This targets the "name" + * element in the description container which is the "name" property of the + * PopupNotification. Name is what gets substituted from the l10n string using + * the placeholder <>. + */ +.popup-notification-description-name { + word-break: break-all; +} + .popup-notification-closebutton { margin-inline-end: -8px; margin-top: -8px; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c07f30… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c07f30… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.17.0esr-13.5-1-build2
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed new tag tor-browser-115.17.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.17.0esr-13.5-1] 6 commits: Bug 1829029: clean up memory reporting for CacheFileIOManager r=necko-reviewers, valentin, a=RyanVM
by ma1 (＠ma1) 24 Oct '24

24 Oct '24

ma1 pushed to branch tor-browser-115.17.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 0090727a by Randell Jesup at 2024-10-23T16:34:13+02:00 Bug 1829029: clean up memory reporting for CacheFileIOManager r=necko-reviewers,valentin, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D221350 - - - - - 883dd4a0 by Valentin Gosu at 2024-10-23T22:54:40+02:00 Bug 1914521 - Make nsPartChannel inherit the content disposition of the multipart response a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D223728 Differential Revision: https://phabricator.services.mozilla.com/D224288 - - - - - 857b9ac0 by Andrew McCreight at 2024-10-23T23:17:44+02:00 Bug 1919809 - Always clear mArgumentStorage in Console's Unlink. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D222803 Differential Revision: https://phabricator.services.mozilla.com/D224384 - - - - - 52815ac6 by Paul Zuehlcke at 2024-10-23T23:42:13+02:00 Bug 1920423, a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D224349 - - - - - 011ad74a by Andrew McCreight at 2024-10-24T15:07:56+02:00 Bug 1923706 - Pass by value, not reference in CamerasChild::AllocateCapture. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D225121 Differential Revision: https://phabricator.services.mozilla.com/D225363 - - - - - 8e9e58fe by Kagami Sascha Rosylight at 2024-10-24T15:11:06+02:00 Bug 1924154 - Disallow too small record a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D225687 Differential Revision: https://phabricator.services.mozilla.com/D226147 - - - - - 8 changed files: - dom/console/Console.cpp - dom/media/systemservices/CamerasChild.cpp - dom/push/PushCrypto.sys.mjs - netwerk/cache2/CacheFileIOManager.cpp - netwerk/streamconv/converters/nsMultiMixedConv.cpp - netwerk/streamconv/converters/nsMultiMixedConv.h - toolkit/content/widgets/popupnotification.js - toolkit/themes/shared/popupnotification.css Changes: ===================================== dom/console/Console.cpp ===================================== @@ -802,6 +802,7 @@ NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(Console) NS_IMPL_CYCLE_COLLECTION_UNLINK(mDumpFunction) NS_IMPL_CYCLE_COLLECTION_UNLINK_WEAK_REFERENCE tmp->Shutdown(); + tmp->mArgumentStorage.clearAndFree(); NS_IMPL_CYCLE_COLLECTION_UNLINK_END NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(Console) ===================================== dom/media/systemservices/CamerasChild.cpp ===================================== @@ -331,7 +331,7 @@ int CamerasChild::AllocateCapture(CaptureEngine aCapEngine, LOG(("%s", __PRETTY_FUNCTION__)); nsCString unique_id(unique_idUTF8); nsCOMPtr<nsIRunnable> runnable = - mozilla::NewRunnableMethod<CaptureEngine, nsCString, const uint64_t&>( + mozilla::NewRunnableMethod<CaptureEngine, nsCString, uint64_t>( "camera::PCamerasChild::SendAllocateCapture", this, &CamerasChild::SendAllocateCapture, aCapEngine, unique_id, aWindowID); LockAndDispatch<> dispatcher(this, __func__, runnable, -1, mReplyInteger); ===================================== dom/push/PushCrypto.sys.mjs ===================================== @@ -108,6 +108,8 @@ function getEncryptionParams(encryptField) { // aes128gcm scheme. function getCryptoParamsFromPayload(payload) { if (payload.byteLength < 21) { + // The value 21 is from https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 + // | salt (16) | rs (4) | idlen (1) | keyid (idlen) | throw new CryptoError("Truncated header", BAD_CRYPTO); } let rs = @@ -115,8 +117,16 @@ function getCryptoParamsFromPayload(payload) { (payload[17] << 16) | (payload[18] << 8) | payload[19]; + if (rs < 18) { + // https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 + throw new CryptoError( + "Record sizes smaller than 18 are invalid", + BAD_RS_PARAM + ); + } let keyIdLen = payload[20]; if (keyIdLen != 65) { + // https://datatracker.ietf.org/doc/html/rfc8291/#section-4 throw new CryptoError("Invalid sender public key", BAD_DH_PARAM); } if (payload.byteLength <= 21 + keyIdLen) { @@ -171,8 +181,12 @@ export function getCryptoParamsFromHeaders(headers) { throw new CryptoError("Invalid salt parameter", BAD_SALT_PARAM); } var rs = enc.rs ? parseInt(enc.rs, 10) : 4096; - if (isNaN(rs)) { - throw new CryptoError("rs parameter must be a number", BAD_RS_PARAM); + if (isNaN(rs) || rs < 1 || rs > 68719476705) { + // https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-encryption-encodin… + throw new CryptoError( + "rs parameter must be a number greater than 1 and smaller than 2^36-31", + BAD_RS_PARAM + ); } return { salt, @@ -791,6 +805,7 @@ class aes128gcmEncoder { // Perform the actual encryption of the payload. async encrypt(key, nonce) { if (this.rs < 18) { + // https://datatracker.ietf.org/doc/html/rfc8188#section-2.1 throw new CryptoError("recordsize is too small", BAD_RS_PARAM); } @@ -869,6 +884,7 @@ class aes128gcmEncoder { createHeader(key) { // layout is "salt|32-bit-int|8-bit-int|key" if (key.byteLength != 65) { + // https://datatracker.ietf.org/doc/html/rfc8291/#section-4 throw new CryptoError("Invalid key length for header", BAD_DH_PARAM); } // the 2 ints ===================================== netwerk/cache2/CacheFileIOManager.cpp ===================================== @@ -4359,13 +4359,15 @@ class SizeOfHandlesRunnable : public Runnable { public: SizeOfHandlesRunnable(mozilla::MallocSizeOf mallocSizeOf, CacheFileHandles const& handles, - nsTArray<CacheFileHandle*> const& specialHandles) + nsTArray<CacheFileHandle*> const& specialHandles, + nsCOMPtr<nsITimer> const& metadataWritesTimer) : Runnable("net::SizeOfHandlesRunnable"), mMonitor("SizeOfHandlesRunnable.mMonitor"), mMonitorNotified(false), mMallocSizeOf(mallocSizeOf), mHandles(handles), mSpecialHandles(specialHandles), + mMetadataWritesTimer(metadataWritesTimer), mSize(0) {} size_t Get(CacheIOThread* thread) { @@ -4397,6 +4399,10 @@ class SizeOfHandlesRunnable : public Runnable { for (uint32_t i = 0; i < mSpecialHandles.Length(); ++i) { mSize += mSpecialHandles[i]->SizeOfIncludingThis(mMallocSizeOf); } + nsCOMPtr<nsISizeOf> sizeOf = do_QueryInterface(mMetadataWritesTimer); + if (sizeOf) { + mSize += sizeOf->SizeOfIncludingThis(mMallocSizeOf); + } mMonitorNotified = true; mon.Notify(); @@ -4404,11 +4410,12 @@ class SizeOfHandlesRunnable : public Runnable { } private: - mozilla::Monitor mMonitor MOZ_UNANNOTATED; + mozilla::Monitor mMonitor; bool mMonitorNotified; mozilla::MallocSizeOf mMallocSizeOf; CacheFileHandles const& mHandles; nsTArray<CacheFileHandle*> const& mSpecialHandles; + nsCOMPtr<nsITimer> const& mMetadataWritesTimer; size_t mSize; }; @@ -4422,10 +4429,11 @@ size_t CacheFileIOManager::SizeOfExcludingThisInternal( if (mIOThread) { n += mIOThread->SizeOfIncludingThis(mallocSizeOf); - // mHandles and mSpecialHandles must be accessed only on the I/O thread, - // must sync dispatch. + // mHandles, mSpecialHandles and mMetadataWritesTimer must be accessed + // only on the I/O thread, must sync dispatch. RefPtr<SizeOfHandlesRunnable> sizeOfHandlesRunnable = - new SizeOfHandlesRunnable(mallocSizeOf, mHandles, mSpecialHandles); + new SizeOfHandlesRunnable(mallocSizeOf, mHandles, mSpecialHandles, + mMetadataWritesTimer); n += sizeOfHandlesRunnable->Get(mIOThread); } @@ -4434,9 +4442,6 @@ size_t CacheFileIOManager::SizeOfExcludingThisInternal( sizeOf = do_QueryInterface(mCacheDirectory); if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); - sizeOf = do_QueryInterface(mMetadataWritesTimer); - if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); - sizeOf = do_QueryInterface(mTrashTimer); if (sizeOf) n += sizeOf->SizeOfIncludingThis(mallocSizeOf); ===================================== netwerk/streamconv/converters/nsMultiMixedConv.cpp ===================================== @@ -467,6 +467,12 @@ nsMultiMixedConv::OnStartRequest(nsIRequest* request) { if (NS_SUCCEEDED(rv)) { mRootContentSecurityPolicy = csp; } + nsCString contentDisposition; + rv = httpChannel->GetResponseHeader("content-disposition"_ns, + contentDisposition); + if (NS_SUCCEEDED(rv)) { + mRootContentDisposition = contentDisposition; + } } else { // try asking the channel directly rv = mChannel->GetContentType(contentType); @@ -837,7 +843,11 @@ nsresult nsMultiMixedConv::SendStart() { rv = mPartChannel->SetContentLength(mContentLength); if (NS_FAILED(rv)) return rv; - mPartChannel->SetContentDisposition(mContentDisposition); + if (!mRootContentDisposition.IsEmpty()) { + mPartChannel->SetContentDisposition(mRootContentDisposition); + } else { + mPartChannel->SetContentDisposition(mContentDisposition); + } // Each part of a multipart/replace response can be used // for the top level document. We must inform upper layers ===================================== netwerk/streamconv/converters/nsMultiMixedConv.h ===================================== @@ -150,15 +150,17 @@ class nsMultiMixedConv : public nsIStreamConverter { nsCOMPtr<nsIStreamListener> mFinalListener; // this guy gets the converted // data via his OnDataAvailable() - nsCOMPtr<nsIChannel> - mChannel; // The channel as we get in in OnStartRequest call - RefPtr<nsPartChannel> mPartChannel; // the channel for the given part we're - // processing. one channel per part. + // The channel as we get it in OnStartRequest call + nsCOMPtr<nsIChannel> mChannel; + // the channel for the given part we're + // processing. one channel per part. + RefPtr<nsPartChannel> mPartChannel; nsCOMPtr<nsISupports> mContext; nsCString mContentType; nsCString mContentDisposition; nsCString mContentSecurityPolicy; nsCString mRootContentSecurityPolicy; + nsCString mRootContentDisposition; uint64_t mContentLength{UINT64_MAX}; uint64_t mTotalSent{0}; ===================================== toolkit/content/widgets/popupnotification.js ===================================== @@ -15,7 +15,7 @@ ".popup-notification-description": "popupid,id=descriptionid", ".popup-notification-description > span:first-of-type": "text=label,popupid", - ".popup-notification-description > b:first-of-type": + ".popup-notification-description > .popup-notification-description-name": "text=name,popupid", ".popup-notification-description > span:nth-of-type(2)": "text=endlabel,popupid", @@ -82,7 +82,7 @@  - <description class="popup-notification-description"><html:span></html:span><html:b></html:b><html:span></html:span><html:b></html:b><html:span></html:span></description> + <description class="popup-notification-description"><html:span></html:span><html:b class="popup-notification-description-name"></html:b><html:span></html:span><html:b></html:b><html:span></html:span></description> <description class="popup-notification-hint-text"></description> </vbox> <toolbarbutton class="messageCloseButton close-icon popup-notification-closebutton tabbable" data-l10n-id="close-notification-message"></toolbarbutton> ===================================== toolkit/themes/shared/popupnotification.css ===================================== @@ -52,6 +52,16 @@ popupnotificationcontent { flex: 1 auto; } +/* + * Ensure that host names in PopupNotifications wrap. This targets the "name" + * element in the description container which is the "name" property of the + * PopupNotification. Name is what gets substituted from the l10n string using + * the placeholder <>. + */ +.popup-notification-description-name { + word-break: break-all; +} + .popup-notification-closebutton { margin-inline-end: -8px; margin-top: -8px; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/18d48e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/18d48e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41269: Remove Snowflake pluggable-transport from legacy Windows builds
by morgan (＠morgan) 23 Oct '24

23 Oct '24

morgan pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 88c9740a by Morgan at 2024-10-23T20:20:07+00:00 Bug 41269: Remove Snowflake pluggable-transport from legacy Windows builds - - - - - 3 changed files: - projects/go/config - projects/tor-expert-bundle/build - projects/tor-expert-bundle/config Changes: ===================================== projects/go/config ===================================== @@ -77,7 +77,7 @@ targets: windows: var: GOOS: windows - use_go_1_20: '[% c("origin_project") != "snowflake" %]' + use_go_1_20: 1 windows-i686: var: GOARCH: 386 ===================================== projects/tor-expert-bundle/build ===================================== @@ -14,12 +14,21 @@ cd tor mkdir pluggable_transports && cd pluggable_transports tar -xkf $rootdir/[% c('input_files_by_name/lyrebird') %] +# do not include snowflake-client on Windows targets +[% IF !c("var/windows") -%] tar -xkf $rootdir/[% c('input_files_by_name/snowflake') %] +[% END %] tar -xkf $rootdir/[% c('input_files_by_name/conjure') %] # add per-platform pt extension awk '{gsub(/\$\{pt_extension\}/, "[% c("var/pt_extension") %]"); print}' $rootdir/pt_config.json > pt_config.json +# remove snowflake entires on Windows targets +[% IF c("var/windows") -%] +# remove snowflake pt and bridge entries +jq 'del(.pluggableTransports.snowflake, .bridges.snowflake)' pt_config.json > tmp.pt_config.json && mv tmp.pt_config.json pt_config.json +[% END %] + cd $distdir # package a .aar on android ===================================== projects/tor-expert-bundle/config ===================================== @@ -5,6 +5,10 @@ version: '[% c("var/torbrowser_version") %]' container: use_container: 1 +var: + deps: + - jq + targets: windows: var: @@ -18,6 +22,7 @@ input_files: project: lyrebird - name: snowflake project: snowflake + enable: '[% !c("var/windows") %]' - name: conjure project: conjure - filename: pt_config.json View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Deleted 1 commit: Bug 41279: Add @pierov and @ma1 as new signers
by morgan (＠morgan) 23 Oct '24

23 Oct '24

morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build WARNING: The push did not contain any new commits, but force pushed to delete the commits and changes below. Deleted commits: b6740750 by Nicolas Vigier at 2024-10-23T19:58:28+00:00 Bug 41279: Add @pierov and @ma1 as new signers - - - - - 3 changed files: - tools/signing/machines-setup/setup-signing-machine - + tools/signing/machines-setup/ssh-keys/ma1.pub - + tools/signing/machines-setup/ssh-keys/pierov.pub Changes: ===================================== tools/signing/machines-setup/setup-signing-machine ===================================== @@ -99,6 +99,10 @@ create_user richard signing authorized_keys richard richard.pub create_user morgan signing authorized_keys morgan morgan.pub +create_user ma1 signing +authorized_keys ma1 ma1.pub +create_user pierov signing +authorized_keys pierov pierov.pub # Install rbm deps install_packages libyaml-libyaml-perl libtemplate-perl libdatetime-perl \ ===================================== tools/signing/machines-setup/ssh-keys/ma1.pub ===================================== @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRlfeUcrWLHKiUHkfNe6KKEjO2QY20bk4XDc+rng7ka ma1(a)ma1.maone.net ===================================== tools/signing/machines-setup/ssh-keys/pierov.pub ===================================== @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHitxPcIMVCEcie5XUtMuUQJZQ9fy8k7Z+1vEzBZ8CmF TKey View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41279: Add @pierov and @ma1 as new signers
by morgan (＠morgan) 23 Oct '24

23 Oct '24

morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: b6740750 by Nicolas Vigier at 2024-10-23T19:58:28+00:00 Bug 41279: Add @pierov and @ma1 as new signers - - - - - 3 changed files: - tools/signing/machines-setup/setup-signing-machine - + tools/signing/machines-setup/ssh-keys/ma1.pub - + tools/signing/machines-setup/ssh-keys/pierov.pub Changes: ===================================== tools/signing/machines-setup/setup-signing-machine ===================================== @@ -99,6 +99,10 @@ create_user richard signing authorized_keys richard richard.pub create_user morgan signing authorized_keys morgan morgan.pub +create_user ma1 signing +authorized_keys ma1 ma1.pub +create_user pierov signing +authorized_keys pierov pierov.pub # Install rbm deps install_packages libyaml-libyaml-perl libtemplate-perl libdatetime-perl \ ===================================== tools/signing/machines-setup/ssh-keys/ma1.pub ===================================== @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRlfeUcrWLHKiUHkfNe6KKEjO2QY20bk4XDc+rng7ka ma1(a)ma1.maone.net ===================================== tools/signing/machines-setup/ssh-keys/pierov.pub ===================================== @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHitxPcIMVCEcie5XUtMuUQJZQ9fy8k7Z+1vEzBZ8CmF TKey View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41279: Add @pierov and @ma1 as new signers
by morgan (＠morgan) 23 Oct '24

23 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: a12487a8 by Nicolas Vigier at 2024-10-22T16:35:47+02:00 Bug 41279: Add @pierov and @ma1 as new signers - - - - - 3 changed files: - tools/signing/machines-setup/setup-signing-machine - + tools/signing/machines-setup/ssh-keys/ma1.pub - + tools/signing/machines-setup/ssh-keys/pierov.pub Changes: ===================================== tools/signing/machines-setup/setup-signing-machine ===================================== @@ -99,6 +99,10 @@ create_user richard signing authorized_keys richard richard.pub create_user morgan signing authorized_keys morgan morgan.pub +create_user ma1 signing +authorized_keys ma1 ma1.pub +create_user pierov signing +authorized_keys pierov pierov.pub # Install rbm deps install_packages libyaml-libyaml-perl libtemplate-perl libdatetime-perl \ ===================================== tools/signing/machines-setup/ssh-keys/ma1.pub ===================================== @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGRlfeUcrWLHKiUHkfNe6KKEjO2QY20bk4XDc+rng7ka ma1(a)ma1.maone.net ===================================== tools/signing/machines-setup/ssh-keys/pierov.pub ===================================== @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHitxPcIMVCEcie5XUtMuUQJZQ9fy8k7Z+1vEzBZ8CmF TKey View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41278: Hide legacy 13.5 Tor Browser blog posts
by morgan (＠morgan) 23 Oct '24

23 Oct '24

morgan pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: dbde010e by Nicolas Vigier at 2024-10-22T16:08:00+02:00 Bug 41278: Hide legacy 13.5 Tor Browser blog posts - - - - - 1 changed file: - tools/signing/create-blog-post Changes: ===================================== tools/signing/create-blog-post ===================================== @@ -41,6 +41,8 @@ title: $title --- pub_date: $(date +%Y-%m-%d) --- +_discoverable: no +--- author: $blog_publish_user --- categories: View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.4.0esr-14.5-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 23 Oct '24

23 Oct '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser Commits: a9cb8355 by Pier Angelo Vendrame at 2024-10-23T17:58:05+02:00 fixup! Firefox preference overrides. Bug 42125: Set and lock privacy.resistFingerprinting.exemptedDomains. The rationale for locking this is consistency with RFP. Also, set privacy.resistFingerprinting.randomDataOnCanvasExtract as a countermesure to some wrong guides. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -385,10 +385,18 @@ pref("dom.push.serverURL", ""); // Fingerprinting // tor-browser#41797: For release builds, lock RFP +// tor-browser#42125: Set (and lock in release) also exempted domains. #if MOZ_UPDATE_CHANNEL == release pref("privacy.resistFingerprinting", true, locked); +pref("privacy.resistFingerprinting.exemptedDomains", "", locked); +// tor-browser#42125: Some misleading guides suggest to set this to false, but +// the result would be that the canvas is completely white +// (see StaticPrefList.yaml), so lock it to true. +// Might be removed (MozBug 1670447). +pref("privacy.resistFingerprinting.randomDataOnCanvasExtract", true, locked); #else pref("privacy.resistFingerprinting", true); +pref("privacy.resistFingerprinting.exemptedDomains", ""); #endif // tor-browser#18603: failIfMajorPerformanceCaveat is an optional attribute that // can be used when creating a WebGL context if the browser detects that the View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/a9c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/a9c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.4.0esr-14.5-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 23 Oct '24

23 Oct '24

Pier Angelo Vendrame pushed to branch base-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: ebaa959d by Pier Angelo Vendrame at 2024-10-23T17:57:26+02:00 fixup! Firefox preference overrides. Bug 42125: Set and lock privacy.resistFingerprinting.exemptedDomains. The rationale for locking this is consistency with RFP. Also, set privacy.resistFingerprinting.randomDataOnCanvasExtract as a countermesure to some wrong guides. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -385,10 +385,18 @@ pref("dom.push.serverURL", ""); // Fingerprinting // tor-browser#41797: For release builds, lock RFP +// tor-browser#42125: Set (and lock in release) also exempted domains. #if MOZ_UPDATE_CHANNEL == release pref("privacy.resistFingerprinting", true, locked); +pref("privacy.resistFingerprinting.exemptedDomains", "", locked); +// tor-browser#42125: Some misleading guides suggest to set this to false, but +// the result would be that the canvas is completely white +// (see StaticPrefList.yaml), so lock it to true. +// Might be removed (MozBug 1670447). +pref("privacy.resistFingerprinting.randomDataOnCanvasExtract", true, locked); #else pref("privacy.resistFingerprinting", true); +pref("privacy.resistFingerprinting.exemptedDomains", ""); #endif // tor-browser#18603: failIfMajorPerformanceCaveat is an optional attribute that // can be used when creating a WebGL context if the browser detects that the View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ebaa959… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ebaa959… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.4.0esr-14.5-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 23 Oct '24

23 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: cc1f52a5 by Pier Angelo Vendrame at 2024-10-23T14:32:55+02:00 fixup! Firefox preference overrides. Bug 42125: Set and lock privacy.resistFingerprinting.exemptedDomains. The rationale for locking this is consistency with RFP. Also, set privacy.resistFingerprinting.randomDataOnCanvasExtract as a countermesure to some wrong guides. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -385,10 +385,18 @@ pref("dom.push.serverURL", ""); // Fingerprinting // tor-browser#41797: For release builds, lock RFP +// tor-browser#42125: Set (and lock in release) also exempted domains. #if MOZ_UPDATE_CHANNEL == release pref("privacy.resistFingerprinting", true, locked); +pref("privacy.resistFingerprinting.exemptedDomains", "", locked); +// tor-browser#42125: Some misleading guides suggest to set this to false, but +// the result would be that the canvas is completely white +// (see StaticPrefList.yaml), so lock it to true. +// Might be removed (MozBug 1670447). +pref("privacy.resistFingerprinting.randomDataOnCanvasExtract", true, locked); #else pref("privacy.resistFingerprinting", true); +pref("privacy.resistFingerprinting.exemptedDomains", ""); #endif // tor-browser#18603: failIfMajorPerformanceCaveat is an optional attribute that // can be used when creating a WebGL context if the browser detects that the View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/cc1f52a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/cc1f52a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] temporarily disbale the no-update.xml for 13.5.7 (analgous line should come...
by morgan (＠morgan) 22 Oct '24

22 Oct '24

morgan pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: d938943b by Morgan at 2024-10-22T20:06:40+00:00 temporarily disbale the no-update.xml for 13.5.7 (analgous line should come back once 13.5.9 is released) - - - - - 1 changed file: - update_3/release/.htaccess Changes: ===================================== update_3/release/.htaccess ===================================== @@ -13,7 +13,8 @@ RewriteRule ^[^/]+/13\.0.*/.* https://aus1.torproject.org/torbrowser/update_pre1 RewriteRule ^[^/]+/13\.5/.* https://aus1.torproject.org/torbrowser/update_pre14.0/release/$0 [last] RewriteRule ^[^/]+/13\.5\.[0123456]/.* https://aus1.torproject.org/torbrowser/update_pre14.0/release/$0 [last] RewriteRule ^[^/]+/14.0/ no-update.xml [last] -RewriteRule ^[^/]+/13.5.7/ no-update.xml [last] +# Disable this rule for now so 13.5.7 download the appropriate 14.0+13.5.7-.*xml response +# RewriteRule ^[^/]+/13.5.7/ no-update.xml [last] RewriteRule ^Linux_x86-gcc3/13.5.5/ALL 13.5.5-14.0+13.5.7-linux-i686-ALL.xml [last] RewriteRule ^Linux_x86-gcc3/13.5.6/ALL 13.5.6-14.0+13.5.7-linux-i686-ALL.xml [last] RewriteRule ^Linux_x86-gcc3/13.5.7/ALL 13.5.7-14.0+13.5.7-linux-i686-ALL.xml [last] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] release: new version, 14.0
by morgan (＠morgan) 22 Oct '24

22 Oct '24

morgan pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: 7e5c6773 by Morgan at 2024-10-22T19:16:50+00:00 release: new version, 14.0 - - - - - 30 changed files: - update_3/release/.htaccess - − update_3/release/13.5.4-13.5.7-linux-i686-ALL.xml - − update_3/release/13.5.4-13.5.7-linux-x86_64-ALL.xml - − update_3/release/13.5.4-13.5.7-macos-ALL.xml - − update_3/release/13.5.4-13.5.7-windows-i686-ALL.xml - − update_3/release/13.5.4-13.5.7-windows-x86_64-ALL.xml - − update_3/release/13.5.5-13.5.7-linux-i686-ALL.xml - − update_3/release/13.5.5-13.5.7-linux-x86_64-ALL.xml - − update_3/release/13.5.5-13.5.7-macos-ALL.xml - − update_3/release/13.5.5-13.5.7-windows-i686-ALL.xml - − update_3/release/13.5.5-13.5.7-windows-x86_64-ALL.xml - + update_3/release/13.5.5-14.0+13.5.7-linux-i686-ALL.xml - + update_3/release/13.5.5-14.0+13.5.7-linux-x86_64-ALL.xml - + update_3/release/13.5.5-14.0+13.5.7-macos-ALL.xml - + update_3/release/13.5.5-14.0+13.5.7-windows-i686-ALL.xml - + update_3/release/13.5.5-14.0+13.5.7-windows-x86_64-ALL.xml - − update_3/release/13.5.6-13.5.7-linux-i686-ALL.xml - − update_3/release/13.5.6-13.5.7-linux-x86_64-ALL.xml - − update_3/release/13.5.6-13.5.7-macos-ALL.xml - − update_3/release/13.5.6-13.5.7-windows-i686-ALL.xml - − update_3/release/13.5.6-13.5.7-windows-x86_64-ALL.xml - + update_3/release/13.5.6-14.0+13.5.7-linux-i686-ALL.xml - + update_3/release/13.5.6-14.0+13.5.7-linux-x86_64-ALL.xml - + update_3/release/13.5.6-14.0+13.5.7-macos-ALL.xml - + update_3/release/13.5.6-14.0+13.5.7-windows-i686-ALL.xml - + update_3/release/13.5.6-14.0+13.5.7-windows-x86_64-ALL.xml - + update_3/release/13.5.7-14.0+13.5.7-linux-i686-ALL.xml - + update_3/release/13.5.7-14.0+13.5.7-linux-x86_64-ALL.xml - + update_3/release/13.5.7-14.0+13.5.7-macos-ALL.xml - + update_3/release/13.5.7-14.0+13.5.7-windows-i686-ALL.xml The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-spec][main] 3 commits: Create bugzilla2gitlab script for ESR resolved issue audits
by morgan (＠morgan) 22 Oct '24

22 Oct '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-spec Commits: 1472857c by Richard Pospesel at 2024-06-27T04:18:44+00:00 Create bugzilla2gitlab script for ESR resolved issue audits - fetches all resolved bugs for a firefox release - outputs gitlab markdown for each entry which: - displays bugzilla issue number, title - links to bugzilla issue - shows a button which when clicked populates a review issue prepopulated with: - bugzilla information - appropriate gitlab labels - links to parent audit issue - provides checklist for engineers to mark blocks as triaged - - - - - aaf00ad7 by Morgan at 2024-10-22T18:49:55+00:00 updated code_audit.sh script to handle .mjs js files and some minor tweaks - - - - - d3418425 by Morgan at 2024-10-22T18:50:15+00:00 FF116-FF128 Audits - - - - - 15 changed files: - + audits/FF116_AUDIT - + audits/FF117_AUDIT - + audits/FF118_AUDIT - + audits/FF119_AUDIT - + audits/FF120_AUDIT - + audits/FF121_AUDIT - + audits/FF122_AUDIT - + audits/FF123_AUDIT - + audits/FF124_AUDIT - + audits/FF125_AUDIT - + audits/FF126_AUDIT - + audits/FF127_AUDIT - + audits/FF128_AUDIT - + audits/bugzilla2gitlab.sh - audits/code_audit.sh Changes: ===================================== audits/FF116_AUDIT ===================================== @@ -0,0 +1,20 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: `9c13862f3e084cec78650fa01450f6d18aec1530` ( `FIREFOX_ESR_115_BASE` ) +- End: `ff486626d0de0e7f34d65ef000c657080ddf564d` ( `FIREFOX_116_0_3_RELEASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) ===================================== audits/FF117_AUDIT ===================================== @@ -0,0 +1,20 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: ff486626d0de0e7f34d65ef000c657080ddf564d ( `FIREFOX_116_0_3_RELEASE` ) +- End: 6f3830e39c76ae6d0ab19b4f9289d434d424cbe3 ( `FIREFOX_117_0_RELEASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) ===================================== audits/FF118_AUDIT ===================================== @@ -0,0 +1,20 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: tor-browser@6f3830e39c76ae6d0ab19b4f9289d434d424cbe3 ( `FIREFOX_117_0_RELEASE` ) +- End: tor-browser@a928b6c0612a2690852fa3b5d13efc2a80868a90 ( `FIREFOX_118_0_RELEASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) ===================================== audits/FF119_AUDIT ===================================== @@ -0,0 +1,20 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: tor-browser@a928b6c0612a2690852fa3b5d13efc2a80868a90 ( `FIREFOX_118_0_RELEASE` ) +- End: tor-browser@7ab3cc0103090dd7bfa02e072a529b9fc784ab4e ( `FIREFOX_119_0_RELEASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) ===================================== audits/FF120_AUDIT ===================================== @@ -0,0 +1,20 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: tor-browser@7ab3cc0103090dd7bfa02e072a529b9fc784ab4e ( `FIREFOX_119_0_RELEASE` ) +- End: tor-browser@dedee7a8c6cbabc80294733634360f6fbeeeadc0 ( `FIREFOX_120_0_RELEASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) ===================================== audits/FF121_AUDIT ===================================== @@ -0,0 +1,28 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: tor-browser@dedee7a8c6cbabc80294733634360f6fbeeeadc0 ( `FIREFOX_120_0_RELEASE` ) +- End: tor-browser@a32b8662993085139ac91212a297123b632fc1c0 ( `FIREFOX_121_0_RELEASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +#### 1add9d4c13a6493e670d01b38f4eb839c53bf1ba +- Mozilla 1815739: Support using Firefox as default PDF reader on Android +- https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43159 +- Review Result: SAFE + +#### a6562d5849a78c58340bb3d9b975f1208db4401d +- Mozilla 1852340: Implement a new "report broken site" feature for desktop Firefox +- https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43160 +- Review Result: SAFE ===================================== audits/FF122_AUDIT ===================================== @@ -0,0 +1,20 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: tor-browser@a32b8662993085139ac91212a297123b632fc1c0 ( `FIREFOX_121_0_RELEASE` ) +- End: tor-browser@7e38fabb90748649da04ed45a2f80d68423362d9 ( `FIREFOX_122_0_RELEASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) ===================================== audits/FF123_AUDIT ===================================== @@ -0,0 +1,30 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: tor-browser@7e38fabb90748649da04ed45a2f80d68423362d9 ( `FIREFOX_122_0_RELEASE` ) +- End: tor-browser@f8704c84a751716bad093b9bdc482db53fe5b3ea ( `FIREFOX_123_0_RELEASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) + +#### 14797b7fa8c5df0332ba5d422803dbcdf548c056 +#### eb73825495faf333a4fe812316ac38e138f5bf8d +#### 818788a96a700c6d44a17ab1e932de96cc45eac6 +#### c0aa048b3918e367e9fd84442695f1fbb2087f30 +- https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43161 +- Mozilla 1852900: Pass HTTPS requests to native resolver thread +- Mozilla 1852902: Allow nsINativeDNSResolverOverride to override native HTTPS records +- https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43161 +- Review Result: SAFE ===================================== audits/FF124_AUDIT ===================================== @@ -0,0 +1,20 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: tor-browser@f8704c84a751716bad093b9bdc482db53fe5b3ea ( `FIREFOX_123_0_RELEASE` ) +- End: tor-browser@eb063e98ca624ff7d430a9b9aa356381f49e2e5a ( `FIREFOX_124_0_RELEASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) ===================================== audits/FF125_AUDIT ===================================== @@ -0,0 +1,20 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: tor-browser@eb063e98ca624ff7d430a9b9aa356381f49e2e5a ( `FIREFOX_124_0_RELEASE` ) +- End: tor-browser@59577ab1445892568bafb39124e5757a307177f2 ( `FIREFOX_125_0_BUILD1` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) ===================================== audits/FF126_AUDIT ===================================== @@ -0,0 +1,20 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: 59577ab1445892568bafb39124e5757a307177f2 ( `FIREFOX_125_0_BUILD1` ) +- End: 5889d9823cc5975561827262efeb24464360402c ( `FIREFOX_126_0_BUILD1` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) ===================================== audits/FF127_AUDIT ===================================== @@ -0,0 +1,20 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: 5889d9823cc5975561827262efeb24464360402c ( `FIREFOX_126_0_BUILD1` ) +- End: e480e7382673f60d2f8590e7018d291b52e982b0 ( `FIREFOX_127_0b1_RELEASE` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) ===================================== audits/FF128_AUDIT ===================================== @@ -0,0 +1,20 @@ +# General + +The audit begins at the commit hash where the previous audit ended. Use code_audit.sh for creating the diff and highlighting potentially problematic code. The audit is scoped to a specific language (currently C/C++, Rust, Java/Kotlin, and Javascript). + +The output includes the entire patch where the new problematic code was introduced. Search for `XXX MATCH XXX` to find the next potential violation. + +`code_audit.sh` contains the list of known problematic APIs. New usage of these functions are documented and analyzed in this audit. + +## Firefox: https://github.com/mozilla/gecko-dev.git + +- Start: tor-browser@e480e7382673f60d2f8590e7018d291b52e982b0 ( `FIREFOX_127_0b1_RELEASE` ) +- End: tor-browser@9352d2be309c27f0e93471e2bb3352d7cfb76052 ( `FIREFOX_128_0b1_BUILD1` ) + +### Languages: +- [x] java +- [x] cpp +- [x] js +- [x] rust + +Nothing of interest (using `code_audit.sh`) ===================================== audits/bugzilla2gitlab.sh ===================================== @@ -0,0 +1,122 @@ +#!/usr/bin/env bash + +echoerr() { echo "$@" 1>&2; } + +if [ "$#" -lt 3 ]; then + echoerr "Usage: $0 firefox-version gitlab-audit-issue-number reviewers... > output.md" + exit 1 +fi + +# Check pre-conditions +check_exists() { + local cmd=$1 + if ! which ${cmd} > /dev/null ; then + echoerr "missing ${cmd} dependency" + exit 1 + fi +} + +check_exists wget +check_exists jq +check_exists sed +check_exists perl + +# assign arguments to named variables +firefox_version=$1 +audit_issue=$2 +reviewers="${@:3}" + +# check valid esr version +if ! [[ "${firefox_version}" =~ ^[1-9][0-9]{2}$ ]]; then + echoerr "invalid Firefox version (probably)" + exit 1 +fi + +# check valid issue number +if ! [[ "${audit_issue}" =~ ^[1-9][0-9]{4}$ ]]; then + echoerr "invalid gitlab audit issue number (probably)" + exit 1 +fi + +# download bug list +json=/tmp/${firefox_version}.json +bugzilla_query="https://bugzilla.mozilla.org/buglist.cgi?j_top=OR&f1=target_milestone&o3=eq…" +# you can get this from the 'REST' link at the bottom of the prevoius bugzilla query ^^; +bugzilla_json_query="https://bugzilla.mozilla.org/rest/bug?include_fields=id,summary,status&bug_…" + +wget "${bugzilla_json_query}" -O ${json} + +echo "### [Bugzilla Query](${bugzilla_query})" +echo "" + +issue_count=$(jq '.bugs | length' ${json}) +counter=0 +jq '.bugs | sort_by(.id)[] | "\(.id)|\(.summary)"' ${json} | while IFS='|' read -r id summary; do + + # indexing + counter=$((counter + 1)) + + from=$counter + through=$((counter + 499)) + if ((to > issue_count)); then + to=$issue_count + fi + + # break up into sections or else gitlab falls over + if ((counter % 500 == 1)); then + echo "<details>" + echo " <summary>Resolved Firefox ${firefox_version} Bugzilla Issues ${from} through ${through}</summary>" + echo "" + fi + + # bugzilla info + id="${id:1}" + summary="${summary:0:-1}" + [[ ${#summary} -gt 90 ]] && summary_short="${summary:0:87}..." || summary_short="${summary}" + + # we need to escape printed strings for markdown + md_escape() { + local input="$1" + # jesus I'm sorry + echo "${input}" | sed 's/[][\\`*_{}<>()#+-\.~]/\\&/g' + } + + md_summary=$(md_escape "${summary}") + md_summary_short=$(md_escape "$summary_short") + + # we need to urlencode the strings used in the new issue link + url_encode() { + local input="$1" + echo "${input}" | perl -MURI::Escape -wlne 'print uri_escape $_' + } + + # parent issue + bugzilla_url="https://bugzilla.mozilla.org/show_bug.cgi?id=${id}" + # review issue title + new_issue_title=$(url_encode "Review Mozilla ${id}: ${summary_short}") + # review issue description + new_issue_description=$(url_encode "### Bugzilla: ${bugzilla_url}")%0A$(url_encode "/label ~\"14.0 stable\" ~FF128-esr ~Next")%0A$(url_encode "/relate tpo/applications/tor-browser-spec#${audit_issue}")%0A%0A$(url_encode "")%0A + # url which create's new issue with title and description pre-populated + new_issue_url="../../../../tor-browser/-/issues/new?issue[title]=${new_issue_title}&issue[description]=${new_issue_description}" + + # em-space + em=" " + counter_string=$(printf "%04i" ${counter}) + + echo "- **${counter_string}**${em}<kbd>[Create Issue](${new_issue_url})</kbd>${em}[**${id}**: ${md_summary}](${bugzilla_url})" + + + if ((counter % 500 == 0 )) || (( counter == issue_count )); then + # checklist of engineers that have triaged this block + echo "</details>" + echo + echo "**Triaged by:**" + for reviewer in $reviewers; do + echo "- [ ] **${reviewer}**" + done + echo + elif ((counter % 25 == 0 )); then + # add a hrule every 25 to break things up visually + echo "---" + fi +done ===================================== audits/code_audit.sh ===================================== @@ -138,7 +138,7 @@ case "${SCOPE}" in initialize_rust_symbols ;; "js" ) - EXT="js jsm" + EXT="js jsm mjs" initialize_js_symbols ;; * ) @@ -172,9 +172,9 @@ rm -f "${REPORT_FILE}" # of said commit # Flashing Color constants -export GREP_COLOR="05;37;41" +export GREP_COLORS="mt=05;37;41" -for COMMIT in $(git rev-list --ancestry-path $OLD~..$NEW); do +for COMMIT in $(git log --format="%H" $NEW ^$OLD); do TEMP_DIFF="$(mktemp)" echo "Diffing $COMMIT..." View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/compare/1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-spec/-/compare/1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-115.17.0esr-13.5-1-build1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new tag mullvad-browser-115.17.0esr-13.5-1-build1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.17.0esr-13.5-1] 21 commits: MB 38: Mullvad Browser configuration
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch mullvad-browser-115.17.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: a90e5108 by Pier Angelo Vendrame at 2024-10-21T19:28:08+02:00 MB 38: Mullvad Browser configuration - - - - - a1fdd0b3 by Pier Angelo Vendrame at 2024-10-21T19:28:08+02:00 MB 1: Mullvad Browser branding See also: mullvad-browser#5: Product name and directory customization mullvad-browser#12: Create new branding directories and integrate Mullvad icons+branding mullvad-browser#14: Remove Default Built-in bookmarks mullvad-browser#35: Add custom PDF icons for Windows builds mullvad-browser#48: Replace Mozilla copyright and legal trademarks in mullvadbrowser.exe metadata mullvad-browser#51: Update trademark string mullvad-browser#104: Update shipped dll metadata copyright/licensing info mullvad-browser#107: Add alpha and nightly icons - - - - - 2f5c9042 by Pier Angelo Vendrame at 2024-10-21T19:28:08+02:00 MB 20: Allow packaged-addons in PBM. We install a few addons from the distribution directory, but they are not automatically enabled for PBM mode. This commit modifies the code that installs them to also add the PBM permission to the known ones. - - - - - 2d42fbd7 by Pier Angelo Vendrame at 2024-10-21T19:28:08+02:00 MB 63: Customize some about pages for Mullvad Browser Also: mullvad-browser#57: Purge unneeded about: pages - - - - - 443ad6d6 by Pier Angelo Vendrame at 2024-10-21T19:28:09+02:00 MB 37: Customization for the about dialog - - - - - a98e9347 by Henry Wilkes at 2024-10-21T19:28:09+02:00 MB 39: Add home page about:mullvad-browser - - - - - 46c0ffd2 by hackademix at 2024-10-21T19:28:09+02:00 MB 97: Remove UI cues to install new extensions. - - - - - e54949fe by hackademix at 2024-10-21T19:28:09+02:00 MB 47: uBlock Origin customization - - - - - ff65ee95 by Pier Angelo Vendrame at 2024-10-21T19:28:09+02:00 MB 21: Disable the password manager This commit disables the about:login page and removes the "Login and Password" section of about:preferences. We do not do anything to the real password manager of Firefox, that is in toolkit: it contains C++ parts that make it difficult to actually prevent it from being built.. Finally, we modify the the function that opens about:login to report an error in the console so that we can quickly get a backtrace to the code that tries to use it. - - - - - 542f462b by Pier Angelo Vendrame at 2024-10-21T19:28:10+02:00 MB 112: Updater customization for Mullvad Browser MB 71: Set the updater base URL to Mullvad domain - - - - - c53787fb by Nicolas Vigier at 2024-10-21T19:28:10+02:00 MB 79: Add Mullvad Browser MAR signing keys MB 256: Add mullvad-browser nightly mar signing key - - - - - 158a3170 by Pier Angelo Vendrame at 2024-10-21T19:28:10+02:00 MB 34: Hide unsafe and unwanted preferences UI about:preferences allow to override some of our defaults, that could be fingeprintable or have some other unwanted consequences. - - - - - e60b2084 by Pier Angelo Vendrame at 2024-10-21T19:28:10+02:00 MB 160: Disable the cookie exceptions button Besides disabling the "Delete on close checkbox", disable also the "Manage Exceptions" button when always using PBM. - - - - - 91af131f by hackademix at 2024-10-21T19:28:11+02:00 MB 163: prevent uBlock Origin from being uninstalled/disabled - - - - - 4d3aded0 by Richard Pospesel at 2024-10-21T19:28:11+02:00 MB 188: Customize Gitlab Issue and Merge templates - - - - - 09d56025 by rui hildt at 2024-10-21T19:28:11+02:00 MB 213: Customize the search engines list - - - - - c18600d1 by hackademix at 2024-10-21T19:28:11+02:00 MB 214: Enable cross-tab identity leak protection in "quiet" mode - - - - - 86604529 by Pier Angelo Vendrame at 2024-10-21T19:28:11+02:00 MB 234: Disable OS spoofing in HTTP User-Agent. This commits makes it possible to disable OS spoofing in the HTTP User-Agent header, to see if matching header and JS property improve usability. - - - - - 4a380784 by Pier Angelo Vendrame at 2024-10-21T19:28:12+02:00 MB 80: Enable Mullvad Browser as a default browser - - - - - 286bd0d5 by Dan Ballard at 2024-10-21T19:28:12+02:00 MB 290: Add default bookmarks in alpha channel for testing - - - - - a4027ce1 by june wilde at 2024-10-21T19:28:12+02:00 MB 305: Disable setting default browser on Windows Until we can pull in upstream changes to fix breakage in setting the Mullvad Browser as default in Windows 10/11 we're disabling the ability to do so via about:preferences as well as via the startup query dialog - - - - - 30 changed files: - .gitlab/issue_templates/Emergency Security Issue.md - + .gitlab/issue_templates/Rebase Browser - Alpha.md - + .gitlab/issue_templates/Rebase Browser - Stable.md - .gitlab/merge_request_templates/default.md - browser/app/Makefile.in - browser/app/macbuild/Contents/Info.plist.in - browser/app/module.ver - browser/app/firefox.exe.manifest → browser/app/mullvadbrowser.exe.manifest - + browser/app/profile/000-mullvad-browser.js - browser/app/profile/001-base-profile.js - browser/base/content/aboutDialog.xhtml - browser/base/content/appmenu-viewcache.inc.xhtml - browser/base/content/browser-menubar.inc - browser/base/content/browser-places.js - browser/base/content/browser.js - browser/base/content/default-bookmarks.html - browser/base/content/nsContextMenu.js - browser/base/content/overrides/app-license.html - browser/base/content/pageinfo/pageInfo.xhtml - browser/base/content/utilityOverlay.js - browser/branding/branding-common.mozbuild - + browser/branding/mb-alpha/VisualElements_150.png - + browser/branding/mb-alpha/VisualElements_70.png - + browser/branding/mb-alpha/configure.sh - + browser/branding/mb-alpha/content/about-logo.png - + browser/branding/mb-alpha/content/about-logo.svg - + browser/branding/mb-alpha/content/about-logo(a)2x.png - + browser/branding/mb-alpha/content/about-wordmark.svg - + browser/branding/mb-alpha/content/about.png - + browser/branding/mb-alpha/content/aboutDialog.css The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/c0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/c0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag FIREFOX_115_17_0esr_BUILD1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new tag FIREFOX_115_17_0esr_BUILD1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/FIREF… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag base-browser-115.17.0esr-13.5-1-build1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new tag base-browser-115.17.0esr-13.5-1-build1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/base-… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-128.4.0esr-14.5-1-build1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new tag mullvad-browser-128.4.0esr-14.5-1-build1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new branch mullvad-browser-128.4.0esr-14.5-1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new branch mullvad-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-128.4.0esr-14.0-1-build1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new tag mullvad-browser-128.4.0esr-14.0-1-build1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.4.0esr-14.0-1] 27 commits: MB 38: Mullvad Browser configuration
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.4.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 3a0b7b02 by Pier Angelo Vendrame at 2024-10-22T16:07:27+02:00 MB 38: Mullvad Browser configuration - - - - - 5d361bab by Pier Angelo Vendrame at 2024-10-22T16:07:29+02:00 fixup! MB 38: Mullvad Browser configuration Bug 42356: Preference review for Firefox ESR128. Remove privacy.webrtc.legacyGlobalIndicator, as it is not supported by Firefox anymore. - - - - - 5690ac09 by Pier Angelo Vendrame at 2024-10-22T16:07:29+02:00 MB 1: Mullvad Browser branding See also: mullvad-browser#5: Product name and directory customization mullvad-browser#12: Create new branding directories and integrate Mullvad icons+branding mullvad-browser#14: Remove Default Built-in bookmarks mullvad-browser#35: Add custom PDF icons for Windows builds mullvad-browser#48: Replace Mozilla copyright and legal trademarks in mullvadbrowser.exe metadata mullvad-browser#51: Update trademark string mullvad-browser#104: Update shipped dll metadata copyright/licensing info mullvad-browser#107: Add alpha and nightly icons - - - - - 00788a2d by Henry Wilkes at 2024-10-22T16:07:30+02:00 Mullvad Browser strings This commit adds strings needed by the following Mullvad Browser patches. - - - - - d9930e46 by Pier Angelo Vendrame at 2024-10-22T16:07:30+02:00 MB 20: Allow packaged-addons in PBM. We install a few addons from the distribution directory, but they are not automatically enabled for PBM mode. This commit modifies the code that installs them to also add the PBM permission to the known ones. - - - - - 1a807285 by Pier Angelo Vendrame at 2024-10-22T16:07:30+02:00 MB 63: Customize some about pages for Mullvad Browser Also: mullvad-browser#57: Purge unneeded about: pages - - - - - 5bd4931f by Henry Wilkes at 2024-10-22T16:07:31+02:00 fixup! MB 63: Customize some about pages for Mullvad Browser MB 349: Merge Fluent files into one. - - - - - dc7a6af5 by Pier Angelo Vendrame at 2024-10-22T16:07:31+02:00 fixup! MB 63: Customize some about pages for Mullvad Browser Restore Mullvad Browser's custom telemetry page. - - - - - 3f85bee8 by Pier Angelo Vendrame at 2024-10-22T16:07:31+02:00 MB 37: Customization for the about dialog - - - - - e9f89d94 by Henry Wilkes at 2024-10-22T16:07:32+02:00 fixup! MB 37: Customization for the about dialog MB 349: Merge Fluent files into one. - - - - - 161a6b7a by Henry Wilkes at 2024-10-22T16:07:32+02:00 MB 39: Add home page about:mullvad-browser - - - - - 39c19355 by Henry Wilkes at 2024-10-22T16:07:32+02:00 fixup! MB 39: Add home page about:mullvad-browser MB 349: Merge Fluent files into one. - - - - - 2c851df1 by hackademix at 2024-10-22T16:07:33+02:00 MB 97: Remove UI cues to install new extensions. - - - - - 491ce587 by hackademix at 2024-10-22T16:07:33+02:00 MB 47: uBlock Origin customization - - - - - acb93013 by Pier Angelo Vendrame at 2024-10-22T16:07:34+02:00 MB 21: Disable the password manager This commit disables the about:login page and removes the "Login and Password" section of about:preferences. We do not do anything to the real password manager of Firefox, that is in toolkit: it contains C++ parts that make it difficult to actually prevent it from being built.. Finally, we modify the the function that opens about:login to report an error in the console so that we can quickly get a backtrace to the code that tries to use it. - - - - - a2a7142f by Pier Angelo Vendrame at 2024-10-22T16:07:34+02:00 MB 112: Updater customization for Mullvad Browser MB 71: Set the updater base URL to Mullvad domain - - - - - 5d2388f5 by Nicolas Vigier at 2024-10-22T16:07:34+02:00 MB 79: Add Mullvad Browser MAR signing keys MB 256: Add mullvad-browser nightly mar signing key - - - - - 5059dec0 by Pier Angelo Vendrame at 2024-10-22T16:07:35+02:00 MB 34: Hide unsafe and unwanted preferences UI about:preferences allow to override some of our defaults, that could be fingeprintable or have some other unwanted consequences. - - - - - 991cdc6b by Pier Angelo Vendrame at 2024-10-22T16:07:35+02:00 MB 160: Disable the cookie exceptions button Besides disabling the "Delete on close checkbox", disable also the "Manage Exceptions" button when always using PBM. - - - - - eb0ffd9b by hackademix at 2024-10-22T16:07:35+02:00 MB 163: prevent uBlock Origin from being uninstalled/disabled - - - - - fd7009b4 by Richard Pospesel at 2024-10-22T16:07:36+02:00 MB 188: Customize Gitlab Issue and Merge templates - - - - - 429291dc by rui hildt at 2024-10-22T16:07:36+02:00 MB 213: Customize the search engines list MB 328: Refactor the search engine patch. Upstream switched to a completely different search engine configuration between ESR 115 and ESR 128. We moved our configuration to a couple of JSON files that do not follow upstream's schemas, as they are overcomplicated for our needs. Also, we keep the old search engine extensions for now, as upstream also kept them, and planned of removing them with Bug 1885953. - - - - - 18ea3acb by Pier Angelo Vendrame at 2024-10-22T16:18:30+02:00 fixup! MB 213: Customize the search engines list Linted. - - - - - cee7976a by hackademix at 2024-10-22T16:18:31+02:00 MB 214: Enable cross-tab identity leak protection in "quiet" mode - - - - - b273a0fd by Pier Angelo Vendrame at 2024-10-22T16:18:31+02:00 MB 80: Enable Mullvad Browser as a default browser - - - - - 6d5884af by Pier Angelo Vendrame at 2024-10-22T16:18:31+02:00 MB 320: Temporarily disable WebRTC and WDBA on Windows. WebRTC should be re-enabled when tor-browser#42758 is resolved, and and the default browser agent when in general we make this feature work again. - - - - - 002868ce by Henry Wilkes at 2024-10-22T16:18:32+02:00 MB 329: Customize toolbar for mullvad-browser. - - - - - 30 changed files: - .gitlab/issue_templates/Emergency Security Issue.md - + .gitlab/issue_templates/Rebase Browser - Alpha.md - + .gitlab/issue_templates/Rebase Browser - Stable.md - .gitlab/merge_request_templates/default.md - browser/app/Makefile.in - browser/app/macbuild/Contents/Info.plist.in - browser/app/module.ver - browser/app/firefox.exe.manifest → browser/app/mullvadbrowser.exe.manifest - + browser/app/profile/000-mullvad-browser.js - browser/app/profile/001-base-profile.js - browser/base/content/aboutDialog.xhtml - browser/base/content/appmenu-viewcache.inc.xhtml - browser/base/content/browser-menubar.inc - browser/base/content/browser-places.js - browser/base/content/browser.js - browser/base/content/default-bookmarks.html - browser/base/content/nsContextMenu.js - browser/base/content/overrides/app-license.html - browser/base/content/pageinfo/pageInfo.xhtml - browser/base/content/utilityOverlay.js - browser/branding/branding-common.mozbuild - + browser/branding/mb-alpha/VisualElements_150.png - + browser/branding/mb-alpha/VisualElements_70.png - + browser/branding/mb-alpha/configure.sh - + browser/branding/mb-alpha/content/about-logo.png - + browser/branding/mb-alpha/content/about-logo.svg - + browser/branding/mb-alpha/content/about-logo(a)2x.png - + browser/branding/mb-alpha/content/about-wordmark.svg - + browser/branding/mb-alpha/content/about.png - + browser/branding/mb-alpha/content/aboutDialog.css The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/c6… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/c6… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-115.17.0esr-13.5-1-build1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new tag base-browser-115.17.0esr-13.5-1-build1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.17.0esr-13.5-1-build1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new tag tor-browser-115.17.0esr-13.5-1-build1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.4.0esr-14.0-1] 2 commits: fixup! Add CI for Base Browser
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.4.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: b9ec7075 by Beatriz Rizental at 2024-10-22T16:02:57+02:00 fixup! Add CI for Base Browser Always use tor-browser repository as base for CI clones. This is fine, because both tor-browser and mullvad-browser repositories share most of their history. - - - - - c66fb92a by Beatriz Rizental at 2024-10-22T16:02:57+02:00 fixup! Add CI for Base Browser - - - - - 2 changed files: - .gitlab-ci.yml - .gitlab/ci/lint.yml Changes: ===================================== .gitlab-ci.yml ===================================== @@ -3,7 +3,7 @@ stages: variables: IMAGE_PATH: containers.torproject.org/tpo/applications/tor-browser/base:latest - LOCAL_REPO_PATH: /srv/apps-repos/${CI_PROJECT_NAME}.git + LOCAL_REPO_PATH: /srv/apps-repos/tor-browser.git include: - local: '.gitlab/ci/lint.yml' ===================================== .gitlab/ci/lint.yml ===================================== @@ -22,7 +22,13 @@ - git remote add local "$LOCAL_REPO_PATH" - git fetch --depth 500 local - git remote add origin "$CI_REPOSITORY_URL" - - git fetch origin ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} + - | + if [ -z "${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}" ]; then + echo "No branch specified. Stopping the pipeline." + exit 1 + fi + - echo "Fetching from remote branch ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}" + - git fetch origin "${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}" - git checkout origin/${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} eslint: @@ -52,7 +58,7 @@ eslint: - 'tools/lint/eslint/eslint-plugin-mozilla/**' - 'tools/lint/eslint/eslint-plugin-spidermonkey-js/**' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') stylelint: extends: .base @@ -70,7 +76,7 @@ stylelint: - '**/.stylelintignore' - '**/*stylelintrc*' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') py-black: extends: .base @@ -89,7 +95,7 @@ py-black: - 'pyproject.toml' - 'tools/lint/black.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') py-ruff: extends: .base @@ -108,7 +114,7 @@ py-ruff: - 'tools/lint/python/ruff.py' - 'tools/lint/python/ruff_requirements.txt' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') yaml: extends: .base @@ -123,7 +129,7 @@ yaml: - '**/*.yaml' - '**/.ymllint' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') shellcheck: extends: .base @@ -137,7 +143,7 @@ shellcheck: - '**/*.sh' - 'tools/lint/shellcheck.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') clang-format: extends: .base @@ -157,7 +163,7 @@ clang-format: - '**/*.mm' - 'tools/lint/clang-format.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') rustfmt: extends: .base @@ -171,7 +177,7 @@ rustfmt: - '**/*.rs' - 'tools/lint/rustfmt.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') fluent-lint: extends: .base @@ -186,7 +192,7 @@ fluent-lint: - 'tools/lint/fluent-lint.yml' - 'tools/lint/fluent-lint/exclusions.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') localization: extends: .base @@ -203,7 +209,7 @@ localization: - 'third_party/python/fluent/**' - 'tools/lint/l10n.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') mingw-capitalization: extends: .base @@ -220,7 +226,7 @@ mingw-capitalization: - '**/*.h' - 'tools/lint/mingw-capitalization.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') mscom-init: extends: .base @@ -237,7 +243,7 @@ mscom-init: - '**/*.h' - 'tools/lint/mscom-init.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') file-whitespace: extends: .base @@ -267,7 +273,7 @@ file-whitespace: - '**/*.java' - 'tools/lint/file-whitespace.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') test-manifest: extends: .base @@ -282,7 +288,7 @@ test-manifest: - 'python/mozlint/**' - 'tools/lint/**' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') trojan-source: extends: .base @@ -301,4 +307,4 @@ trojan-source: - '**/*.rs' - 'tools/lint/trojan-source.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/24… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/24… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.4.0esr-14.0-1] 2 commits: fixup! Add CI for Base Browser
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch base-browser-128.4.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: b9ec7075 by Beatriz Rizental at 2024-10-22T16:02:57+02:00 fixup! Add CI for Base Browser Always use tor-browser repository as base for CI clones. This is fine, because both tor-browser and mullvad-browser repositories share most of their history. - - - - - c66fb92a by Beatriz Rizental at 2024-10-22T16:02:57+02:00 fixup! Add CI for Base Browser - - - - - 2 changed files: - .gitlab-ci.yml - .gitlab/ci/lint.yml Changes: ===================================== .gitlab-ci.yml ===================================== @@ -3,7 +3,7 @@ stages: variables: IMAGE_PATH: containers.torproject.org/tpo/applications/tor-browser/base:latest - LOCAL_REPO_PATH: /srv/apps-repos/${CI_PROJECT_NAME}.git + LOCAL_REPO_PATH: /srv/apps-repos/tor-browser.git include: - local: '.gitlab/ci/lint.yml' ===================================== .gitlab/ci/lint.yml ===================================== @@ -22,7 +22,13 @@ - git remote add local "$LOCAL_REPO_PATH" - git fetch --depth 500 local - git remote add origin "$CI_REPOSITORY_URL" - - git fetch origin ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} + - | + if [ -z "${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}" ]; then + echo "No branch specified. Stopping the pipeline." + exit 1 + fi + - echo "Fetching from remote branch ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}" + - git fetch origin "${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}" - git checkout origin/${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} eslint: @@ -52,7 +58,7 @@ eslint: - 'tools/lint/eslint/eslint-plugin-mozilla/**' - 'tools/lint/eslint/eslint-plugin-spidermonkey-js/**' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') stylelint: extends: .base @@ -70,7 +76,7 @@ stylelint: - '**/.stylelintignore' - '**/*stylelintrc*' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') py-black: extends: .base @@ -89,7 +95,7 @@ py-black: - 'pyproject.toml' - 'tools/lint/black.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') py-ruff: extends: .base @@ -108,7 +114,7 @@ py-ruff: - 'tools/lint/python/ruff.py' - 'tools/lint/python/ruff_requirements.txt' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') yaml: extends: .base @@ -123,7 +129,7 @@ yaml: - '**/*.yaml' - '**/.ymllint' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') shellcheck: extends: .base @@ -137,7 +143,7 @@ shellcheck: - '**/*.sh' - 'tools/lint/shellcheck.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') clang-format: extends: .base @@ -157,7 +163,7 @@ clang-format: - '**/*.mm' - 'tools/lint/clang-format.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') rustfmt: extends: .base @@ -171,7 +177,7 @@ rustfmt: - '**/*.rs' - 'tools/lint/rustfmt.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') fluent-lint: extends: .base @@ -186,7 +192,7 @@ fluent-lint: - 'tools/lint/fluent-lint.yml' - 'tools/lint/fluent-lint/exclusions.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') localization: extends: .base @@ -203,7 +209,7 @@ localization: - 'third_party/python/fluent/**' - 'tools/lint/l10n.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') mingw-capitalization: extends: .base @@ -220,7 +226,7 @@ mingw-capitalization: - '**/*.h' - 'tools/lint/mingw-capitalization.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') mscom-init: extends: .base @@ -237,7 +243,7 @@ mscom-init: - '**/*.h' - 'tools/lint/mscom-init.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') file-whitespace: extends: .base @@ -267,7 +273,7 @@ file-whitespace: - '**/*.java' - 'tools/lint/file-whitespace.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') test-manifest: extends: .base @@ -282,7 +288,7 @@ test-manifest: - 'python/mozlint/**' - 'tools/lint/**' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') trojan-source: extends: .base @@ -301,4 +307,4 @@ trojan-source: - '**/*.rs' - 'tools/lint/trojan-source.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/24e628… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/24e628… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.4.0esr-14.5-1] 2 commits: fixup! Add CI for Base Browser
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch base-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: b9ec7075 by Beatriz Rizental at 2024-10-22T16:02:57+02:00 fixup! Add CI for Base Browser Always use tor-browser repository as base for CI clones. This is fine, because both tor-browser and mullvad-browser repositories share most of their history. - - - - - c66fb92a by Beatriz Rizental at 2024-10-22T16:02:57+02:00 fixup! Add CI for Base Browser - - - - - 2 changed files: - .gitlab-ci.yml - .gitlab/ci/lint.yml Changes: ===================================== .gitlab-ci.yml ===================================== @@ -3,7 +3,7 @@ stages: variables: IMAGE_PATH: containers.torproject.org/tpo/applications/tor-browser/base:latest - LOCAL_REPO_PATH: /srv/apps-repos/${CI_PROJECT_NAME}.git + LOCAL_REPO_PATH: /srv/apps-repos/tor-browser.git include: - local: '.gitlab/ci/lint.yml' ===================================== .gitlab/ci/lint.yml ===================================== @@ -22,7 +22,13 @@ - git remote add local "$LOCAL_REPO_PATH" - git fetch --depth 500 local - git remote add origin "$CI_REPOSITORY_URL" - - git fetch origin ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} + - | + if [ -z "${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}" ]; then + echo "No branch specified. Stopping the pipeline." + exit 1 + fi + - echo "Fetching from remote branch ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}" + - git fetch origin "${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}" - git checkout origin/${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} eslint: @@ -52,7 +58,7 @@ eslint: - 'tools/lint/eslint/eslint-plugin-mozilla/**' - 'tools/lint/eslint/eslint-plugin-spidermonkey-js/**' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') stylelint: extends: .base @@ -70,7 +76,7 @@ stylelint: - '**/.stylelintignore' - '**/*stylelintrc*' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') py-black: extends: .base @@ -89,7 +95,7 @@ py-black: - 'pyproject.toml' - 'tools/lint/black.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') py-ruff: extends: .base @@ -108,7 +114,7 @@ py-ruff: - 'tools/lint/python/ruff.py' - 'tools/lint/python/ruff_requirements.txt' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') yaml: extends: .base @@ -123,7 +129,7 @@ yaml: - '**/*.yaml' - '**/.ymllint' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') shellcheck: extends: .base @@ -137,7 +143,7 @@ shellcheck: - '**/*.sh' - 'tools/lint/shellcheck.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') clang-format: extends: .base @@ -157,7 +163,7 @@ clang-format: - '**/*.mm' - 'tools/lint/clang-format.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') rustfmt: extends: .base @@ -171,7 +177,7 @@ rustfmt: - '**/*.rs' - 'tools/lint/rustfmt.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') fluent-lint: extends: .base @@ -186,7 +192,7 @@ fluent-lint: - 'tools/lint/fluent-lint.yml' - 'tools/lint/fluent-lint/exclusions.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') localization: extends: .base @@ -203,7 +209,7 @@ localization: - 'third_party/python/fluent/**' - 'tools/lint/l10n.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') mingw-capitalization: extends: .base @@ -220,7 +226,7 @@ mingw-capitalization: - '**/*.h' - 'tools/lint/mingw-capitalization.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') mscom-init: extends: .base @@ -237,7 +243,7 @@ mscom-init: - '**/*.h' - 'tools/lint/mscom-init.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') file-whitespace: extends: .base @@ -267,7 +273,7 @@ file-whitespace: - '**/*.java' - 'tools/lint/file-whitespace.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') test-manifest: extends: .base @@ -282,7 +288,7 @@ test-manifest: - 'python/mozlint/**' - 'tools/lint/**' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') trojan-source: extends: .base @@ -301,4 +307,4 @@ trojan-source: - '**/*.rs' - 'tools/lint/trojan-source.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/24e628… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/24e628… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.4.0esr-14.0-1] fixup! Add CI for Base Browser
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.4.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 6cf7a548 by Beatriz Rizental at 2024-10-22T16:01:00+02:00 fixup! Add CI for Base Browser - - - - - 1 changed file: - .gitlab/ci/lint.yml Changes: ===================================== .gitlab/ci/lint.yml ===================================== @@ -22,7 +22,13 @@ - git remote add local "$LOCAL_REPO_PATH" - git fetch --depth 500 local - git remote add origin "$CI_REPOSITORY_URL" - - git fetch origin ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} + - | + if [ -z "${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}" ]; then + echo "No branch specified. Stopping the pipeline." + exit 1 + fi + - echo "Fetching from remote branch ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}" + - git fetch origin "${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}" - git checkout origin/${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} eslint: @@ -52,7 +58,7 @@ eslint: - 'tools/lint/eslint/eslint-plugin-mozilla/**' - 'tools/lint/eslint/eslint-plugin-spidermonkey-js/**' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') stylelint: extends: .base @@ -70,7 +76,7 @@ stylelint: - '**/.stylelintignore' - '**/*stylelintrc*' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') py-black: extends: .base @@ -89,7 +95,7 @@ py-black: - 'pyproject.toml' - 'tools/lint/black.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') py-ruff: extends: .base @@ -108,7 +114,7 @@ py-ruff: - 'tools/lint/python/ruff.py' - 'tools/lint/python/ruff_requirements.txt' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') yaml: extends: .base @@ -123,7 +129,7 @@ yaml: - '**/*.yaml' - '**/.ymllint' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') shellcheck: extends: .base @@ -137,7 +143,7 @@ shellcheck: - '**/*.sh' - 'tools/lint/shellcheck.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') clang-format: extends: .base @@ -157,7 +163,7 @@ clang-format: - '**/*.mm' - 'tools/lint/clang-format.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') rustfmt: extends: .base @@ -171,7 +177,7 @@ rustfmt: - '**/*.rs' - 'tools/lint/rustfmt.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') fluent-lint: extends: .base @@ -186,7 +192,7 @@ fluent-lint: - 'tools/lint/fluent-lint.yml' - 'tools/lint/fluent-lint/exclusions.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') localization: extends: .base @@ -203,7 +209,7 @@ localization: - 'third_party/python/fluent/**' - 'tools/lint/l10n.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') mingw-capitalization: extends: .base @@ -220,7 +226,7 @@ mingw-capitalization: - '**/*.h' - 'tools/lint/mingw-capitalization.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') mscom-init: extends: .base @@ -237,7 +243,7 @@ mscom-init: - '**/*.h' - 'tools/lint/mscom-init.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') file-whitespace: extends: .base @@ -267,7 +273,7 @@ file-whitespace: - '**/*.java' - 'tools/lint/file-whitespace.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') test-manifest: extends: .base @@ -282,7 +288,7 @@ test-manifest: - 'python/mozlint/**' - 'tools/lint/**' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') trojan-source: extends: .base @@ -301,4 +307,4 @@ trojan-source: - '**/*.rs' - 'tools/lint/trojan-source.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/6cf7a54… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/6cf7a54… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.4.0esr-14.5-1] fixup! Add CI for Base Browser
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: c86d56c2 by Beatriz Rizental at 2024-10-22T16:00:18+02:00 fixup! Add CI for Base Browser Always use tor-browser repository as base for CI clones. This is fine, because both tor-browser and mullvad-browser repositories share most of their history. - - - - - 1 changed file: - .gitlab-ci.yml Changes: ===================================== .gitlab-ci.yml ===================================== @@ -4,7 +4,7 @@ stages: variables: IMAGE_PATH: containers.torproject.org/tpo/applications/tor-browser/base:latest - LOCAL_REPO_PATH: /srv/apps-repos/${CI_PROJECT_NAME}.git + LOCAL_REPO_PATH: /srv/apps-repos/tor-browser.git include: - local: '.gitlab/ci/lint.yml' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c86d56c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c86d56c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.4.0esr-14.5-1] fixup! Add CI for Base Browser
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 947e6879 by Beatriz Rizental at 2024-10-22T15:46:11+02:00 fixup! Add CI for Base Browser - - - - - 1 changed file: - .gitlab/ci/lint.yml Changes: ===================================== .gitlab/ci/lint.yml ===================================== @@ -22,7 +22,13 @@ - git remote add local "$LOCAL_REPO_PATH" - git fetch --depth 500 local - git remote add origin "$CI_REPOSITORY_URL" - - git fetch origin ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} + - | + if [ -z "${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}" ]; then + echo "No branch specified. Stopping the pipeline." + exit 1 + fi + - echo "Fetching from remote branch ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}" + - git fetch origin "${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}" - git checkout origin/${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} eslint: @@ -52,7 +58,7 @@ eslint: - 'tools/lint/eslint/eslint-plugin-mozilla/**' - 'tools/lint/eslint/eslint-plugin-spidermonkey-js/**' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') stylelint: extends: .base @@ -70,7 +76,7 @@ stylelint: - '**/.stylelintignore' - '**/*stylelintrc*' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') py-black: extends: .base @@ -89,7 +95,7 @@ py-black: - 'pyproject.toml' - 'tools/lint/black.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') py-ruff: extends: .base @@ -108,7 +114,7 @@ py-ruff: - 'tools/lint/python/ruff.py' - 'tools/lint/python/ruff_requirements.txt' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') yaml: extends: .base @@ -123,7 +129,7 @@ yaml: - '**/*.yaml' - '**/.ymllint' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') shellcheck: extends: .base @@ -137,7 +143,7 @@ shellcheck: - '**/*.sh' - 'tools/lint/shellcheck.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') clang-format: extends: .base @@ -157,7 +163,7 @@ clang-format: - '**/*.mm' - 'tools/lint/clang-format.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') rustfmt: extends: .base @@ -171,7 +177,7 @@ rustfmt: - '**/*.rs' - 'tools/lint/rustfmt.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') fluent-lint: extends: .base @@ -186,7 +192,7 @@ fluent-lint: - 'tools/lint/fluent-lint.yml' - 'tools/lint/fluent-lint/exclusions.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') localization: extends: .base @@ -203,7 +209,7 @@ localization: - 'third_party/python/fluent/**' - 'tools/lint/l10n.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') mingw-capitalization: extends: .base @@ -220,7 +226,7 @@ mingw-capitalization: - '**/*.h' - 'tools/lint/mingw-capitalization.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') mscom-init: extends: .base @@ -237,7 +243,7 @@ mscom-init: - '**/*.h' - 'tools/lint/mscom-init.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') file-whitespace: extends: .base @@ -267,7 +273,7 @@ file-whitespace: - '**/*.java' - 'tools/lint/file-whitespace.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') test-manifest: extends: .base @@ -282,7 +288,7 @@ test-manifest: - 'python/mozlint/**' - 'tools/lint/**' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') trojan-source: extends: .base @@ -301,4 +307,4 @@ trojan-source: - '**/*.rs' - 'tools/lint/trojan-source.yml' # Run job whenever a commit is merged to a protected branch - - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true') View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/947e687… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/947e687… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.4.0esr-14.0-1] fixup! Add CI for Base Browser
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.4.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 8833dc69 by Beatriz Rizental at 2024-10-22T15:26:28+02:00 fixup! Add CI for Base Browser Always use tor-browser repository as base for CI clones. This is fine, because both tor-browser and mullvad-browser repositories share most of their history. - - - - - 1 changed file: - .gitlab-ci.yml Changes: ===================================== .gitlab-ci.yml ===================================== @@ -4,7 +4,7 @@ stages: variables: IMAGE_PATH: containers.torproject.org/tpo/applications/tor-browser/base:latest - LOCAL_REPO_PATH: /srv/apps-repos/${CI_PROJECT_NAME}.git + LOCAL_REPO_PATH: /srv/apps-repos/tor-browser.git include: - local: '.gitlab/ci/lint.yml' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8833dc6… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8833dc6… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bump Firefox version to 128.3.0esr for nightly builds.
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: f673ec01 by Pier Angelo Vendrame at 2024-10-22T14:58:23+02:00 Bump Firefox version to 128.3.0esr for nightly builds. Also, bump the browser version from 14.0 to 14.5. - - - - - 2 changed files: - projects/firefox/config - projects/geckoview/config Changes: ===================================== projects/firefox/config ===================================== @@ -14,12 +14,12 @@ container: use_container: 1 var: - firefox_platform_version: '128.3.0' + firefox_platform_version: '128.4.0' firefox_version: '[% c("var/firefox_platform_version") %]esr' - browser_series: '14.0' + browser_series: '14.5' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 4 + browser_build: 1 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' @@ -107,7 +107,6 @@ targets: gitlab_project: https://gitlab.torproject.org/tpo/applications/mullvad-browser updater_url: 'https://cdn.mullvad.net/browser/update_responses/update_1/' nightly_updates_publish_dir_prefix: mullvadbrowser- - browser_build: 3 linux-x86_64: var: ===================================== projects/geckoview/config ===================================== @@ -16,12 +16,12 @@ container: build_apk: 1 var: - firefox_platform_version: '128.3.0' + firefox_platform_version: '128.4.0' geckoview_version: '[% c("var/firefox_platform_version") %]esr' - browser_series: '14.0' + browser_series: '14.5' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 4 + browser_build: 1 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-128.4.0esr-14.5-1-build1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new tag base-browser-128.4.0esr-14.5-1-build1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new branch base-browser-128.4.0esr-14.5-1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new branch base-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-128.4.0esr-14.5-1-build1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new tag tor-browser-128.4.0esr-14.5-1-build1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new branch tor-browser-128.4.0esr-14.5-1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new branch tor-browser-128.4.0esr-14.5-1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag base-browser-128.4.0esr-14.0-1-build1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new tag base-browser-128.4.0esr-14.0-1-build1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/base-… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.4.0esr-14.0-1] 140 commits: Bug 1436226: Ignore user prefs and hardware support for media capabilities...
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.4.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 2fcdb407 by Fatih at 2024-10-22T09:48:19+02:00 Bug 1436226: Ignore user prefs and hardware support for media capabilities when RFPTarget::MediaCapabilities is enabled. r=tjr,media-playback-reviewers,padenot This patch mostly targeted Android, as media.mediasource.vp9.enabled is disabled on only Android and HW support takes precedence over pref, hence leaking HW support for VP9. However, we ended up modifying the patch to ignore prefs or HW support, fixing both possible user pref leak and HW support leak. Differential Revision: https://phabricator.services.mozilla.com/D221338 - - - - - 18531f02 by stransky at 2024-10-22T09:48:21+02:00 Bug 1501744 [Linux] Fill PointerEvents on the Gtk backend r=emilio Patch author is tpxp <tpxp(a)live.fr> Differential Revision: https://phabricator.services.mozilla.com/D215201 - - - - - 22f9bf63 by Fatih at 2024-10-22T09:48:21+02:00 Bug 1607032: Spoof screen orientation and angle to primary values. r=tjr,geckoview-reviewers,owlish Differential Revision: https://phabricator.services.mozilla.com/D220904 - - - - - 7b4bc09a by Henry Wilkes at 2024-10-22T09:48:22+02:00 Bug 1436462 - Use "Open in new private window" for bookmarks when in PBM. r=places-reviewers,mak This makes the bookmark menu consistent with the "File" and context menu when using private browsing mode. We also share the same hide item logic for these "open" items in one place in PlacesUIUtils so that they can be shared between the two consumers (regular bookmarks and managed bookmarks). This ensures that the "Open in container" item if hidden for managed bookmarks in a private window. Differential Revision: https://phabricator.services.mozilla.com/D220120 - - - - - df56afcf by Fatih at 2024-10-22T09:48:22+02:00 Bug 1834307: Change StaticPrefs::general_smoothScroll() calls with nsLayoutUtils::IsSmoothScrollingEnabled. r=tjr Differential Revision: https://phabricator.services.mozilla.com/D221363 - - - - - c880c792 by Fatih at 2024-10-22T09:48:22+02:00 Bug 1834307: Check RFPTarget::CSSPrefersReducedMotion in nsLayoutUtils::IsSmoothScrollingEnabled. r=tjr Differential Revision: https://phabricator.services.mozilla.com/D221364 - - - - - 129ce5df by Roger Yang at 2024-10-22T09:48:23+02:00 Bug 1862537 - Do not try to go back when it's a initial load r=android-reviewers,harrisono, a=pascalc Differential Revision: https://phabricator.services.mozilla.com/D219782 - - - - - 830883c0 by Timothy Nikkel at 2024-10-22T09:48:23+02:00 Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel. Differential Revision: https://phabricator.services.mozilla.com/D212083 - - - - - 72bb13d7 by pollymce at 2024-10-22T09:48:23+02:00 Bug 1902996 - Improve messaging for fullscreen notifications. r=android-reviewers,gl Instead of explaining to users that they are in fullscreen mode, which may be obvious, we explain how to get out of it :) Also use a Toast rather than a custom Dialog. Update Focus too. Fix lint errors. Differential Revision: https://phabricator.services.mozilla.com/D215782 - - - - - 1f8edb3c by Jon Coppeard at 2024-10-22T09:48:24+02:00 Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain Differential Revision: https://phabricator.services.mozilla.com/D214799 - - - - - cb895b82 by rahulsainani at 2024-10-22T09:48:24+02:00 Bug 1906024 - Format download file names better a=diannaS Original Revision: https://phabricator.services.mozilla.com/D220559 Differential Revision: https://phabricator.services.mozilla.com/D222254 - - - - - 4b727108 by rahulsainani at 2024-10-22T09:48:25+02:00 Bug 1906024 - Format download file names a=diannaS Original Revision: https://phabricator.services.mozilla.com/D221771 Differential Revision: https://phabricator.services.mozilla.com/D222259 - - - - - 3efa706a by Arturo Mejia at 2024-10-22T09:48:25+02:00 Bug 1908344 - Improve prompts showing a=dmeehan - BP, tor-browser#43005 Original Revision: https://phabricator.services.mozilla.com/D216996 Differential Revision: https://phabricator.services.mozilla.com/D217718 - - - - - 5e488e1f by Sam Foster at 2024-10-22T09:48:25+02:00 Bug 1909099 - Always clean up old session restore and sync log files. r=markh,sessionstore-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D217520 - - - - - 426a69fa by Nika Layzell at 2024-10-22T09:48:26+02:00 Bug 1911745 - Unify BrowsingContext flag coherency checks, r=mccr8 Previously these checks were largely diagnostic tools for finding bugs in other code as it evolves. This unifies the checks a bit more and makes them stronger for BrowsingContexts created over IPC, providing a place for more coherency checks to be added in the future. Differential Revision: https://phabricator.services.mozilla.com/D218860 - - - - - 32148f8a by Pier Angelo Vendrame at 2024-10-22T09:48:26+02:00 Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr The spoofed value of the HTTP user-agent header is not consistent with the value of navigator.userAgent on Windows, and this can lead to compatibility issues. Differential Revision: https://phabricator.services.mozilla.com/D223745 - - - - - be6304df by Fatih at 2024-10-22T09:48:26+02:00 Bug 1918202: Spoof orientation based on screen size. r=tjr Differential Revision: https://phabricator.services.mozilla.com/D221863 - - - - - 08112c31 by Henry Wilkes at 2024-10-22T09:48:27+02:00 Bug 1919363 - Only show one app menu "new window" item in permanent private browsing. r=mconley We also update the browser_private_browsing_window.js test. The previous test was limited because it was referring to non-existent "appmenu_newNavigator" and "appmenu_newPrivateWindow". Differential Revision: https://phabricator.services.mozilla.com/D222507 - - - - - 65fa4b42 by Fatih at 2024-10-22T09:48:27+02:00 Bug 1922204: fixup square spoofed orientation. r=tjr Differential Revision: https://phabricator.services.mozilla.com/D224312 - - - - - 1ff8c74b by Pier Angelo Vendrame at 2024-10-22T09:48:27+02:00 Bug 1923264 - Discard unsupported updates in selectUpdate. r=bytesized,nalexander UpdateService.#selectUpdate currently chooses always the most recent update even when unsupported and an older but supported one is available. This commit makes #selectUpdate discard the unsupported update if a supported alternative is found. Differential Revision: https://phabricator.services.mozilla.com/D224905 - - - - - 3a555583 by Henry Wilkes at 2024-10-22T09:48:28+02:00 Bug 41454: Move focus after calling openPreferences for a sub-category. Temporary fix until mozilla bug 1799153 gets a patch upstream. - - - - - 7bbba235 by Henry Wilkes at 2024-10-22T09:48:28+02:00 Bug 43072: Add aria label and description to moz-message-bar. Ensures that moz-message-bar, including notifications, are announced on Orca. This addresses upstream bugzilla bug 1895857 and should likely be replaced when it is fixed. - - - - - 8de967b5 by hackademix at 2024-10-22T09:48:28+02:00 Bug 42194: Fix blank net error page on failed DNS resolution with active proxy. - - - - - 9d5dfb3f by Henry Wilkes at 2024-10-22T09:48:29+02:00 Bug 41483: Remove the firefox override for appstrings.properties Remove this patch after upstream bugzilla bug 1790187 - - - - - 270feb33 by hackademix at 2024-10-22T09:48:29+02:00 Bug 43101: Deep link to the startup security warning explanation. - - - - - 8898383e by Marco Simonelli at 2024-10-22T09:48:29+02:00 Bug 41459: WebRTC fails to build under mingw (Part 1) - properly define NOMINMAX for just MSVC builds - - - - - 88ff5cff by Marco Simonelli at 2024-10-22T09:48:30+02:00 Bug 41459: WebRTC fails to build under mingw (Part 2) - fixes required to build third_party/libwebrtc - - - - - eeb97343 by Marco Simonelli at 2024-10-22T09:48:30+02:00 Bug 41459: WebRTC fails to build under mingw (Part 3) - fixes required to build third_party/sipcc - - - - - 266a2656 by Marco Simonelli at 2024-10-22T09:48:31+02:00 Bug 41459: WebRTC fails to build under mingw (Part 4) - fixes requried to build netwerk/sctp - - - - - aa63d2bb by Marco Simonelli at 2024-10-22T09:48:31+02:00 Bug 41459: WebRTC fails to build under mingw (Part 5) - fixes required to build dom/media/webrtc - - - - - 781e79b0 by Marco Simonelli at 2024-10-22T09:48:31+02:00 Bug 41459: WebRTC fails to build under mingw (Part 6) - fixes required to build dom/media/systemservices - - - - - 22d5e364 by hackademix at 2024-10-22T09:48:32+02:00 Bug 41854: Allow overriding download spam protection. - - - - - 1fc2f021 by hackademix at 2024-10-22T09:48:32+02:00 Bug 42832: Download spam prevention exemption for browser extensions. - - - - - 995382ec by Pier Angelo Vendrame at 2024-10-22T09:48:32+02:00 Bug 42220: Allow for more file types to be forced-inline. Firefox allows to open some files in the browser without any confirmation, but this will result in a disk leak, because the file will be downloaded to the temporary directory first (and not deleted, in some cases). A preference allows PDFs to be opened without being downloaded to disk. So, we introduce a similar one to do the same for all the files that are set to be opened automatically in the browser. - - - - - 5107671d by hackademix at 2024-10-22T09:48:33+02:00 Bug 42835: Create an actor to filter file data transfers - - - - - 23f97976 by Beatriz Rizental at 2024-10-22T09:48:33+02:00 Bug 42728: Modify ./mach lint to skip unused linters - - - - - 8c392e1d by Gaba at 2024-10-22T09:48:33+02:00 Adding issue and merge request templates - - - - - 98faf053 by Richard Pospesel at 2024-10-22T09:48:34+02:00 Bug 42683: Create script to generate issue triage csv file from bugzilla query and git logs - - - - - 540fbb61 by Beatriz Rizental at 2024-10-22T09:48:34+02:00 Add CI for Base Browser - - - - - 9e7107ea by Beatriz Rizental at 2024-10-22T09:48:34+02:00 fixup! Add CI for Base Browser Use tb-build dedicated runners for lint CI. - - - - - e24008f1 by Beatriz Rizental at 2024-10-22T09:53:04+02:00 fixup! Add CI for Base Browser - - - - - 6e96aa71 by Beatriz Rizental at 2024-10-22T10:44:53+02:00 fixup! Add CI for Base Browser Run file-whitespace linter for .java file changes. - - - - - 6646ba32 by Pier Angelo Vendrame at 2024-10-22T10:44:54+02:00 Base Browser's .mozconfigs. Bug 17858: Cannot create incremental MARs for hardened builds. Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff (which is part of mar-tools and is not distributed to end-users) with ASan. Bug 21849: Don't allow SSL key logging. Bug 25741 - TBA: Disable features at compile-time Define MOZ_ANDROID_NETWORK_STATE and MOZ_ANDROID_LOCATION Bug 27623 - Export MOZILLA_OFFICIAL during desktop builds This fixes a problem where some preferences had the wrong default value. Also see bug 27472 where we made a similar fix for Android. Bug 29859: Disable HLS support for now Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT Bug 33734: Set MOZ_NORMANDY to False Bug 33851: Omit Parental Controls. Bug 40252: Add --enable-rust-simd to our tor-browser mozconfig files Bug 41584: Move some configuration options to base-browser level - - - - - b01cb5d2 by Pier Angelo Vendrame at 2024-10-22T10:44:55+02:00 fixup! Base Browser's .mozconfigs. Bug 43151: Uniform the behavior of the android-all mozconfig. - - - - - 398130e0 by Pier Angelo Vendrame at 2024-10-22T10:44:55+02:00 Tweaks to the build system Bug 40857: Modified the fat .aar creation file This is a workaround to build fat .aars with the compiling enviornment disabled. Mozilla does not use a similar configuration, but either runs a Firefox build and discards its output, or uses artifacts build. We might switch to artifact builds too, and drop this patch, or write a better one to upstream. But until then we need this patch. See also https://bugzilla.mozilla.org/show_bug.cgi?id=1763770. Bug 41458: Prevent `mach package-multi-locale` from actually creating a package macOS builds need some files to be moved around with ./mach package-multi-locale to create multi-locale packages. The required command isn't exposed through any other mach command. So, we patch package-multi-locale both to prevent it from failing when doing official builds and to detect any future changes on it. - - - - - c7612bb0 by Pier Angelo Vendrame at 2024-10-22T10:44:55+02:00 Bug 29320: Replace the gnu target with gnullvm for Rust. - - - - - fa71eb96 by Pier Angelo Vendrame at 2024-10-22T10:44:56+02:00 Bug 42616: Remove VideoCaptureTest.kt. This is a workaround to fix the GeckoView build with WebRTC disabled. We should replace this workaround with a proper solution, that excludes this test when MOZ_WEBRTC is undefined/False. - - - - - 345c7aca by Pier Angelo Vendrame at 2024-10-22T10:44:56+02:00 Bug 41108: Remove privileged macOS installation from 102 - - - - - e3f206a5 by Dan Ballard at 2024-10-22T10:44:56+02:00 Bug 41149: Re-enable DLL injection protection in all builds not just nightlies - - - - - cffa9acf by Henry Wilkes at 2024-10-22T10:44:57+02:00 Bug 43092: Disable wayland by default in Base Browser. - - - - - 40ee2c95 by Matthew Finkel at 2024-10-22T10:44:57+02:00 Bug 24796: Comment out excess permissions from GeckoView The GeckoView AndroidManifest.xml is not preprocessed unlike Fennec's manifest, so we can't use the ifdef preprocessor guards around the permissions we do not want. Commenting the permissions is the next-best-thing. - - - - - ee39628b by Matthew Finkel at 2024-10-22T10:44:57+02:00 Bug 28125: Prevent non-Necko network connections - - - - - cce4e26b by Mike Perry at 2024-10-22T10:44:58+02:00 Bug 12974: Disable NTLM and Negotiate HTTP Auth The Mozilla bugs: https://bugzilla.mozilla.org/show_bug.cgi?id=1046421, https://bugzilla.mozilla.org/show_bug.cgi?id=1261591, tor-browser#27602 - - - - - 26a22d9c by cypherpunks1 at 2024-10-22T10:44:58+02:00 Bug 40717: Hide Windows SSO in settings - - - - - 9ea75d2e by Georg Koppen at 2024-10-22T10:44:58+02:00 Bug 16285: Exclude ClearKey system for now In the past the ClearKey system had not been compiled when specifying --disable-eme. But that changed and it is even bundled nowadays (see: Mozilla's bug 1300654). We don't want to ship it right now as the use case for it is not really visible while the code had security vulnerabilities in the past. - - - - - 34d387d0 by Kathy Brade at 2024-10-22T10:44:59+02:00 Bug 21431: Clean-up system extensions shipped in Firefox Only ship the pdfjs extension. - - - - - 789fd64d by Henry Wilkes at 2024-10-22T10:44:59+02:00 Bug 42831: Remove the shopping components. - - - - - 74bf97f4 by Kathy Brade at 2024-10-22T10:45:00+02:00 Bug 33852: Clean up about:logins (LockWise) to avoid mentioning sync, etc. Hide elements on about:logins that mention sync, "Firefox LockWise", and Mozilla's LockWise mobile apps. Disable the "Create New Login" button when security.nocertdb is true. - - - - - a1e782d1 by Alex Catarineu at 2024-10-22T10:45:00+02:00 Bug 41457: Remove Mozilla permissions Bug 40025: Remove Mozilla add-on install permissions - - - - - ca100ebb by Kathy Brade at 2024-10-22T10:45:00+02:00 Bug 40002: Remove about:ion Firefox Ion (previously Firefox Pioneer) is an opt-in program in which people volunteer to participate in studies that collect detailed, sensitive data about how they use their browser. Bug 41662: Disable about:sync-logs Even though we disable sync by default with `identity.fxaccounts.enabled`, this about: page is still avilable. We could throw an exception on the constructor of the related component, but it would result only in an error in the console, without a visible "this address does not look right" error page. If we fix the issues with MOZ_SERVICES_SYNC, we can restore the component. - - - - - 9bdc1854 by Morgan at 2024-10-22T10:45:01+02:00 Bug 42716: Disable unwanted about: pages - - - - - a7e0c3d5 by Arthur Edelstein at 2024-10-22T10:45:01+02:00 Bug 26353: Prevent speculative connect that violated FPI. Connections were observed in the catch-all circuit when the user entered an https or http URL in the URL bar, or typed a search term. - - - - - fe047aeb by Alex Catarineu at 2024-10-22T10:45:01+02:00 Bug 31740: Remove some unnecessary RemoteSettings instances More concretely, SearchService.jsm 'hijack-blocklists' and url-classifier-skip-urls. Avoid creating instance for 'anti-tracking-url-decoration'. If prefs are disabling their usage, avoid creating instances for 'cert-revocations' and 'intermediates'. Do not ship JSON dumps for collections we do not expect to need. For the ones in the 'main' bucket, this prevents them from being synced unnecessarily (the code in remote-settings does so for collections in the main bucket for which a dump or local data exists). For the collections in the other buckets, we just save some size by not shipping their dumps. We also clear the collections database on the v2 -> v3 migration. - - - - - 120a3e1e by cypherpunks1 at 2024-10-22T10:45:02+02:00 Bug 41092: Add a RemoteSettings JSON dump for query-stripping - - - - - e5161726 by cypherpunks1 at 2024-10-22T10:45:02+02:00 Bug 42730: Patch RemoteSettings to use only local dumps as a data source - - - - - f83b4deb by Pier Angelo Vendrame at 2024-10-22T10:45:03+02:00 Bug 41635: Disable the Normandy component Do not include Normandy at all whenever MOZ_NORMANDY is False. - - - - - c767818f by Georg Koppen at 2024-10-22T10:45:03+02:00 Bug 30541: Disable WebGL readPixel() for web content Related Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1428034 - - - - - 366afa1a by Alex Catarineu at 2024-10-22T10:45:03+02:00 Bug 28369: Stop shipping pingsender executable - - - - - 41e40cf8 by Henry Wilkes at 2024-10-22T10:45:04+02:00 Bug 42630: Disable LaterRun module. - - - - - dea4c7b2 by Pier Angelo Vendrame at 2024-10-22T10:45:04+02:00 Bug 41599: Always return an empty string as network ID Firefox computes an internal network ID used to detect network changes and act consequently (e.g., to improve WebSocket UX). However, there are a few ways to get this internal network ID, so we patch them out, to be sure any new code will not be able to use them and possibly link users. We also sent a patch to Mozilla to seed the internal network ID, to prevent any accidental leak in the future. Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1817756 - - - - - a074c3d7 by Pier Angelo Vendrame at 2024-10-22T10:45:04+02:00 Bug 42647: Make OS HTTP User-Agent OS spoofing configurable by pref This commits makes it possible to disable OS spoofing in the HTTP User-Agent header, to see if matching header and JS property improve usability. - - - - - dbdf25f8 by Richard Pospesel at 2024-10-22T10:45:05+02:00 Bug 41327: Disable UrlbarProviderInterventions - - - - - 2dd6d489 by Richard Pospesel at 2024-10-22T10:45:05+02:00 Bug 42037: Disable about:firefoxview page - - - - - b9e7f8ac by Mike Perry at 2024-10-22T10:45:05+02:00 Firefox preference overrides. This hack directly includes our preference changes in omni.ja. Bug 18292: Staged updates fail on Windows Temporarily disable staged updates on Windows. Bug 18297: Use separate Noto JP,KR,SC,TC fonts Bug 23404: Add Noto Sans Buginese to the macOS whitelist Bug 23745: Set dom.indexedDB.enabled = true Bug 13575: Disable randomised Firefox HTTP cache decay user tests. (Fernando Fernandez Mancera <ffmancera(a)riseup.net>) Bug 17252: Enable session identifiers with FPI Session tickets and session identifiers were isolated by OriginAttributes, so we can re-enable them by allowing the default value (true) of "security.ssl.disable_session_identifiers". The pref "security.enable_tls_session_tickets" is obsolete (removed in https://bugzilla.mozilla.org/917049) Bug 14952: Enable http/2 and AltSvc In Firefox, SPDY/HTTP2 now uses Origin Attributes for isolation of connections, push streams, origin frames, etc. That means we get first-party isolation provided "privacy.firstparty.isolate" is true. So in this patch, we stop overriding "network.http.spdy.enabled" and "network.http.spdy.enabled.http2". Alternate Services also use Origin Attributes for isolation. So we stop overriding "network.http.altsvc.enabled" and "network.http.altsvc.oe" as well. (All 4 of the abovementioned "network.http.*" prefs adopt Firefox 60ESR's default value of true.) However, we want to disable HTTP/2 push for now, so we set "network.http.spdy.allow-push" to false. "network.http.spdy.enabled.http2draft" was removed in Bug 1132357. "network.http.sped.enabled.v2" was removed in Bug 912550. "network.http.sped.enabled.v3" was removed in Bug 1097944. "network.http.sped.enabled.v3-1" was removed in Bug 1248197. Bug 26114: addons.mozilla.org is not special * Don't expose navigator.mozAddonManager on any site * Don't block NoScript from modifying addons.mozilla.org or other sites Enable ReaderView mode again (#27281). Bug 29916: Make sure enterprise policies are disabled Bug 2874: Block Components.interfaces from content Bug 26146: Spoof HTTP User-Agent header for desktop platforms In Tor Browser 8.0, the OS was revealed in both the HTTP User-Agent header and to JavaScript code via navigator.userAgent. To avoid leaking the OS inside each HTTP request (which many web servers log), always use the Windows 7 OS value in the desktop User-Agent header. We continue to allow access to the actual OS via JavaScript, since doing so improves compatibility with web applications such as GitHub and Google Docs. Bug 12885: Windows Jump Lists fail for Tor Browser Jumplist entries are stored in a binary file in: %APPDATA%\\Microsoft\Windows\Recent\CustomDestinations\ and has a name in the form [a-f0-9]+.customDestinations-ms The hex at the front is unique per app, and is ultimately derived from something called the 'App User Model ID' (AUMID) via some unknown hashing method. The AUMID is provided as a key when programmatically creating, updating, and deleting a jumplist. The default behaviour in firefox is for the installer to define an AUMID for an app, and save it in the registry so that the jumplist data can be removed by the uninstaller. However, the Tor Browser does not set this (or any other) regkey during installation, so this codepath fails and the app's AUMID is left undefined. As a result the app's AUMID ends up being defined by windows, but unknowable by Tor Browser. This unknown AUMID is used to create and modify the jumplist, but the delete API requires that we provide the app's AUMID explicitly. Since we don't know what the AUMID is (since the expected regkey where it is normally stored does not exist) jumplist deletion will fail and we will leave behind a mostly empty customDestinations-ms file. The name of the file is derived from the binary path, so an enterprising person could reverse engineer how that hex name is calculated, and generate the name for Tor Browser's default Desktop installation path to determine whether a person had used Tor Browser in the past. The 'taskbar.grouping.useprofile' option that is enabled by this patch works around this AUMID problem by having firefox.exe create it's own AUMID based on the profile path (rather than looking for a regkey). This way, if a user goes in and enables and disables jumplist entries, the backing store is properly deleted. Unfortunately, all windows users currently have this file lurking in the above mentioned directory and this patch will not remove it since it was created with an unknown AUMID. However, another patch could be written which goes to that directory and deletes any item containing the 'Tor Browser' string. See bug 28996. Bug 30845: Make sure default themes and other internal extensions are enabled Bug 28896: Enable extensions in private browsing by default Bug 31065: Explicitly allow proxying localhost Bug 31598: Enable letterboxing Disable Presentation API everywhere Bug 21549 - Use Firefox's WASM default pref. It is disabled at safer security levels. Bug 32321: Disable Mozilla's MitM pings Bug 19890: Disable installation of system addons By setting the URL to "" we make sure that already installed system addons get deleted as well. Bug 22548: Firefox downgrades VP9 videos to VP8. On systems where H.264 is not available or no HWA, VP9 is preferred. But in Tor Browser 7.0 all youtube videos are degraded to VP8. This behaviour can be turned off by setting media.benchmark.vp9.threshold to 0. All clients will get better experience and lower traffic, beause TBB doesn't use "Use hardware acceleration when available". Bug 25741 - TBA: Add mobile-override of 000-tor-browser prefs Bug 16441: Suppress "Reset Tor Browser" prompt. Bug 29120: Use the in-memory media cache and increase its maximum size. Bug 33697: use old search config based on list.json Bug 33855: Ensure that site-specific browser mode is disabled. Bug 30682: Disable Intermediate CA Preloading. Bug 40061: Omit the Windows default browser agent from the build Bug 40322: Consider disabling network.connectivity-service.enabled Bug 40408: Disallow SVG Context Paint in all web content Bug 40308: Disable network partitioning until we evaluate dFPI Bug 40322: Consider disabling network.connectivity-service.enabled Bug 40383: Disable dom.enable_event_timing Bug 40423: Disable http/3 Bug 40177: Update prefs for Fx91esr Bug 40700: Disable addons and features recommendations Bug 40682: Disable network.proxy.allow_bypass Bug 40736: Disable third-party cookies in PBM Bug 19850: Enabled HTTPS-Only by default Bug 40912: Hide the screenshot menu Bug 41292: Disable moreFromMozilla in preferences page Bug 40057: Ensure the CSS4 system colors are not a fingerprinting vector Bug 24686: Set network.http.tailing.enabled to true Bug 40183: Disable TLS ciphersuites using SHA-1 Bug 40783: Review 000-tor-browser.js and 001-base-profile.js for 102 We reviewed all the preferences we set for 102, and remove a few old ones. See the description of that issue to see all the preferences we believed were still valid for 102, and some brief description for the reasons to keep them. - - - - - f6a42160 by Morgan at 2024-10-22T10:45:06+02:00 fixup! Firefox preference overrides. Bug 43163: Disable offscreen canvas until verified it is not fingerprintable - - - - - c6051cf2 by Morgan at 2024-10-22T10:45:06+02:00 fixup! Firefox preference overrides. Bug 43164: Prevent search-bar from being auto-hidden when not used for awhile - - - - - fa7395cc by Pier Angelo Vendrame at 2024-10-22T10:45:07+02:00 fixup! Firefox preference overrides. Bug 42054: ESR128: investigate - thorin's list. Set or remove some preferences as suggested by Thorin. - - - - - c7032d86 by hackademix at 2024-10-22T10:45:07+02:00 fixup! Firefox preference overrides. MB361: Disable only cyphersuites using SH1 for signing (ECDSA). - - - - - 112ee959 by hackademix at 2024-10-22T10:45:07+02:00 fixup! Firefox preference overrides. Bug 43197: Disable automatic exception for HTTPS-First. - - - - - 8ffbeada by hackademix at 2024-10-22T10:45:08+02:00 fixup! Firefox preference overrides. Bug 42356: Preference review for Firefox ESR128. - - - - - 74b40adc by Pier Angelo Vendrame at 2024-10-22T10:45:08+02:00 Bug 41043: Hardcode the UI font on Linux The mechanism to choose the UI font does not play well with our fontconfig configuration. As a result, the final criterion to choose the font for the UI was its version. Since we hardcode Arimo as a default sans-serif on preferences, we use it also for the UI. FontConfig will fall back to some other font for scripts Arimo does not cover as expected (we tested with Japanese). Bug 43141: Hardcode system-ui to Arimo. - - - - - 29e5ac3c by Pier Angelo Vendrame at 2024-10-22T10:45:08+02:00 Bug 41901: Hardcode normalized FontSubstitutes. Windows has a system to set font aliases through the registry. This allows some customization that could be used as a fingerprinting vector. Moreover, this mechanism is used by Windows itself, and different SKUs might have different default FontSubstitutes. - - - - - 7bda8189 by Alex Catarineu at 2024-10-22T10:45:11+02:00 Bug 30605: Honor privacy.spoof_english in Android This checks `privacy.spoof_english` whenever `setLocales` is called from Fenix side and sets `intl.accept_languages` accordingly. Bug 40198: Expose privacy.spoof_english pref in GeckoView - - - - - 59588951 by Pier Angelo Vendrame at 2024-10-22T10:45:11+02:00 Bug 42562: Normalized the Accepted Languages on Android. The OS language might be outside the list of actually supported languages and it might leak the user's region. Therefore, we force the locale reported in Accept-Language to match one we support with translations, even when it means using a not exact region tag. - - - - - 223e4192 by Alex Catarineu at 2024-10-22T10:45:11+02:00 Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware - - - - - 5cd521c0 by Alex Catarineu at 2024-10-22T10:45:12+02:00 Bug 26345: Hide tracking protection UI - - - - - c13590cb by Henry Wilkes at 2024-10-22T10:45:12+02:00 Bug 43109: Hide Firefox Relay from settings. This should remain disabled, see tor-browser#42814. - - - - - 0fff7260 by Henry Wilkes at 2024-10-22T10:45:12+02:00 Bug 42777: Hide Website Privacy Preferences. We hide the Website Privacy Preferences section, which controls the "global privacy control" (GPC) and "do not track" (DNT) settings. - - - - - add86a12 by Morgan at 2024-10-22T10:45:13+02:00 Bug 42070: Hide "Use smooth scrolling" from settings - - - - - 5c86cf16 by Arthur Edelstein at 2024-10-22T10:45:13+02:00 Bug 18905: Hide unwanted items from help menu Bug 25660: Remove the "New Private Window" option - - - - - 335a042b by Pier Angelo Vendrame at 2024-10-22T10:45:14+02:00 Bug 41739: Remove "Website appearance" from about:preferences. It is ignored because of RFP and it is confusing for users. - - - - - 0a3bb5ce by Henry Wilkes at 2024-10-22T10:45:14+02:00 Bug 43117: Hide "Always underline links" from settings. - - - - - bcb4d34d by Pier Angelo Vendrame at 2024-10-22T10:45:14+02:00 Bug 42774: Always hide the third-pary certs UI. - - - - - dae7830d by Henry Wilkes at 2024-10-22T10:45:15+02:00 Bug 43118: Hide feature recommendation (CFR) settings. - - - - - 6ec077cb by Pier Angelo Vendrame at 2024-10-22T10:45:15+02:00 Bug 9173: Change the default Firefox profile directory to be relative. This commit makes Firefox look for the default profile directory in a directory relative to the binary path. The directory can be specified through the --with-relative-data-dir. This is relative to the same directory as the firefox main binary for Linux and Windows. On macOS, we remove Contents/MacOS from it. Or, in other words, the directory is relative to the application bundle. This behavior can be overriden at runtime, by placing a file called system-install adjacent to the firefox main binary (also on macOS). - - - - - e4b61271 by Pier Angelo Vendrame at 2024-10-22T10:45:15+02:00 Bug 42773: Replace ~ with the original home. In Bug 93141, Mozilla started sending users to their home when they type ~ in the URL bar. On Linux, we change $HOME for various reason, therefore you would be redirected to the spoofed home directory when typing ~. So, we check if the original home directory is known, and use that, instead. - - - - - 9aad43e4 by Alex Catarineu at 2024-10-22T10:45:16+02:00 Bug 27604: Fix addon issues when moving the profile directory Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1429838 - - - - - 8faca87e by Mike Perry at 2024-10-22T10:45:16+02:00 Bug 13028: Prevent potential proxy bypass cases. It looks like these cases should only be invoked in the NSS command line tools, and not the browser, but I decided to patch them anyway because there literally is a maze of network function pointers being passed around, and it's very hard to tell if some random code might not pass in the proper proxied versions of the networking code here by accident. Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1433509 - - - - - 30db95a4 by Pier Angelo Vendrame at 2024-10-22T10:45:16+02:00 Bug 40309: Avoid using regional OS locales Avoid regional OS locales if the pref `intl.regional_prefs.use_os_locales` is false but RFP is enabled. - - - - - eb2059cb by Matthew Finkel at 2024-10-22T10:45:17+02:00 Bug 40432: Prevent probing installed applications Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1711084 - - - - - 2eff1716 by cypherpunks1 at 2024-10-22T10:45:17+02:00 Bug 33955: When copying an image only copy the image contents to the clipboard - - - - - 02d9798b by cypherpunks1 at 2024-10-22T10:45:18+02:00 Bug 41791: Omit the source URL when copying page contents to the clipboard - - - - - 659b46f5 by hackademix at 2024-10-22T10:45:18+02:00 Bug 42288: Allow language spoofing in status messages. - - - - - ddda1d58 by Pier Angelo Vendrame at 2024-10-22T10:45:18+02:00 Bug 43196: Remove the vendor name from media notifications on Linux. Firefox shows "vendor remoteName" as a title of the "... is playing media" notification on Linux. However, for our browser the remote name is enough, and prepending the vendor to it creates a string users usually never see. - - - - - fc8a8fc2 by Pier Angelo Vendrame at 2024-10-22T10:45:19+02:00 Base Browser strings This commit adds all the strings needed by following Base Browser patches. - - - - - c43891be by Pier Angelo Vendrame at 2024-10-22T10:45:19+02:00 Bug 41369: Improve Firefox language settings for multi-lingual packages Change the language selector to be sorted by language code, rather than name, and to display the language code to the user. Bug 41372: Handle Japanese as a special case in preferences on macOS Japanese is treated in a special way on macOS. However, seeing the Japanese language tag could be confusing for users, and moreover the language name is not localized correctly like other langs. Bug 41378: Tell users that they can change their language at the first start With multi-lingual builds, Tor Browser matches the user's system language, but some users might want to change it. So, we tell them that it is possible, but only once. - - - - - 53006372 by p13dz at 2024-10-22T10:45:19+02:00 Bug 40283: Workaround for the file upload bug - - - - - 971e73ae by hackademix at 2024-10-22T10:45:20+02:00 Bug 42019: Empty browser's clipboard on browser shutdown - - - - - ddbf9421 by hackademix at 2024-10-22T10:45:20+02:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 43209: Check if any data is available before trying to retrieve it from the clipboard. - - - - - 71639df6 by hackademix at 2024-10-22T10:45:20+02:00 Bug 42084: Ensure English spoofing works even if preferences are set out of order. - - - - - c28b53dd by Pier Angelo Vendrame at 2024-10-22T10:45:21+02:00 Bug 41930: Remove the UI to customize accept_languages. - - - - - d436a5c6 by hackademix at 2024-10-22T10:45:21+02:00 Bug 41434: Letterboxing, preemptively apply margins in a global CSS rule to mitigate race conditions on newly created windows and tabs. - - - - - 71b9722c by hackademix at 2024-10-22T10:45:22+02:00 Bug 41434: Letterboxing, improve logging. - - - - - eea1ffec by hackademix at 2024-10-22T10:45:22+02:00 Bug 31064: Letterboxing, exempt browser extensions. - - - - - 8d68ae8f by hackademix at 2024-10-22T10:45:22+02:00 Bug 32411: Letterboxing, exempt view-source: URIs. - - - - - a4b030e5 by hackademix at 2024-10-22T10:45:23+02:00 Bug 42574: Letterboxing, exempt pdf.js. - - - - - 49e8e240 by hackademix at 2024-10-22T10:45:23+02:00 Bug 32308: Use direct browser sizing for letterboxing. Bug 30556: align letterboxing with 200x100 new win width stepping - - - - - 06d647ea by hackademix at 2024-10-22T10:45:23+02:00 fixup! Bug 32308: Use direct browser sizing for letterboxing. Bug 43217: Do not round letterboxing corners in fullscreen. - - - - - 2e4a7753 by hackademix at 2024-10-22T10:45:24+02:00 Bug 41631: Prevent weird initial window dimensions caused by subpixel computations - - - - - fb2a971b by hackademix at 2024-10-22T10:45:24+02:00 Bug 41918: Option to reuse last window size when letterboxing is enabled. - - - - - 0ec36850 by hackademix at 2024-10-22T10:45:25+02:00 Bug 41916: Letterboxing preferences UI - - - - - e18fbeb8 by hackademix at 2024-10-22T10:45:25+02:00 Bug 41695: Warn on window maximization without letterboxing in RFPHelper module - - - - - 03e851af by hackademix at 2024-10-22T10:45:27+02:00 Bug 42443: Shrink window to match letterboxing size when the emtpy area is clicked. - - - - - af685fc2 by Henry Wilkes at 2024-10-22T10:45:28+02:00 Bug 42528: Don't leak system scrollbar size on windows. - - - - - 7fdb5ccb by Henry Wilkes at 2024-10-22T10:45:28+02:00 Bug 31575: Disable Firefox Home (Activity Stream) Treat about:blank as the default home page and new tab page. Avoid loading AboutNewTab in BrowserGlue.sys.mjs in order to avoid several network requests that we do not need. Bug 41624: Disable about:pocket-* pages. Bug 40144: Redirect about:privatebrowsing to the user's home - - - - - c1f5163c by Kathy Brade at 2024-10-22T10:45:28+02:00 Bug 4234: Use the Firefox Update Process for Base Browser. Windows: disable "runas" code path in updater (15201). Windows: avoid writing to the registry (16236). Also includes fixes for tickets 13047, 13301, 13356, 13594, 15406, 16014, 16909, 24476, and 25909. Also fix bug 27221: purge the startup cache if the Base Browser version changed (even if the Firefox version and build ID did not change), e.g., after a minor Base Browser update. Also fix 32616: Disable GetSecureOutputDirectoryPath() functionality. Bug 26048: potentially confusing "restart to update" message Within the update doorhanger, remove the misleading message that mentions that windows will be restored after an update is applied, and replace the "Restart and Restore" button label with an existing "Restart to update Tor Browser" string. Bug 28885: notify users that update is downloading Add a "Downloading Base Browser update" item which appears in the hamburger (app) menu while the update service is downloading a MAR file. Before this change, the browser did not indicate to the user that an update was in progress, which is especially confusing in Tor Browser because downloads often take some time. If the user clicks on the new menu item, the about dialog is opened to allow the user to see download progress. As part of this fix, the update service was changed to always show update-related messages in the hamburger menu, even if the update was started in the foreground via the about dialog or via the "Check for Tor Browser Update" toolbar menu item. This change is consistent with the Tor Browser goal of making sure users are informed about the update process. Removed #28885 parts of this patch which have been uplifted to Firefox. - - - - - 73fac8f0 by Pier Angelo Vendrame at 2024-10-22T10:45:29+02:00 Bug 42061: Create an alpha update channel. - - - - - ede5a232 by Nicolas Vigier at 2024-10-22T10:45:29+02:00 Bug 41682: Add base-browser nightly mar signing key - - - - - 917452ac by Pier Angelo Vendrame at 2024-10-22T10:45:30+02:00 Bug 41603: Customize the creation of MOZ_SOURCE_URL MOZ_SOURCE_URL is created by combining MOZ_SOURCE_REPO and MOZ_SOURCE_CHANGESET. But the code takes for granted that it refers to a Hg instance, so it combines them as `$MOZ_SOURCE_REPO/rev/$MOZ_SOURCE_CHANGESET`. With this commit, we change this logic to combine them to create a URL that is valid for GitLab. $MOZ_SOURCE_CHANGESET needs to be a commit hash, not a branch or a tag. If that is needed, we could use /-/tree/, instead of /-/commit/. - - - - - ece50578 by Pier Angelo Vendrame at 2024-10-22T10:45:30+02:00 Bug 41698: Reword the recommendation badges in about:addons Firefox strings use { -brand-product-name }. As a result, it seems that the fork is recommending extensions, whereas AMO curators are doing that. So, we replace the strings with custom ones that clarify that Mozilla is recommending them. We assign the strings with JS because our translation backend does not support Fluent attributes, yet, but once it does, we should switch to them, instead. Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1825033 - - - - - 732cc239 by Pier Angelo Vendrame at 2024-10-22T10:45:30+02:00 Bug 42438: Tweaks to the migration wizard. Remove the items not compatible with our features (such as history) from the migration wizard. On Linux, allow to specify an alternative home directory, since we usually change $HOME in our startup script. - - - - - 0a8e3ad3 by Alex Catarineu at 2024-10-22T10:45:31+02:00 Bug 40069: Add helpers for message passing with extensions - - - - - b8c97a2b by Matthew Finkel at 2024-10-22T10:45:31+02:00 Bug 41598: Prevent NoScript from being removed/disabled. Bug 40253: Explicitly allow NoScript in Private Browsing mode. - - - - - 6b051c5e by Henry Wilkes at 2024-10-22T10:45:31+02:00 Bug 41736: Hide NoScript extension's toolbar button by default. This hides it from both the toolbar and the unified extensions panel. We also hide the unified-extension-button if the panel would be empty: not including the NoScript button when it is hidden. As a result, this will be hidden by default until a user installs another extension (or shows the NoScript button and unpins it). - - - - - 78ff7115 by hackademix at 2024-10-22T10:45:32+02:00 Bug 41834: Hide "Can't Be Removed - learn more" menu line for uninstallable add-ons - - - - - a4bf6759 by Pier Angelo Vendrame at 2024-10-22T10:45:32+02:00 Bug 40925: Implemented the Security Level component This component adds a new Security Level toolbar button which visually indicates the current global security level via icon (as defined by the extensions.torbutton.security_slider pref), a drop-down hanger with a short description of the current security level, and a new section in the about:preferences#privacy page where users can change their current security level. In addition, the hanger and the preferences page will show a visual warning when the user has modified prefs associated with the security level and provide a one-click 'Restore Defaults' button to get the user back on recommended settings. Bug 40125: Expose Security Level pref in GeckoView - - - - - 942e53f7 by Pier Angelo Vendrame at 2024-10-22T10:45:33+02:00 Bug 40926: Implemented the New Identity feature - - - - - 25ee5da8 by Henry Wilkes at 2024-10-22T10:45:33+02:00 Bug 41736: Customize toolbar for base-browser. - - - - - 82860088 by Pier Angelo Vendrame at 2024-10-22T10:45:33+02:00 Bug 42027: Base Browser migration procedures. This commit implmenents the the Base Browser's version of _migrateUI. - - - - - 24e628c1 by Henry Wilkes at 2024-10-22T10:45:34+02:00 Bug 42583: Modify moz-support-link for Base Browser. - - - - - 30 changed files: - .eslintignore - + .gitlab-ci.yml - + .gitlab/ci/docker/base/Dockerfile - + .gitlab/ci/lint.yml - + .gitlab/ci/scripts/helpers.py - + .gitlab/issue_templates/Emergency Security Issue.md - + .gitlab/issue_templates/QA - Android.md - + .gitlab/issue_templates/QA - Desktop.md - + .gitlab/issue_templates/bug.md - + .gitlab/merge_request_templates/default.md - .prettierignore - − browser/actors/RFPHelperChild.sys.mjs - − browser/actors/RFPHelperParent.sys.mjs - browser/actors/moz.build - browser/app/Makefile.in - browser/app/macbuild/Contents/MacOS-files.in - browser/app/moz.build - browser/app/permissions - + browser/app/profile/001-base-profile.js - browser/app/profile/firefox.js - browser/base/content/aboutDialog-appUpdater.js - browser/base/content/aboutDialog.js - browser/base/content/aboutDialog.xhtml - browser/base/content/appmenu-viewcache.inc.xhtml - browser/base/content/browser-addons.js - browser/base/content/browser-context.inc - browser/base/content/browser-init.js - browser/base/content/browser-menubar.inc - browser/base/content/browser-safebrowsing.js - browser/base/content/browser-sets.inc The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/cc… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/cc… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-128.4.0esr-14.0-1-build1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new tag base-browser-128.4.0esr-14.0-1-build1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new branch base-browser-128.4.0esr-14.0-1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new branch base-browser-128.4.0esr-14.0-1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-128.4.0esr-14.0-1-build1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new tag tor-browser-128.4.0esr-14.0-1-build1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.4.0esr-14.0-1] 248 commits: Bug 1436226: Ignore user prefs and hardware support for media capabilities...
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.4.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 2fcdb407 by Fatih at 2024-10-22T09:48:19+02:00 Bug 1436226: Ignore user prefs and hardware support for media capabilities when RFPTarget::MediaCapabilities is enabled. r=tjr,media-playback-reviewers,padenot This patch mostly targeted Android, as media.mediasource.vp9.enabled is disabled on only Android and HW support takes precedence over pref, hence leaking HW support for VP9. However, we ended up modifying the patch to ignore prefs or HW support, fixing both possible user pref leak and HW support leak. Differential Revision: https://phabricator.services.mozilla.com/D221338 - - - - - 18531f02 by stransky at 2024-10-22T09:48:21+02:00 Bug 1501744 [Linux] Fill PointerEvents on the Gtk backend r=emilio Patch author is tpxp <tpxp(a)live.fr> Differential Revision: https://phabricator.services.mozilla.com/D215201 - - - - - 22f9bf63 by Fatih at 2024-10-22T09:48:21+02:00 Bug 1607032: Spoof screen orientation and angle to primary values. r=tjr,geckoview-reviewers,owlish Differential Revision: https://phabricator.services.mozilla.com/D220904 - - - - - 7b4bc09a by Henry Wilkes at 2024-10-22T09:48:22+02:00 Bug 1436462 - Use "Open in new private window" for bookmarks when in PBM. r=places-reviewers,mak This makes the bookmark menu consistent with the "File" and context menu when using private browsing mode. We also share the same hide item logic for these "open" items in one place in PlacesUIUtils so that they can be shared between the two consumers (regular bookmarks and managed bookmarks). This ensures that the "Open in container" item if hidden for managed bookmarks in a private window. Differential Revision: https://phabricator.services.mozilla.com/D220120 - - - - - df56afcf by Fatih at 2024-10-22T09:48:22+02:00 Bug 1834307: Change StaticPrefs::general_smoothScroll() calls with nsLayoutUtils::IsSmoothScrollingEnabled. r=tjr Differential Revision: https://phabricator.services.mozilla.com/D221363 - - - - - c880c792 by Fatih at 2024-10-22T09:48:22+02:00 Bug 1834307: Check RFPTarget::CSSPrefersReducedMotion in nsLayoutUtils::IsSmoothScrollingEnabled. r=tjr Differential Revision: https://phabricator.services.mozilla.com/D221364 - - - - - 129ce5df by Roger Yang at 2024-10-22T09:48:23+02:00 Bug 1862537 - Do not try to go back when it's a initial load r=android-reviewers,harrisono, a=pascalc Differential Revision: https://phabricator.services.mozilla.com/D219782 - - - - - 830883c0 by Timothy Nikkel at 2024-10-22T09:48:23+02:00 Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel. Differential Revision: https://phabricator.services.mozilla.com/D212083 - - - - - 72bb13d7 by pollymce at 2024-10-22T09:48:23+02:00 Bug 1902996 - Improve messaging for fullscreen notifications. r=android-reviewers,gl Instead of explaining to users that they are in fullscreen mode, which may be obvious, we explain how to get out of it :) Also use a Toast rather than a custom Dialog. Update Focus too. Fix lint errors. Differential Revision: https://phabricator.services.mozilla.com/D215782 - - - - - 1f8edb3c by Jon Coppeard at 2024-10-22T09:48:24+02:00 Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain Differential Revision: https://phabricator.services.mozilla.com/D214799 - - - - - cb895b82 by rahulsainani at 2024-10-22T09:48:24+02:00 Bug 1906024 - Format download file names better a=diannaS Original Revision: https://phabricator.services.mozilla.com/D220559 Differential Revision: https://phabricator.services.mozilla.com/D222254 - - - - - 4b727108 by rahulsainani at 2024-10-22T09:48:25+02:00 Bug 1906024 - Format download file names a=diannaS Original Revision: https://phabricator.services.mozilla.com/D221771 Differential Revision: https://phabricator.services.mozilla.com/D222259 - - - - - 3efa706a by Arturo Mejia at 2024-10-22T09:48:25+02:00 Bug 1908344 - Improve prompts showing a=dmeehan - BP, tor-browser#43005 Original Revision: https://phabricator.services.mozilla.com/D216996 Differential Revision: https://phabricator.services.mozilla.com/D217718 - - - - - 5e488e1f by Sam Foster at 2024-10-22T09:48:25+02:00 Bug 1909099 - Always clean up old session restore and sync log files. r=markh,sessionstore-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D217520 - - - - - 426a69fa by Nika Layzell at 2024-10-22T09:48:26+02:00 Bug 1911745 - Unify BrowsingContext flag coherency checks, r=mccr8 Previously these checks were largely diagnostic tools for finding bugs in other code as it evolves. This unifies the checks a bit more and makes them stronger for BrowsingContexts created over IPC, providing a place for more coherency checks to be added in the future. Differential Revision: https://phabricator.services.mozilla.com/D218860 - - - - - 32148f8a by Pier Angelo Vendrame at 2024-10-22T09:48:26+02:00 Bug 1918009 - Fix the RFP-spoofed User-Agent header. r=tjr The spoofed value of the HTTP user-agent header is not consistent with the value of navigator.userAgent on Windows, and this can lead to compatibility issues. Differential Revision: https://phabricator.services.mozilla.com/D223745 - - - - - be6304df by Fatih at 2024-10-22T09:48:26+02:00 Bug 1918202: Spoof orientation based on screen size. r=tjr Differential Revision: https://phabricator.services.mozilla.com/D221863 - - - - - 08112c31 by Henry Wilkes at 2024-10-22T09:48:27+02:00 Bug 1919363 - Only show one app menu "new window" item in permanent private browsing. r=mconley We also update the browser_private_browsing_window.js test. The previous test was limited because it was referring to non-existent "appmenu_newNavigator" and "appmenu_newPrivateWindow". Differential Revision: https://phabricator.services.mozilla.com/D222507 - - - - - 65fa4b42 by Fatih at 2024-10-22T09:48:27+02:00 Bug 1922204: fixup square spoofed orientation. r=tjr Differential Revision: https://phabricator.services.mozilla.com/D224312 - - - - - 1ff8c74b by Pier Angelo Vendrame at 2024-10-22T09:48:27+02:00 Bug 1923264 - Discard unsupported updates in selectUpdate. r=bytesized,nalexander UpdateService.#selectUpdate currently chooses always the most recent update even when unsupported and an older but supported one is available. This commit makes #selectUpdate discard the unsupported update if a supported alternative is found. Differential Revision: https://phabricator.services.mozilla.com/D224905 - - - - - 3a555583 by Henry Wilkes at 2024-10-22T09:48:28+02:00 Bug 41454: Move focus after calling openPreferences for a sub-category. Temporary fix until mozilla bug 1799153 gets a patch upstream. - - - - - 7bbba235 by Henry Wilkes at 2024-10-22T09:48:28+02:00 Bug 43072: Add aria label and description to moz-message-bar. Ensures that moz-message-bar, including notifications, are announced on Orca. This addresses upstream bugzilla bug 1895857 and should likely be replaced when it is fixed. - - - - - 8de967b5 by hackademix at 2024-10-22T09:48:28+02:00 Bug 42194: Fix blank net error page on failed DNS resolution with active proxy. - - - - - 9d5dfb3f by Henry Wilkes at 2024-10-22T09:48:29+02:00 Bug 41483: Remove the firefox override for appstrings.properties Remove this patch after upstream bugzilla bug 1790187 - - - - - 270feb33 by hackademix at 2024-10-22T09:48:29+02:00 Bug 43101: Deep link to the startup security warning explanation. - - - - - 8898383e by Marco Simonelli at 2024-10-22T09:48:29+02:00 Bug 41459: WebRTC fails to build under mingw (Part 1) - properly define NOMINMAX for just MSVC builds - - - - - 88ff5cff by Marco Simonelli at 2024-10-22T09:48:30+02:00 Bug 41459: WebRTC fails to build under mingw (Part 2) - fixes required to build third_party/libwebrtc - - - - - eeb97343 by Marco Simonelli at 2024-10-22T09:48:30+02:00 Bug 41459: WebRTC fails to build under mingw (Part 3) - fixes required to build third_party/sipcc - - - - - 266a2656 by Marco Simonelli at 2024-10-22T09:48:31+02:00 Bug 41459: WebRTC fails to build under mingw (Part 4) - fixes requried to build netwerk/sctp - - - - - aa63d2bb by Marco Simonelli at 2024-10-22T09:48:31+02:00 Bug 41459: WebRTC fails to build under mingw (Part 5) - fixes required to build dom/media/webrtc - - - - - 781e79b0 by Marco Simonelli at 2024-10-22T09:48:31+02:00 Bug 41459: WebRTC fails to build under mingw (Part 6) - fixes required to build dom/media/systemservices - - - - - 22d5e364 by hackademix at 2024-10-22T09:48:32+02:00 Bug 41854: Allow overriding download spam protection. - - - - - 1fc2f021 by hackademix at 2024-10-22T09:48:32+02:00 Bug 42832: Download spam prevention exemption for browser extensions. - - - - - 995382ec by Pier Angelo Vendrame at 2024-10-22T09:48:32+02:00 Bug 42220: Allow for more file types to be forced-inline. Firefox allows to open some files in the browser without any confirmation, but this will result in a disk leak, because the file will be downloaded to the temporary directory first (and not deleted, in some cases). A preference allows PDFs to be opened without being downloaded to disk. So, we introduce a similar one to do the same for all the files that are set to be opened automatically in the browser. - - - - - 5107671d by hackademix at 2024-10-22T09:48:33+02:00 Bug 42835: Create an actor to filter file data transfers - - - - - 23f97976 by Beatriz Rizental at 2024-10-22T09:48:33+02:00 Bug 42728: Modify ./mach lint to skip unused linters - - - - - 8c392e1d by Gaba at 2024-10-22T09:48:33+02:00 Adding issue and merge request templates - - - - - 98faf053 by Richard Pospesel at 2024-10-22T09:48:34+02:00 Bug 42683: Create script to generate issue triage csv file from bugzilla query and git logs - - - - - 540fbb61 by Beatriz Rizental at 2024-10-22T09:48:34+02:00 Add CI for Base Browser - - - - - 9e7107ea by Beatriz Rizental at 2024-10-22T09:48:34+02:00 fixup! Add CI for Base Browser Use tb-build dedicated runners for lint CI. - - - - - e24008f1 by Beatriz Rizental at 2024-10-22T09:53:04+02:00 fixup! Add CI for Base Browser - - - - - 6e96aa71 by Beatriz Rizental at 2024-10-22T10:44:53+02:00 fixup! Add CI for Base Browser Run file-whitespace linter for .java file changes. - - - - - 6646ba32 by Pier Angelo Vendrame at 2024-10-22T10:44:54+02:00 Base Browser's .mozconfigs. Bug 17858: Cannot create incremental MARs for hardened builds. Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff (which is part of mar-tools and is not distributed to end-users) with ASan. Bug 21849: Don't allow SSL key logging. Bug 25741 - TBA: Disable features at compile-time Define MOZ_ANDROID_NETWORK_STATE and MOZ_ANDROID_LOCATION Bug 27623 - Export MOZILLA_OFFICIAL during desktop builds This fixes a problem where some preferences had the wrong default value. Also see bug 27472 where we made a similar fix for Android. Bug 29859: Disable HLS support for now Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT Bug 33734: Set MOZ_NORMANDY to False Bug 33851: Omit Parental Controls. Bug 40252: Add --enable-rust-simd to our tor-browser mozconfig files Bug 41584: Move some configuration options to base-browser level - - - - - b01cb5d2 by Pier Angelo Vendrame at 2024-10-22T10:44:55+02:00 fixup! Base Browser's .mozconfigs. Bug 43151: Uniform the behavior of the android-all mozconfig. - - - - - 398130e0 by Pier Angelo Vendrame at 2024-10-22T10:44:55+02:00 Tweaks to the build system Bug 40857: Modified the fat .aar creation file This is a workaround to build fat .aars with the compiling enviornment disabled. Mozilla does not use a similar configuration, but either runs a Firefox build and discards its output, or uses artifacts build. We might switch to artifact builds too, and drop this patch, or write a better one to upstream. But until then we need this patch. See also https://bugzilla.mozilla.org/show_bug.cgi?id=1763770. Bug 41458: Prevent `mach package-multi-locale` from actually creating a package macOS builds need some files to be moved around with ./mach package-multi-locale to create multi-locale packages. The required command isn't exposed through any other mach command. So, we patch package-multi-locale both to prevent it from failing when doing official builds and to detect any future changes on it. - - - - - c7612bb0 by Pier Angelo Vendrame at 2024-10-22T10:44:55+02:00 Bug 29320: Replace the gnu target with gnullvm for Rust. - - - - - fa71eb96 by Pier Angelo Vendrame at 2024-10-22T10:44:56+02:00 Bug 42616: Remove VideoCaptureTest.kt. This is a workaround to fix the GeckoView build with WebRTC disabled. We should replace this workaround with a proper solution, that excludes this test when MOZ_WEBRTC is undefined/False. - - - - - 345c7aca by Pier Angelo Vendrame at 2024-10-22T10:44:56+02:00 Bug 41108: Remove privileged macOS installation from 102 - - - - - e3f206a5 by Dan Ballard at 2024-10-22T10:44:56+02:00 Bug 41149: Re-enable DLL injection protection in all builds not just nightlies - - - - - cffa9acf by Henry Wilkes at 2024-10-22T10:44:57+02:00 Bug 43092: Disable wayland by default in Base Browser. - - - - - 40ee2c95 by Matthew Finkel at 2024-10-22T10:44:57+02:00 Bug 24796: Comment out excess permissions from GeckoView The GeckoView AndroidManifest.xml is not preprocessed unlike Fennec's manifest, so we can't use the ifdef preprocessor guards around the permissions we do not want. Commenting the permissions is the next-best-thing. - - - - - ee39628b by Matthew Finkel at 2024-10-22T10:44:57+02:00 Bug 28125: Prevent non-Necko network connections - - - - - cce4e26b by Mike Perry at 2024-10-22T10:44:58+02:00 Bug 12974: Disable NTLM and Negotiate HTTP Auth The Mozilla bugs: https://bugzilla.mozilla.org/show_bug.cgi?id=1046421, https://bugzilla.mozilla.org/show_bug.cgi?id=1261591, tor-browser#27602 - - - - - 26a22d9c by cypherpunks1 at 2024-10-22T10:44:58+02:00 Bug 40717: Hide Windows SSO in settings - - - - - 9ea75d2e by Georg Koppen at 2024-10-22T10:44:58+02:00 Bug 16285: Exclude ClearKey system for now In the past the ClearKey system had not been compiled when specifying --disable-eme. But that changed and it is even bundled nowadays (see: Mozilla's bug 1300654). We don't want to ship it right now as the use case for it is not really visible while the code had security vulnerabilities in the past. - - - - - 34d387d0 by Kathy Brade at 2024-10-22T10:44:59+02:00 Bug 21431: Clean-up system extensions shipped in Firefox Only ship the pdfjs extension. - - - - - 789fd64d by Henry Wilkes at 2024-10-22T10:44:59+02:00 Bug 42831: Remove the shopping components. - - - - - 74bf97f4 by Kathy Brade at 2024-10-22T10:45:00+02:00 Bug 33852: Clean up about:logins (LockWise) to avoid mentioning sync, etc. Hide elements on about:logins that mention sync, "Firefox LockWise", and Mozilla's LockWise mobile apps. Disable the "Create New Login" button when security.nocertdb is true. - - - - - a1e782d1 by Alex Catarineu at 2024-10-22T10:45:00+02:00 Bug 41457: Remove Mozilla permissions Bug 40025: Remove Mozilla add-on install permissions - - - - - ca100ebb by Kathy Brade at 2024-10-22T10:45:00+02:00 Bug 40002: Remove about:ion Firefox Ion (previously Firefox Pioneer) is an opt-in program in which people volunteer to participate in studies that collect detailed, sensitive data about how they use their browser. Bug 41662: Disable about:sync-logs Even though we disable sync by default with `identity.fxaccounts.enabled`, this about: page is still avilable. We could throw an exception on the constructor of the related component, but it would result only in an error in the console, without a visible "this address does not look right" error page. If we fix the issues with MOZ_SERVICES_SYNC, we can restore the component. - - - - - 9bdc1854 by Morgan at 2024-10-22T10:45:01+02:00 Bug 42716: Disable unwanted about: pages - - - - - a7e0c3d5 by Arthur Edelstein at 2024-10-22T10:45:01+02:00 Bug 26353: Prevent speculative connect that violated FPI. Connections were observed in the catch-all circuit when the user entered an https or http URL in the URL bar, or typed a search term. - - - - - fe047aeb by Alex Catarineu at 2024-10-22T10:45:01+02:00 Bug 31740: Remove some unnecessary RemoteSettings instances More concretely, SearchService.jsm 'hijack-blocklists' and url-classifier-skip-urls. Avoid creating instance for 'anti-tracking-url-decoration'. If prefs are disabling their usage, avoid creating instances for 'cert-revocations' and 'intermediates'. Do not ship JSON dumps for collections we do not expect to need. For the ones in the 'main' bucket, this prevents them from being synced unnecessarily (the code in remote-settings does so for collections in the main bucket for which a dump or local data exists). For the collections in the other buckets, we just save some size by not shipping their dumps. We also clear the collections database on the v2 -> v3 migration. - - - - - 120a3e1e by cypherpunks1 at 2024-10-22T10:45:02+02:00 Bug 41092: Add a RemoteSettings JSON dump for query-stripping - - - - - e5161726 by cypherpunks1 at 2024-10-22T10:45:02+02:00 Bug 42730: Patch RemoteSettings to use only local dumps as a data source - - - - - f83b4deb by Pier Angelo Vendrame at 2024-10-22T10:45:03+02:00 Bug 41635: Disable the Normandy component Do not include Normandy at all whenever MOZ_NORMANDY is False. - - - - - c767818f by Georg Koppen at 2024-10-22T10:45:03+02:00 Bug 30541: Disable WebGL readPixel() for web content Related Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1428034 - - - - - 366afa1a by Alex Catarineu at 2024-10-22T10:45:03+02:00 Bug 28369: Stop shipping pingsender executable - - - - - 41e40cf8 by Henry Wilkes at 2024-10-22T10:45:04+02:00 Bug 42630: Disable LaterRun module. - - - - - dea4c7b2 by Pier Angelo Vendrame at 2024-10-22T10:45:04+02:00 Bug 41599: Always return an empty string as network ID Firefox computes an internal network ID used to detect network changes and act consequently (e.g., to improve WebSocket UX). However, there are a few ways to get this internal network ID, so we patch them out, to be sure any new code will not be able to use them and possibly link users. We also sent a patch to Mozilla to seed the internal network ID, to prevent any accidental leak in the future. Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1817756 - - - - - a074c3d7 by Pier Angelo Vendrame at 2024-10-22T10:45:04+02:00 Bug 42647: Make OS HTTP User-Agent OS spoofing configurable by pref This commits makes it possible to disable OS spoofing in the HTTP User-Agent header, to see if matching header and JS property improve usability. - - - - - dbdf25f8 by Richard Pospesel at 2024-10-22T10:45:05+02:00 Bug 41327: Disable UrlbarProviderInterventions - - - - - 2dd6d489 by Richard Pospesel at 2024-10-22T10:45:05+02:00 Bug 42037: Disable about:firefoxview page - - - - - b9e7f8ac by Mike Perry at 2024-10-22T10:45:05+02:00 Firefox preference overrides. This hack directly includes our preference changes in omni.ja. Bug 18292: Staged updates fail on Windows Temporarily disable staged updates on Windows. Bug 18297: Use separate Noto JP,KR,SC,TC fonts Bug 23404: Add Noto Sans Buginese to the macOS whitelist Bug 23745: Set dom.indexedDB.enabled = true Bug 13575: Disable randomised Firefox HTTP cache decay user tests. (Fernando Fernandez Mancera <ffmancera(a)riseup.net>) Bug 17252: Enable session identifiers with FPI Session tickets and session identifiers were isolated by OriginAttributes, so we can re-enable them by allowing the default value (true) of "security.ssl.disable_session_identifiers". The pref "security.enable_tls_session_tickets" is obsolete (removed in https://bugzilla.mozilla.org/917049) Bug 14952: Enable http/2 and AltSvc In Firefox, SPDY/HTTP2 now uses Origin Attributes for isolation of connections, push streams, origin frames, etc. That means we get first-party isolation provided "privacy.firstparty.isolate" is true. So in this patch, we stop overriding "network.http.spdy.enabled" and "network.http.spdy.enabled.http2". Alternate Services also use Origin Attributes for isolation. So we stop overriding "network.http.altsvc.enabled" and "network.http.altsvc.oe" as well. (All 4 of the abovementioned "network.http.*" prefs adopt Firefox 60ESR's default value of true.) However, we want to disable HTTP/2 push for now, so we set "network.http.spdy.allow-push" to false. "network.http.spdy.enabled.http2draft" was removed in Bug 1132357. "network.http.sped.enabled.v2" was removed in Bug 912550. "network.http.sped.enabled.v3" was removed in Bug 1097944. "network.http.sped.enabled.v3-1" was removed in Bug 1248197. Bug 26114: addons.mozilla.org is not special * Don't expose navigator.mozAddonManager on any site * Don't block NoScript from modifying addons.mozilla.org or other sites Enable ReaderView mode again (#27281). Bug 29916: Make sure enterprise policies are disabled Bug 2874: Block Components.interfaces from content Bug 26146: Spoof HTTP User-Agent header for desktop platforms In Tor Browser 8.0, the OS was revealed in both the HTTP User-Agent header and to JavaScript code via navigator.userAgent. To avoid leaking the OS inside each HTTP request (which many web servers log), always use the Windows 7 OS value in the desktop User-Agent header. We continue to allow access to the actual OS via JavaScript, since doing so improves compatibility with web applications such as GitHub and Google Docs. Bug 12885: Windows Jump Lists fail for Tor Browser Jumplist entries are stored in a binary file in: %APPDATA%\\Microsoft\Windows\Recent\CustomDestinations\ and has a name in the form [a-f0-9]+.customDestinations-ms The hex at the front is unique per app, and is ultimately derived from something called the 'App User Model ID' (AUMID) via some unknown hashing method. The AUMID is provided as a key when programmatically creating, updating, and deleting a jumplist. The default behaviour in firefox is for the installer to define an AUMID for an app, and save it in the registry so that the jumplist data can be removed by the uninstaller. However, the Tor Browser does not set this (or any other) regkey during installation, so this codepath fails and the app's AUMID is left undefined. As a result the app's AUMID ends up being defined by windows, but unknowable by Tor Browser. This unknown AUMID is used to create and modify the jumplist, but the delete API requires that we provide the app's AUMID explicitly. Since we don't know what the AUMID is (since the expected regkey where it is normally stored does not exist) jumplist deletion will fail and we will leave behind a mostly empty customDestinations-ms file. The name of the file is derived from the binary path, so an enterprising person could reverse engineer how that hex name is calculated, and generate the name for Tor Browser's default Desktop installation path to determine whether a person had used Tor Browser in the past. The 'taskbar.grouping.useprofile' option that is enabled by this patch works around this AUMID problem by having firefox.exe create it's own AUMID based on the profile path (rather than looking for a regkey). This way, if a user goes in and enables and disables jumplist entries, the backing store is properly deleted. Unfortunately, all windows users currently have this file lurking in the above mentioned directory and this patch will not remove it since it was created with an unknown AUMID. However, another patch could be written which goes to that directory and deletes any item containing the 'Tor Browser' string. See bug 28996. Bug 30845: Make sure default themes and other internal extensions are enabled Bug 28896: Enable extensions in private browsing by default Bug 31065: Explicitly allow proxying localhost Bug 31598: Enable letterboxing Disable Presentation API everywhere Bug 21549 - Use Firefox's WASM default pref. It is disabled at safer security levels. Bug 32321: Disable Mozilla's MitM pings Bug 19890: Disable installation of system addons By setting the URL to "" we make sure that already installed system addons get deleted as well. Bug 22548: Firefox downgrades VP9 videos to VP8. On systems where H.264 is not available or no HWA, VP9 is preferred. But in Tor Browser 7.0 all youtube videos are degraded to VP8. This behaviour can be turned off by setting media.benchmark.vp9.threshold to 0. All clients will get better experience and lower traffic, beause TBB doesn't use "Use hardware acceleration when available". Bug 25741 - TBA: Add mobile-override of 000-tor-browser prefs Bug 16441: Suppress "Reset Tor Browser" prompt. Bug 29120: Use the in-memory media cache and increase its maximum size. Bug 33697: use old search config based on list.json Bug 33855: Ensure that site-specific browser mode is disabled. Bug 30682: Disable Intermediate CA Preloading. Bug 40061: Omit the Windows default browser agent from the build Bug 40322: Consider disabling network.connectivity-service.enabled Bug 40408: Disallow SVG Context Paint in all web content Bug 40308: Disable network partitioning until we evaluate dFPI Bug 40322: Consider disabling network.connectivity-service.enabled Bug 40383: Disable dom.enable_event_timing Bug 40423: Disable http/3 Bug 40177: Update prefs for Fx91esr Bug 40700: Disable addons and features recommendations Bug 40682: Disable network.proxy.allow_bypass Bug 40736: Disable third-party cookies in PBM Bug 19850: Enabled HTTPS-Only by default Bug 40912: Hide the screenshot menu Bug 41292: Disable moreFromMozilla in preferences page Bug 40057: Ensure the CSS4 system colors are not a fingerprinting vector Bug 24686: Set network.http.tailing.enabled to true Bug 40183: Disable TLS ciphersuites using SHA-1 Bug 40783: Review 000-tor-browser.js and 001-base-profile.js for 102 We reviewed all the preferences we set for 102, and remove a few old ones. See the description of that issue to see all the preferences we believed were still valid for 102, and some brief description for the reasons to keep them. - - - - - f6a42160 by Morgan at 2024-10-22T10:45:06+02:00 fixup! Firefox preference overrides. Bug 43163: Disable offscreen canvas until verified it is not fingerprintable - - - - - c6051cf2 by Morgan at 2024-10-22T10:45:06+02:00 fixup! Firefox preference overrides. Bug 43164: Prevent search-bar from being auto-hidden when not used for awhile - - - - - fa7395cc by Pier Angelo Vendrame at 2024-10-22T10:45:07+02:00 fixup! Firefox preference overrides. Bug 42054: ESR128: investigate - thorin's list. Set or remove some preferences as suggested by Thorin. - - - - - c7032d86 by hackademix at 2024-10-22T10:45:07+02:00 fixup! Firefox preference overrides. MB361: Disable only cyphersuites using SH1 for signing (ECDSA). - - - - - 112ee959 by hackademix at 2024-10-22T10:45:07+02:00 fixup! Firefox preference overrides. Bug 43197: Disable automatic exception for HTTPS-First. - - - - - 8ffbeada by hackademix at 2024-10-22T10:45:08+02:00 fixup! Firefox preference overrides. Bug 42356: Preference review for Firefox ESR128. - - - - - 74b40adc by Pier Angelo Vendrame at 2024-10-22T10:45:08+02:00 Bug 41043: Hardcode the UI font on Linux The mechanism to choose the UI font does not play well with our fontconfig configuration. As a result, the final criterion to choose the font for the UI was its version. Since we hardcode Arimo as a default sans-serif on preferences, we use it also for the UI. FontConfig will fall back to some other font for scripts Arimo does not cover as expected (we tested with Japanese). Bug 43141: Hardcode system-ui to Arimo. - - - - - 29e5ac3c by Pier Angelo Vendrame at 2024-10-22T10:45:08+02:00 Bug 41901: Hardcode normalized FontSubstitutes. Windows has a system to set font aliases through the registry. This allows some customization that could be used as a fingerprinting vector. Moreover, this mechanism is used by Windows itself, and different SKUs might have different default FontSubstitutes. - - - - - 7bda8189 by Alex Catarineu at 2024-10-22T10:45:11+02:00 Bug 30605: Honor privacy.spoof_english in Android This checks `privacy.spoof_english` whenever `setLocales` is called from Fenix side and sets `intl.accept_languages` accordingly. Bug 40198: Expose privacy.spoof_english pref in GeckoView - - - - - 59588951 by Pier Angelo Vendrame at 2024-10-22T10:45:11+02:00 Bug 42562: Normalized the Accepted Languages on Android. The OS language might be outside the list of actually supported languages and it might leak the user's region. Therefore, we force the locale reported in Accept-Language to match one we support with translations, even when it means using a not exact region tag. - - - - - 223e4192 by Alex Catarineu at 2024-10-22T10:45:11+02:00 Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware - - - - - 5cd521c0 by Alex Catarineu at 2024-10-22T10:45:12+02:00 Bug 26345: Hide tracking protection UI - - - - - c13590cb by Henry Wilkes at 2024-10-22T10:45:12+02:00 Bug 43109: Hide Firefox Relay from settings. This should remain disabled, see tor-browser#42814. - - - - - 0fff7260 by Henry Wilkes at 2024-10-22T10:45:12+02:00 Bug 42777: Hide Website Privacy Preferences. We hide the Website Privacy Preferences section, which controls the "global privacy control" (GPC) and "do not track" (DNT) settings. - - - - - add86a12 by Morgan at 2024-10-22T10:45:13+02:00 Bug 42070: Hide "Use smooth scrolling" from settings - - - - - 5c86cf16 by Arthur Edelstein at 2024-10-22T10:45:13+02:00 Bug 18905: Hide unwanted items from help menu Bug 25660: Remove the "New Private Window" option - - - - - 335a042b by Pier Angelo Vendrame at 2024-10-22T10:45:14+02:00 Bug 41739: Remove "Website appearance" from about:preferences. It is ignored because of RFP and it is confusing for users. - - - - - 0a3bb5ce by Henry Wilkes at 2024-10-22T10:45:14+02:00 Bug 43117: Hide "Always underline links" from settings. - - - - - bcb4d34d by Pier Angelo Vendrame at 2024-10-22T10:45:14+02:00 Bug 42774: Always hide the third-pary certs UI. - - - - - dae7830d by Henry Wilkes at 2024-10-22T10:45:15+02:00 Bug 43118: Hide feature recommendation (CFR) settings. - - - - - 6ec077cb by Pier Angelo Vendrame at 2024-10-22T10:45:15+02:00 Bug 9173: Change the default Firefox profile directory to be relative. This commit makes Firefox look for the default profile directory in a directory relative to the binary path. The directory can be specified through the --with-relative-data-dir. This is relative to the same directory as the firefox main binary for Linux and Windows. On macOS, we remove Contents/MacOS from it. Or, in other words, the directory is relative to the application bundle. This behavior can be overriden at runtime, by placing a file called system-install adjacent to the firefox main binary (also on macOS). - - - - - e4b61271 by Pier Angelo Vendrame at 2024-10-22T10:45:15+02:00 Bug 42773: Replace ~ with the original home. In Bug 93141, Mozilla started sending users to their home when they type ~ in the URL bar. On Linux, we change $HOME for various reason, therefore you would be redirected to the spoofed home directory when typing ~. So, we check if the original home directory is known, and use that, instead. - - - - - 9aad43e4 by Alex Catarineu at 2024-10-22T10:45:16+02:00 Bug 27604: Fix addon issues when moving the profile directory Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1429838 - - - - - 8faca87e by Mike Perry at 2024-10-22T10:45:16+02:00 Bug 13028: Prevent potential proxy bypass cases. It looks like these cases should only be invoked in the NSS command line tools, and not the browser, but I decided to patch them anyway because there literally is a maze of network function pointers being passed around, and it's very hard to tell if some random code might not pass in the proper proxied versions of the networking code here by accident. Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1433509 - - - - - 30db95a4 by Pier Angelo Vendrame at 2024-10-22T10:45:16+02:00 Bug 40309: Avoid using regional OS locales Avoid regional OS locales if the pref `intl.regional_prefs.use_os_locales` is false but RFP is enabled. - - - - - eb2059cb by Matthew Finkel at 2024-10-22T10:45:17+02:00 Bug 40432: Prevent probing installed applications Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1711084 - - - - - 2eff1716 by cypherpunks1 at 2024-10-22T10:45:17+02:00 Bug 33955: When copying an image only copy the image contents to the clipboard - - - - - 02d9798b by cypherpunks1 at 2024-10-22T10:45:18+02:00 Bug 41791: Omit the source URL when copying page contents to the clipboard - - - - - 659b46f5 by hackademix at 2024-10-22T10:45:18+02:00 Bug 42288: Allow language spoofing in status messages. - - - - - ddda1d58 by Pier Angelo Vendrame at 2024-10-22T10:45:18+02:00 Bug 43196: Remove the vendor name from media notifications on Linux. Firefox shows "vendor remoteName" as a title of the "... is playing media" notification on Linux. However, for our browser the remote name is enough, and prepending the vendor to it creates a string users usually never see. - - - - - fc8a8fc2 by Pier Angelo Vendrame at 2024-10-22T10:45:19+02:00 Base Browser strings This commit adds all the strings needed by following Base Browser patches. - - - - - c43891be by Pier Angelo Vendrame at 2024-10-22T10:45:19+02:00 Bug 41369: Improve Firefox language settings for multi-lingual packages Change the language selector to be sorted by language code, rather than name, and to display the language code to the user. Bug 41372: Handle Japanese as a special case in preferences on macOS Japanese is treated in a special way on macOS. However, seeing the Japanese language tag could be confusing for users, and moreover the language name is not localized correctly like other langs. Bug 41378: Tell users that they can change their language at the first start With multi-lingual builds, Tor Browser matches the user's system language, but some users might want to change it. So, we tell them that it is possible, but only once. - - - - - 53006372 by p13dz at 2024-10-22T10:45:19+02:00 Bug 40283: Workaround for the file upload bug - - - - - 971e73ae by hackademix at 2024-10-22T10:45:20+02:00 Bug 42019: Empty browser's clipboard on browser shutdown - - - - - ddbf9421 by hackademix at 2024-10-22T10:45:20+02:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 43209: Check if any data is available before trying to retrieve it from the clipboard. - - - - - 71639df6 by hackademix at 2024-10-22T10:45:20+02:00 Bug 42084: Ensure English spoofing works even if preferences are set out of order. - - - - - c28b53dd by Pier Angelo Vendrame at 2024-10-22T10:45:21+02:00 Bug 41930: Remove the UI to customize accept_languages. - - - - - d436a5c6 by hackademix at 2024-10-22T10:45:21+02:00 Bug 41434: Letterboxing, preemptively apply margins in a global CSS rule to mitigate race conditions on newly created windows and tabs. - - - - - 71b9722c by hackademix at 2024-10-22T10:45:22+02:00 Bug 41434: Letterboxing, improve logging. - - - - - eea1ffec by hackademix at 2024-10-22T10:45:22+02:00 Bug 31064: Letterboxing, exempt browser extensions. - - - - - 8d68ae8f by hackademix at 2024-10-22T10:45:22+02:00 Bug 32411: Letterboxing, exempt view-source: URIs. - - - - - a4b030e5 by hackademix at 2024-10-22T10:45:23+02:00 Bug 42574: Letterboxing, exempt pdf.js. - - - - - 49e8e240 by hackademix at 2024-10-22T10:45:23+02:00 Bug 32308: Use direct browser sizing for letterboxing. Bug 30556: align letterboxing with 200x100 new win width stepping - - - - - 06d647ea by hackademix at 2024-10-22T10:45:23+02:00 fixup! Bug 32308: Use direct browser sizing for letterboxing. Bug 43217: Do not round letterboxing corners in fullscreen. - - - - - 2e4a7753 by hackademix at 2024-10-22T10:45:24+02:00 Bug 41631: Prevent weird initial window dimensions caused by subpixel computations - - - - - fb2a971b by hackademix at 2024-10-22T10:45:24+02:00 Bug 41918: Option to reuse last window size when letterboxing is enabled. - - - - - 0ec36850 by hackademix at 2024-10-22T10:45:25+02:00 Bug 41916: Letterboxing preferences UI - - - - - e18fbeb8 by hackademix at 2024-10-22T10:45:25+02:00 Bug 41695: Warn on window maximization without letterboxing in RFPHelper module - - - - - 03e851af by hackademix at 2024-10-22T10:45:27+02:00 Bug 42443: Shrink window to match letterboxing size when the emtpy area is clicked. - - - - - af685fc2 by Henry Wilkes at 2024-10-22T10:45:28+02:00 Bug 42528: Don't leak system scrollbar size on windows. - - - - - 7fdb5ccb by Henry Wilkes at 2024-10-22T10:45:28+02:00 Bug 31575: Disable Firefox Home (Activity Stream) Treat about:blank as the default home page and new tab page. Avoid loading AboutNewTab in BrowserGlue.sys.mjs in order to avoid several network requests that we do not need. Bug 41624: Disable about:pocket-* pages. Bug 40144: Redirect about:privatebrowsing to the user's home - - - - - c1f5163c by Kathy Brade at 2024-10-22T10:45:28+02:00 Bug 4234: Use the Firefox Update Process for Base Browser. Windows: disable "runas" code path in updater (15201). Windows: avoid writing to the registry (16236). Also includes fixes for tickets 13047, 13301, 13356, 13594, 15406, 16014, 16909, 24476, and 25909. Also fix bug 27221: purge the startup cache if the Base Browser version changed (even if the Firefox version and build ID did not change), e.g., after a minor Base Browser update. Also fix 32616: Disable GetSecureOutputDirectoryPath() functionality. Bug 26048: potentially confusing "restart to update" message Within the update doorhanger, remove the misleading message that mentions that windows will be restored after an update is applied, and replace the "Restart and Restore" button label with an existing "Restart to update Tor Browser" string. Bug 28885: notify users that update is downloading Add a "Downloading Base Browser update" item which appears in the hamburger (app) menu while the update service is downloading a MAR file. Before this change, the browser did not indicate to the user that an update was in progress, which is especially confusing in Tor Browser because downloads often take some time. If the user clicks on the new menu item, the about dialog is opened to allow the user to see download progress. As part of this fix, the update service was changed to always show update-related messages in the hamburger menu, even if the update was started in the foreground via the about dialog or via the "Check for Tor Browser Update" toolbar menu item. This change is consistent with the Tor Browser goal of making sure users are informed about the update process. Removed #28885 parts of this patch which have been uplifted to Firefox. - - - - - 73fac8f0 by Pier Angelo Vendrame at 2024-10-22T10:45:29+02:00 Bug 42061: Create an alpha update channel. - - - - - ede5a232 by Nicolas Vigier at 2024-10-22T10:45:29+02:00 Bug 41682: Add base-browser nightly mar signing key - - - - - 917452ac by Pier Angelo Vendrame at 2024-10-22T10:45:30+02:00 Bug 41603: Customize the creation of MOZ_SOURCE_URL MOZ_SOURCE_URL is created by combining MOZ_SOURCE_REPO and MOZ_SOURCE_CHANGESET. But the code takes for granted that it refers to a Hg instance, so it combines them as `$MOZ_SOURCE_REPO/rev/$MOZ_SOURCE_CHANGESET`. With this commit, we change this logic to combine them to create a URL that is valid for GitLab. $MOZ_SOURCE_CHANGESET needs to be a commit hash, not a branch or a tag. If that is needed, we could use /-/tree/, instead of /-/commit/. - - - - - ece50578 by Pier Angelo Vendrame at 2024-10-22T10:45:30+02:00 Bug 41698: Reword the recommendation badges in about:addons Firefox strings use { -brand-product-name }. As a result, it seems that the fork is recommending extensions, whereas AMO curators are doing that. So, we replace the strings with custom ones that clarify that Mozilla is recommending them. We assign the strings with JS because our translation backend does not support Fluent attributes, yet, but once it does, we should switch to them, instead. Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1825033 - - - - - 732cc239 by Pier Angelo Vendrame at 2024-10-22T10:45:30+02:00 Bug 42438: Tweaks to the migration wizard. Remove the items not compatible with our features (such as history) from the migration wizard. On Linux, allow to specify an alternative home directory, since we usually change $HOME in our startup script. - - - - - 0a8e3ad3 by Alex Catarineu at 2024-10-22T10:45:31+02:00 Bug 40069: Add helpers for message passing with extensions - - - - - b8c97a2b by Matthew Finkel at 2024-10-22T10:45:31+02:00 Bug 41598: Prevent NoScript from being removed/disabled. Bug 40253: Explicitly allow NoScript in Private Browsing mode. - - - - - 6b051c5e by Henry Wilkes at 2024-10-22T10:45:31+02:00 Bug 41736: Hide NoScript extension's toolbar button by default. This hides it from both the toolbar and the unified extensions panel. We also hide the unified-extension-button if the panel would be empty: not including the NoScript button when it is hidden. As a result, this will be hidden by default until a user installs another extension (or shows the NoScript button and unpins it). - - - - - 78ff7115 by hackademix at 2024-10-22T10:45:32+02:00 Bug 41834: Hide "Can't Be Removed - learn more" menu line for uninstallable add-ons - - - - - a4bf6759 by Pier Angelo Vendrame at 2024-10-22T10:45:32+02:00 Bug 40925: Implemented the Security Level component This component adds a new Security Level toolbar button which visually indicates the current global security level via icon (as defined by the extensions.torbutton.security_slider pref), a drop-down hanger with a short description of the current security level, and a new section in the about:preferences#privacy page where users can change their current security level. In addition, the hanger and the preferences page will show a visual warning when the user has modified prefs associated with the security level and provide a one-click 'Restore Defaults' button to get the user back on recommended settings. Bug 40125: Expose Security Level pref in GeckoView - - - - - 942e53f7 by Pier Angelo Vendrame at 2024-10-22T10:45:33+02:00 Bug 40926: Implemented the New Identity feature - - - - - 25ee5da8 by Henry Wilkes at 2024-10-22T10:45:33+02:00 Bug 41736: Customize toolbar for base-browser. - - - - - 82860088 by Pier Angelo Vendrame at 2024-10-22T10:45:33+02:00 Bug 42027: Base Browser migration procedures. This commit implmenents the the Base Browser's version of _migrateUI. - - - - - 24e628c1 by Henry Wilkes at 2024-10-22T10:45:34+02:00 Bug 42583: Modify moz-support-link for Base Browser. - - - - - 936dcfb9 by Henry Wilkes at 2024-10-22T10:48:04+02:00 Bug 42308: Create README for tor-browser. We drop the README.txt that comes from Mozilla Firefox and add README.md for tor-browser. - - - - - 56d877b1 by Richard Pospesel at 2024-10-22T10:48:05+02:00 Bug 41649: Create rebase and security backport gitlab issue templates - - - - - 97f0375a by Beatriz Rizental at 2024-10-22T10:48:06+02:00 Add CI for Tor Browser - - - - - 907452b6 by Henry Wilkes at 2024-10-22T10:48:06+02:00 fixup! Add CI for Tor Browser Bug 43156: Also include strings from the legacy branch. - - - - - 305aa63c by Henry Wilkes at 2024-10-22T10:48:06+02:00 fixup! Add CI for Tor Browser Bug 43181: Automatically run translation CI for strings.xml changes. - - - - - e2c5538d by Richard Pospesel at 2024-10-22T10:48:07+02:00 Bug 41089: Add tor-browser build scripts + Makefile to tor-browser - - - - - 9b075c8b by Henry Wilkes at 2024-10-22T10:48:07+02:00 Bug 41803: Add some developer tools for working on tor-browser. - - - - - 8203ee89 by Henry Wilkes at 2024-10-22T10:48:08+02:00 fixup! Bug 41803: Add some developer tools for working on tor-browser. Bug 43157: Move tb-dev to base browser and add support for working in mullvad-browser. Also improve error handling and lint the file. - - - - - bcda3538 by Kathy Brade at 2024-10-22T10:48:08+02:00 Bug 11641: Disable remoting by default. Unless the -osint command line flag is used, the browser now defaults to the equivalent of -no-remote. There is a new -allow-remote flag that may be used to restore the original (Firefox-like) default behavior. - - - - - f2359f97 by Alex Catarineu at 2024-10-22T10:48:08+02:00 Add TorStrings module for localization - - - - - 33953799 by Henry Wilkes at 2024-10-22T10:48:09+02:00 Tor Browser strings This commit adds all the strings needed for Tor Browser patches. - - - - - 7188ed76 by Henry Wilkes at 2024-10-22T10:48:09+02:00 Tor Browser localization migration scripts. - - - - - 2f318f19 by Henry Wilkes at 2024-10-22T10:48:09+02:00 Bug 42305: Add script to combine translation files across versions. - - - - - 4491b216 by Henry Wilkes at 2024-10-22T10:48:10+02:00 fixup! Bug 42305: Add script to combine translation files across versions. Bug 43156: Add an option to also include strings from a legacy branch. Also, instead of using the tagger date to find the highest version branch, we use version ordering. - - - - - 1ddc9544 by Mike Perry at 2024-10-22T10:48:10+02:00 Bug 2176: Rebrand Firefox to TorBrowser See also Bugs #5194, #7187, #8115, #8219. This patch does some basic renaming of Firefox to TorBrowser. The rest of the branding is done by images and icons. Also fix bug 27905. Bug 25702: Update Tor Browser icon to follow design guidelines - Updated all of the branding in /browser/branding/official with new 'stable' icon series. - Updated /extensions/onboarding/content/img/tor-watermark.png with new icon and add the source svg in the same directory - Copied /browser/branding/official over /browser/branding/nightly and the new /browser/branding/alpha directories. Replaced content with 'nightly' and 'alpha' icon series. Updated VisualElements_70.png and VisualElements_150.png with updated icons in each branding directory (fixes #22654) - Updated firefox.VisualElementsManfiest.xml with updated colors in each branding directory - Added firefox.svg to each branding directory from which all the other icons are derived (apart from document.icns and document.ico) - Added default256.png and default512.png icons - Updated aboutTBUpdate.css to point to branding-aware icon128.png and removed original icon - Use the Tor Browser icon within devtools/client/themes/images/. Bug 30631: Blurry Tor Browser icon on macOS app switcher It would seem the png2icns tool does not generate correct icns files and so on macOS the larger icons were missing resulting in blurry icons in the OS chrome. Regenerated the padded icons in a macOS VM using iconutil. Bug 28196: preparations for using torbutton tor-browser-brand.ftl A small change to Fluent FileSource class is required so that we can register a new source without its supported locales being counted as available locales for the browser. Bug 31803: Replaced about:debugging logo with flat version Bug 21724: Make Firefox and Tor Browser distinct macOS apps When macOS opens a document or selects a default browser, it sometimes uses the CFBundleSignature. Changing from the Firefox MOZB signature to a different signature TORB allows macOS to distinguish between Firefox and Tor Browser. Bug 32092: Fix Tor Browser Support link in preferences For bug 40562, we moved onionPattern* from bug 27476 to here, as about:tor needs these files but it is included earlier. Bug 41278: Create Tor Browser styled pdf logo similar to the vanilla Firefox one Bug 42088: New application icons (used in-app and on linux). Bug 42087: New application icons (windows). - - - - - c6649544 by Henry Wilkes at 2024-10-22T10:48:10+02:00 Bug 43087: Add onion-pattern to be used on Tor pages. - - - - - 80bdff5a by hackademix at 2024-10-22T10:48:11+02:00 Bug 41917: Tor brand-specific styles. - - - - - 811c1ca9 by Henry Wilkes at 2024-10-22T10:48:11+02:00 Bug 41817: tor-browser semantic colors. - - - - - 8e926ad2 by Henry Wilkes at 2024-10-22T10:48:12+02:00 Add purple tor version of the loading APNG. - - - - - 196e6b4d by Henry Wilkes at 2024-10-22T10:48:12+02:00 Bug 42583: Modify moz-support-link for Tor Browser. - - - - - 39bae2bc by sanketh at 2024-10-22T10:48:12+02:00 Bug 40209: Implement Basic Crypto Safety Adds a CryptoSafety actor which detects when you've copied a crypto address from a HTTP webpage and shows a warning. Closes #40209. Bug 40428: Fix string attribute names - - - - - c29b2483 by Mike Perry at 2024-10-22T10:48:13+02:00 TB3: Tor Browser's official .mozconfigs. Also: Add an --enable-tor-browser-data-outside-app-dir configure option Add --with-tor-browser-version configure option Bug 31457: disable per-installation profiles The dedicated profiles (per-installation) feature does not interact well with our bundled profiles on Linux and Windows, and it also causes multiple profiles to be created on macOS under TorBrowser-Data. Bug 31935: Disable profile downgrade protection. Since Tor Browser does not support more than one profile, disable the prompt and associated code that offers to create one when a version downgrade situation is detected. Add --enable-tor-browser-update build option Bug 40793: moved Tor configuration options from old-configure.in to moz.configure Bug 41584: Move some configuration options to base-browser level - - - - - 7daa159b by Henry Wilkes at 2024-10-22T11:09:54+02:00 Bug 41340: Enable TOR_BROWSER_NIGHTLY_BUILD features for dev and nightly builds tor-browser#41285: Enable fluent warnings. - - - - - c71a0262 by Pier Angelo Vendrame at 2024-10-22T11:09:55+02:00 Bug 40562: Added Tor Browser preferences to 000-tor-browser.js Before reordering patches, we used to keep the Tor-related patches (torbutton and tor-launcher) at the beginning. After that issue, we decided to move them towards the end. In addition to that, we have decided to move Tor Browser-only preferences there, too, to make Base Browser-only fixups easier to apply. - - - - - eb0a4505 by Morgan at 2024-10-22T11:09:55+02:00 fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js Bug 43170: Disable user-agent spoofing in HTTP header - - - - - bc6cab65 by Pier Angelo Vendrame at 2024-10-22T11:09:56+02:00 Bug 13252: Customize profile management on macOS On macOS we allow both portable mode and system installation. However, in the latter case, we customize Firefox's directories to match the hierarchy we use for the portable mode. Also, display an informative error message if the TorBrowser-Data directory cannot be created due to an "access denied" or a "read only volume" error. - - - - - 464b2638 by Pier Angelo Vendrame at 2024-10-22T11:09:56+02:00 Bug 40933: Add tor-launcher functionality Bug 41926: Reimplement the control port - - - - - 3ac554d1 by Cecylia Bocovich at 2024-10-22T11:09:57+02:00 Lox integration - - - - - 09f71492 by Richard Pospesel at 2024-10-22T11:09:57+02:00 Bug 40597: Implement TorSettings module - migrated in-page settings read/write implementation from about:preferences#tor to the TorSettings module - TorSettings initially loads settings from the tor daemon, and saves them to firefox prefs - TorSettings notifies observers when a setting has changed; currently only QuickStart notification is implemented for parity with previous preference notify logic in about:torconnect and about:preferences#tor - about:preferences#tor, and about:torconnect now read and write settings thorugh the TorSettings module - all tor settings live in the torbrowser.settings.* preference branch - removed unused pref modify permission for about:torconnect content page from AsyncPrefs.jsm Bug 40645: Migrate Moat APIs to Moat.jsm module - - - - - 33253a34 by hackademix at 2024-10-22T11:09:57+02:00 fixup! Bug 40597: Implement TorSettings module - - - - - b5256020 by Arthur Edelstein at 2024-10-22T11:09:58+02:00 Bug 3455: Add DomainIsolator, for isolating circuit by domain. Add an XPCOM component that registers a ProtocolProxyChannelFilter which sets the username/password for each web request according to url bar domain. Bug 9442: Add New Circuit button Bug 13766: Set a 10 minute circuit dirty timeout for the catch-all circ. Bug 19206: Include a 128 bit random tag as part of the domain isolator nonce. Bug 19206: Clear out the domain isolator state on `New Identity`. Bug 21201.2: Isolate by firstPartyDomain from OriginAttributes Bug 21745: Fix handling of catch-all circuit Bug 41741: Refactor the domain isolator and new circuit - - - - - a1c92f08 by Henry Wilkes at 2024-10-22T11:09:58+02:00 Bug 41600: Add a tor circuit display panel. - - - - - 4565b101 by Pier Angelo Vendrame at 2024-10-22T11:09:58+02:00 Bug 42247: Android helpers for the TorProvider GeckoView is missing some API we use on desktop for the integration with the tor daemon, such as subprocess. Therefore, we need to implement them in Java and plumb the data back and forth between JS and Java. - - - - - 7f637a42 by hackademix at 2024-10-22T11:09:59+02:00 Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop Bug 41613: Skip Drang & Drop filtering for DNS-safe URLs - - - - - 8f86a35f by Amogh Pradeep at 2024-10-22T11:09:59+02:00 Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources. See Bug 1357997 for partial uplift. Also: Bug 28051 - Use our Orbot for proxying our connections Bug 31144 - ESR68 Network Code Review - - - - - c6e95f1d by Dan Ballard at 2024-10-22T11:09:59+02:00 fixup! Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources. This reverts commit a16d36fce768826615620ee73bec755fcd7081ea for tb-42660 - - - - - 1a6a46c0 by Matthew Finkel at 2024-10-22T11:10:00+02:00 Bug 25741: TBA: Disable GeckoNetworkManager The browser should not need information related to the network interface or network state, tor should take care of that. - - - - - 4eab1592 by Kathy Brade at 2024-10-22T11:10:00+02:00 Bug 14631: Improve profile access error messages. Instead of always reporting that the profile is locked, display specific messages for "access denied" and "read-only file system". To allow for localization, get profile-related error strings from Torbutton. Use app display name ("Tor Browser") in profile-related error alerts. - - - - - 42fb55e9 by Pier Angelo Vendrame at 2024-10-22T11:10:01+02:00 Bug 40807: Added QRCode.js to toolkit/modules - - - - - 573c285c by Richard Pospesel at 2024-10-22T11:10:01+02:00 Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection This patch adds a new about:preferences#connection page which allows modifying bridge, proxy, and firewall settings from within Tor Browser. All of the functionality present in tor-launcher's Network Configuration panel is present: - Setting built-in bridges - Requesting bridges from BridgeDB via moat - Using user-provided bridges - Configuring SOCKS4, SOCKS5, and HTTP/HTTPS proxies - Setting firewall ports - Viewing and Copying Tor's logs - The Networking Settings in General preferences has been removed Bug 40774: Update about:preferences page to match new UI designs - - - - - 12aed8b7 by Richard Pospesel at 2024-10-22T11:10:01+02:00 Bug 27476: Implement about:torconnect captive portal within Tor Browser - implements new about:torconnect page as tor-launcher replacement - adds new torconnect component to browser - tor process management functionality remains implemented in tor-launcher through the TorProtocolService module - adds warning/error box to about:preferences#tor when not connected to tor Bug 40773: Update the about:torconnect frontend page to match additional UI flows. Bug 41608: Add a toolbar status button and a urlbar "Connect" button. - - - - - da0aa079 by Pier Angelo Vendrame at 2024-10-22T11:10:02+02:00 Temporary changes to about:torconnect for Android. We are planning of tempoorarily using about:torconnect on Android, until the native UX is ready. - - - - - 2552fcca by Henry Wilkes at 2024-10-22T11:10:02+02:00 Bug 7494: Create local home page for TBB. Bug 41333: Update about:tor to new design. Including: + make the favicon match the branding icon. + make the location bar show a search icon. - - - - - c90d13c7 by Pier Angelo Vendrame at 2024-10-22T11:10:02+02:00 Bug 41668: Tweaks to the Base Browser updater for Tor Browser This commit was once part of "Bug 4234: Use the Firefox Update Process for Tor Browser.". However, some parts of it were not needed for Base Browser and some derivative browsers. Therefore, we extracted from that commit the parts for Tor Browser legacy, and we add them back to the patch set with this commit. - - - - - 4cb8f338 by Kathy Brade at 2024-10-22T11:10:03+02:00 Bug 12647: Support symlinks in the updater. - - - - - 89efb569 by Kathy Brade at 2024-10-22T11:10:03+02:00 Bug 16940: After update, load local change notes. Add an about:tbupdate page that displays the first section from TorBrowser/Docs/ChangeLog.txt and includes a link to the remote post-update page (typically our blog entry for the release). Always load about:tbupdate in a content process, but implement the code that reads the file system (changelog) in the chrome process for compatibility with future sandboxing efforts. Also fix bug 29440. Now about:tbupdate is styled as a fairly simple changelog page that is designed to be displayed via a link that is on about:tor. - - - - - 00afe0f5 by Georg Koppen at 2024-10-22T11:10:04+02:00 Bug 32658: Create a new MAR signing key It's time for our rotation again: Move the backup key in the front position and add a new backup key. Bug 33803: Move our primary nightly MAR signing key to tor-browser Bug 33803: Add a secondary nightly MAR signing key - - - - - f87683e8 by Pier Angelo Vendrame at 2024-10-22T11:10:04+02:00 Bug 42891: Set the bundled search engine for Tor Browser. After upstream changes between Firefox 115 and 128, we had to completely rework the way in which we define our search engines. This commit replaces the old "Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing". With that commit, we customized a list of addons IDs to ship as built-in search engines, but then upsteam moved to using only RemoteSettings. The configuration has many more fields, and it would be quite long to include it in the source code. Therefore, we use some local JSON files and load the settings from them. - - - - - d33a9fc8 by Alex Catarineu at 2024-10-22T11:10:04+02:00 Bug 40073: Disable remote Public Suffix List fetching In https://bugzilla.mozilla.org/show_bug.cgi?id=1563246 Firefox implemented fetching the Public Suffix List via RemoteSettings and replacing the default one at runtime, which we do not want. - - - - - bb2285ae by Henry Wilkes at 2024-10-22T11:10:05+02:00 Bug 41906: Hide DNS over HTTPS preferences. - - - - - 37bc39de by Richard Pospesel at 2024-10-22T11:10:05+02:00 Bug 23247: Communicating security expectations for .onion Encrypting pages hosted on Onion Services with SSL/TLS is redundant (in terms of hiding content) as all traffic within the Tor network is already fully encrypted. Therefore, serving HTTP pages from an Onion Service is more or less fine. Prior to this patch, Tor Browser would mostly treat pages delivered via Onion Services as well as pages delivered in the ordinary fashion over the internet in the same way. This created some inconsistencies in behaviour and misinformation presented to the user relating to the security of pages delivered via Onion Services: - HTTP Onion Service pages did not have any 'lock' icon indicating the site was secure - HTTP Onion Service pages would be marked as unencrypted in the Page Info screen - Mixed-mode content restrictions did not apply to HTTP Onion Service pages embedding Non-Onion HTTP content This patch fixes the above issues, and also adds several new 'Onion' icons to the mix to indicate all of the various permutations of Onion Services hosted HTTP or HTTPS pages with HTTP or HTTPS content. Strings for Onion Service Page Info page are pulled from Torbutton's localization strings. - - - - - 334652b2 by Kathy Brade at 2024-10-22T11:10:05+02:00 Bug 30237: Add v3 onion services client authentication prompt When Tor informs the browser that client authentication is needed, temporarily load about:blank instead of about:neterror and prompt for the user's key. If a correctly formatted key is entered, use Tor's ONION_CLIENT_AUTH_ADD control port command to add the key (via Torbutton's control port module) and reload the page. If the user cancels the prompt, display the standard about:neterror "Unable to connect" page. This requires a small change to browser/actors/NetErrorChild.jsm to account for the fact that the docShell no longer has the failedChannel information. The failedChannel is used to extract TLS-related error info, which is not applicable in the case of a canceled .onion authentication prompt. Add a leaveOpen option to PopupNotifications.show so we can display error messages within the popup notification doorhanger without closing the prompt. Add support for onion services strings to the TorStrings module. Add support for Tor extended SOCKS errors (Tor proposal 304) to the socket transport and SOCKS layers. Improved display of all of these errors will be implemented as part of bug 30025. Also fixes bug 19757: Add a "Remember this key" checkbox to the client auth prompt. Add an "Onion Services Authentication" section within the about:preferences "Privacy & Security section" to allow viewing and removal of v3 onion client auth keys that have been stored on disk. Also fixes bug 19251: use enhanced error pages for onion service errors. - - - - - 0421ba24 by Henry Wilkes at 2024-10-22T11:10:06+02:00 fixup! Bug 30237: Add v3 onion services client authentication prompt Bug 43218: Switch to browser.reload, since "Browser:Reload" signal was dropped upstream. - - - - - dcc7158f by Alex Catarineu at 2024-10-22T11:10:06+02:00 Bug 21952: Implement Onion-Location Whenever a valid Onion-Location HTTP header (or corresponding HTML <meta> http-equiv attribute) is found in a document load, we either redirect to it (if the user opted-in via preference) or notify the presence of an onionsite alternative with a badge in the urlbar. - - - - - 9d5dfd0e by Pier Angelo Vendrame at 2024-10-22T11:10:06+02:00 Bug 40458: Implement .tor.onion aliases We have enabled HTTPS-Only mode, therefore we do not need HTTPS-Everywhere anymore. However, we want to keep supporting .tor.onion aliases (especially for securedrop). Therefore, in this patch we implemented the parsing of HTTPS-Everywhere rulesets, and the redirect of .tor.onion domains. Actually, Tor Browser believes they are actual domains. We change them on the fly on the SOCKS proxy requests to resolve the domain, and on the code that verifies HTTPS certificates. - - - - - a3a211c6 by Pier Angelo Vendrame at 2024-10-22T11:10:07+02:00 Bug 11698: Incorporate Tor Browser Manual pages into Tor Browser This patch associates the about:manual page to a translated page that must be injected to browser/omni.ja after the build. The content must be placed in chrome/browser/content/browser/manual/, so that is then available at chrome://browser/content/manual/. We preferred giving absolute freedom to the web team, rather than having to change the patch in case of changes on the documentation. - - - - - fa54b23e by Pier Angelo Vendrame at 2024-10-22T11:10:07+02:00 Bug 41435: Add a Tor Browser migration function For now this function only deletes old language packs for which we are already packaging the strings with the application. - - - - - 505da1b5 by Henry Wilkes at 2024-10-22T11:10:08+02:00 Bug 42110: Add TorUIUtils module for common tor component methods. - - - - - 3f02be24 by Dan Ballard at 2024-10-22T11:10:08+02:00 Bug 40701: Add security warning when downloading a file Shown in the downloads panel, about:downloads and places.xhtml. - - - - - 545cae47 by Henry Wilkes at 2024-10-22T11:10:08+02:00 Bug 41736: Customize toolbar for tor-browser. - - - - - 9f9ef07c by hackademix at 2024-10-22T11:10:09+02:00 Bug 41728: Pin bridges.torproject.org domains to Let's Encrypt's root cert public key - - - - - 6ba18e0e by Henry Wilkes at 2024-10-22T11:10:09+02:00 Customize moz-toggle for tor-browser. - - - - - be6ffa25 by Richard Pospesel at 2024-10-22T11:10:09+02:00 Bug 41822: Unconditionally disable default browser UX in about:preferences - - - - - 718840b6 by Cecylia Bocovich at 2024-10-22T11:10:12+02:00 Temporary commit: manually place generated wasm files These files are built reproducibly using tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… We're manually adding them here while working on the interface, but eventually these should be placed in the right location using tor-browser-build. - - - - - dfdc35c7 by Matthew Finkel at 2024-10-22T11:10:12+02:00 Bug 40005: [android] Modify Default toolbar menu - - - - - 1de4388b by Alex Catarineu at 2024-10-22T11:10:12+02:00 Bug 40007: [android] Port external helper app prompting Together with the corresponding fenix patch, this allows all `startActivity` that may open external apps to be replaced by `TorUtils.startActivityPrompt`. - - - - - dc8261bf by Alex Catarineu at 2024-10-22T11:10:13+02:00 Bug 40002: [android] Ensure system download manager is not used Bug 40075: Support scoped storage to enable downloads on API < 29 - in android-components!7, we blocked all usage of Scoped Storage in an attempt to block usage of Android's DownloadManager, which is known to cause proxy bypasses - as of Android API 29, downloads will not work without Scoped Storage, causing all downlaods to fail (see: fenix##40192) - here, we enable usage of scoped storage for API >= 29, but block calls to DownloadManager on API < 29 - - - - - c07c77be by Alex Catarineu at 2024-10-22T11:10:13+02:00 Bug 40009: [android] Change the default search engines This matches the search engines from desktop, that is: DDG as the default, then YouTube, Google, DDGOnion, Startpage, Twitter, Wikipedia and Yahoo. Bug 40062: Update DuckDuckGo onion search plugin - - - - - 5ef9c95e by Alex Catarineu at 2024-10-22T11:10:13+02:00 [android] Modify Addon support Bug 40011: Hide option for disallowing addons in private mode Bug 40016: Allow inheriting from AddonCollectionProvider This will allow implementing our own AddonsProvider in fenix. - - - - - c5896727 by Georg Koppen at 2024-10-22T11:10:14+02:00 Bug 40013: [android] Add option do overwrite timestamp in extension version - - - - - 849fece3 by Alex Catarineu at 2024-10-22T11:10:14+02:00 Bug 40015: [android] Port padlock states for .onion services - - - - - 1c477c8f by Matthew Finkel at 2024-10-22T11:10:14+02:00 [android] Modify Tracking Protection configuration Bug 40020: Disable third-party cookies Bug 40024: Disable tracking protection by default - - - - - b8180011 by Matthew Finkel at 2024-10-22T11:10:15+02:00 Bug 40023: [android] Stop PrivateNotificationService - - - - - 24236cd9 by Matthew Finkel at 2024-10-22T11:10:15+02:00 [android] Add support for new GeckoView interfaces Bug 40006: Expose Security Level interface Bug 40019: Expose spoofEnglish pref Bug 34439: Isolate Icon loader on Android Bug 41394: Expose privacy.prioritizeonions.enabled to Android. - - - - - afe2caf6 by Matthew Finkel at 2024-10-22T11:10:15+02:00 [android] Disable features and functionality Bug 33594: Disable data collection by default (Glean) Bug 40019: Adjust is disabled on Release when data collection is disabled Bug 34338: Disable the crash reporter Bug 40014: Neuter Google Advertising ID Bug 40018: Disable Push service Bug 40034: Disable PWA onboading Bug 40072: Disable Tracking Protection Bug 40061: Do not show "Send to device" in sharing menu Bug 40109: Reduce requested permissions Exclude LOCATION and NETWORK_STATE - - - - - 80d7589b by Dan Ballard at 2024-10-22T11:10:16+02:00 fixup! [android] Disable features and functionality Bug 43113: remove remote settings and SERPTelemetry - - - - - d8110083 by cypherpunks1 at 2024-10-22T11:10:16+02:00 fixup! [android] Disable features and functionality Bug 43202: Do not fetch featured addons on Android - - - - - 4742d1db by Matthew Finkel at 2024-10-22T11:10:17+02:00 [android] Rename as Tor Browser Bug 40020: Change applicationId Bug 40020: Change app name Bug 40020: Change deeplink scheme Bug 40020: Change App icons Bug 40073: Use correct branding on About page Bug 40088: Use Tor Browser logo in migration screen - - - - - 2068a6ca by cypherpunks1 at 2024-10-22T11:10:17+02:00 fixup! [android] Rename as Tor Browser Bug 43228: Fix the What's new text - - - - - 5a89b00f by Georg Koppen at 2024-10-22T11:10:17+02:00 [android] Modify build system Bug 40083: Make locale ordering in BuildConfig deterministic Bug 40042: Add option do overwrite timestamp in extension version Bug 40059: Use MOZ_BUILD_DATE for versionCode At the same time we adapt MOZ_BUILD_DATE to our needs where it is actually used and not in tor-browser-build. This gives us more flexibility. See: tor-browser-build#40084. Bug 40067: Fix reproducibility issue in classes2.dex We make sure our MOZ_BUILD_DATE gets used as a source for showing date related information on the Fenix about page. Bug 40071: Show only supported locales Bug 40064: Use Gecko Beta for Nightly and Debug variants Bug 40123: Allow building the instrumented tests apks for variants other than debug This allows to specify the variant of the instrumented tests via a `testBuildType` gradle argument. It also applies a workaround for a R8 issue from https://issuetracker.google.com/issues/140851070. Bug 40143: Use deterministic date in Test apk The build config was using Date() when generating the Test apk's versionName. - - - - - dcbe64b9 by Matthew Finkel at 2024-10-22T11:10:18+02:00 Bug 40185: [android] Use NimbusDisabled - - - - - 79f0a866 by clairehurst at 2024-10-22T11:10:18+02:00 fixup! Bug 40185: [android] Use NimbusDisabled - - - - - d2f7c51c by Matthew Finkel at 2024-10-22T11:10:18+02:00 [android] Add Tor integration and UI Bug 40001: Start Tor as part of the Fenix initialization Bug 40028: Implement Tor Service controller Bug 40028: Integrate Tor Controller into HomeFragment Bug 40028: Implement Tor connect and logger screens Bug 40028: Implement Tor Onboarding Bug 40028: Implement new home screen Bug 40028: Define bootstrapping events and Quick Start Bug 40041: Implement Tor Network Settings Bug 40041: Integrate Tor Network Settings Bug 40179: Show Snowflake bridge option on Release Bug 40176: Re-render Home fragment on resume Bug 41394: Implement a setting to always prioritize Onion sites. - - - - - 5cbefc88 by Alex Catarineu at 2024-10-22T11:10:19+02:00 [android] Modify UI/UX Bug 40015: Modify Home menu Bug 40016: Hide unwanted Settings Bug 40016: Modify Default toolbar menu Bug 40016: Add Donate settings button Bug 40016: Move Allow Screenshots under Advanced Bug 40016: Don't install WebCompat webext Bug 40016: Don't onboard Search Suggestions Bug 40094: Do not use MasterPasswordTipProvider in HomeFragment Bug 40095: Hide "Sign in to sync" in bookmarks Bug 40031: Hide Mozilla-specific items on About page Bug 40032: Set usesCleartextTraffic as false Bug 40063: Do not sort search engines alphabetically Bug 34378: Port external helper app prompting With the corresponding android-components patch, this allows all `startActivity` that may open external apps to be replaced by `TorUtils.startActivityPrompt`. Bug 34403: Disable Normal mode by default Bug 40087: Implement a switch for english locale spoofing Bug 40144: Hide Download Manager Bug 40141: Hide EME site permission Bug 40166: Hide "Normal" tab (again) and Sync tab in TabTray Bug 40167: Hide "Save to Collection" in menu Bug 40172: Find the Quit button Bug 40186: Hide Credit Cards in Settings Bug 40198: Spoof English toggle now overlaps with locale list - - - - - a432b4b0 by cypherpunks1 at 2024-10-22T11:10:19+02:00 fixup! [android] Modify UI/UX Bug 43223: Hide option to open bookmarks in non-private tabs on Android - - - - - 2788c131 by cypherpunks1 at 2024-10-22T11:10:19+02:00 fixup! [android] Modify UI/UX Bug 43227: Hide the Firefox Suggest label above search suggestions on Android - - - - - 95974f84 by cypherpunks1 at 2024-10-22T11:10:20+02:00 fixup! [android] Modify UI/UX Bug 43225: Hide non-private tab settings and history search on Android - - - - - 92ecaf03 by hackademix at 2024-10-22T11:10:20+02:00 [android] Modify add-on support Bug 41160: One-time ultimate switch Tor Browser Android to HTTPS-Only. Bug 41159: Remove HTTPS-Everywhere extension from Tor Browser Android. Bug 41094: Enable HTTPS-Only Mode by default in Tor Browser Android. Turn shouldUseHttpsOnly's default to true. Bug 40225: Bundled extensions don't get updated with Android Tor Browser updates. Bug 40030: Install NoScript addon on startup. Also 40070: Consider storing the list of recommended addons This implements our own AddonsProvider, which loads the list of available addons from assets instead of fetching it from an endpoint. Also, we hide the uninstall button for builtin addons. Bug 40058: Hide option for disallowing addon in private mode - - - - - 1013ad7a by hackademix at 2024-10-22T11:10:21+02:00 fixup! [android] Modify add-on support Bug 43132: Enable scriptless installation on Android. - - - - - dfc1d6cc by Beatriz Rizental at 2024-10-22T11:10:21+02:00 fixup! [android] Modify add-on support - - - - - 37549470 by Dan Ballard at 2024-10-22T11:10:21+02:00 [android] Add Security Level UI Bug 40026: Implement Security Level settings Bug 40026: Integrate Security Level settings - - - - - 7712f252 by Dan Ballard at 2024-10-22T11:10:22+02:00 Bug 41972: [android] Disable mozilla onboarding - - - - - 66dc7898 by Dan Ballard at 2024-10-22T11:10:22+02:00 Bug 41878: [android] Add standalone Tor Bootstrap - - - - - 5ca5839a by clairehurst at 2024-10-22T11:10:22+02:00 Bug 42089: [android] Remove ability to submit site support requests - - - - - 5369aa4c by clairehurst at 2024-10-22T11:10:23+02:00 [android] fixup! Modify UI/UX and Remove ability to submit site support requests - - - - - e2426f99 by clairehurst at 2024-10-22T11:10:23+02:00 [android] Enable the connect assist experiments on alpha - - - - - b463d5a0 by hackademix at 2024-10-22T11:10:24+02:00 Bug 42191: [android] Temporary StrictMode relaxation to clear the thumbnail cache. - - - - - cfda2b20 by clairehurst at 2024-10-22T11:10:24+02:00 [android] Delete unused media - - - - - 0864534f by clairehurst at 2024-10-22T11:10:24+02:00 Bug 42195: [android] Fix "Whats new URL" - - - - - 9eb1580d by cypherpunks1 at 2024-10-22T11:10:25+02:00 fixup! Bug 42195: [android] Fix "Whats new URL" Bug 43228: Fix the What's new URL - - - - - bba4278f by clairehurst at 2024-10-22T11:10:25+02:00 [android] Implement Android-native Connection Assist UI - - - - - d19a49ba by Pier Angelo Vendrame at 2024-10-22T11:10:25+02:00 Bug 42652: [android] Pass the list of supported languages to GeckoView. It will be used to prevent leaks about regional preferences. - - - - - 9d515b7c by Dan Ballard at 2024-10-22T11:10:26+02:00 Bug 42660: Disable ProxySelector.openConnectionWithProxy and NOPify CrashReporter.sendCrashReport - - - - - 547f60d2 by Beatriz Rizental at 2024-10-22T11:10:28+02:00 fixup! Bug 42660: Disable ProxySelector.openConnectionWithProxy and NOPify CrashReporter.sendCrashReport - - - - - 0dfa7bee by Dan Ballard at 2024-10-22T11:10:28+02:00 Bug 43006: Disable RFP for Font Visibility on Android - - - - - 8213fc9e by Henry Wilkes at 2024-10-22T11:10:29+02:00 Bug 43098: Year End Campaign 2024. Implements YEC 2024 for about:tor. - - - - - 758ee17f by Henry Wilkes at 2024-10-22T11:10:29+02:00 fixup! Bug 43098: Year End Campaign 2024. Bug 43149: Use special YEC 2024 donate url. - - - - - dba47080 by clairehurst at 2024-10-22T11:10:29+02:00 Bug_43099: 2024 YEC - - - - - 30 changed files: - .eslintignore - .gitignore - + .gitlab-ci.yml - + .gitlab/ci/docker/base/Dockerfile - + .gitlab/ci/lint.yml - + .gitlab/ci/scripts/helpers.py - + .gitlab/ci/update-translations.yml - + .gitlab/issue_templates/Backport Android Security Fixes.md - + .gitlab/issue_templates/Emergency Security Issue.md - + .gitlab/issue_templates/QA - Android.md - + .gitlab/issue_templates/QA - Desktop.md - + .gitlab/issue_templates/Rebase Browser - Alpha.md - + .gitlab/issue_templates/Rebase Browser - Stable.md - + .gitlab/issue_templates/bug.md - + .gitlab/merge_request_templates/default.md - .prettierignore - + README.md - − README.txt - + browser/actors/AboutTBUpdateChild.sys.mjs - + browser/actors/AboutTBUpdateParent.sys.mjs - + browser/actors/CryptoSafetyChild.sys.mjs - + browser/actors/CryptoSafetyParent.sys.mjs - − browser/actors/RFPHelperChild.sys.mjs - − browser/actors/RFPHelperParent.sys.mjs - browser/actors/moz.build - browser/app/Makefile.in - browser/app/macbuild/Contents/Info.plist.in - browser/app/macbuild/Contents/MacOS-files.in - browser/app/moz.build - browser/app/permissions The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/cc058e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/cc058e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new branch mullvad-browser-128.4.0esr-14.0-1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new branch mullvad-browser-128.4.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.17.0esr-13.5-1] 155 commits: Bug 1644383 - add mutexs to avoid data race. r=media-playback-reviewers, padenot
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch mullvad-browser-115.17.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 15e42dc2 by alwu at 2024-10-21T19:20:39+02:00 Bug 1644383 - add mutexs to avoid data race. r=media-playback-reviewers,padenot Differential Revision: https://phabricator.services.mozilla.com/D206943 - - - - - 2fb39426 by Edgar Chen at 2024-10-21T19:20:40+02:00 Bug 1743329 - Handle ESC key to release pointer lock in parent process; r=smaug Differential Revision: https://phabricator.services.mozilla.com/D211621 - - - - - 45a8a295 by Edgar Chen at 2024-10-21T19:20:40+02:00 Bug 1743329 - Release pointer lock when xul popup is open; r=smaug,pbz Differential Revision: https://phabricator.services.mozilla.com/D211620 - - - - - 8e1dc38d by Edgar Chen at 2024-10-21T19:20:40+02:00 Bug 1743329 - Use nsMenuPopupFrame in GetVisiblePopups(); r=smaug Differential Revision: https://phabricator.services.mozilla.com/D211619 A further change was needed in nsCaret.cpp, see https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - - - - - f6424cac by Otto Länd at 2024-10-21T19:20:40+02:00 Bug 1743329: apply code formatting via Lando # ignore-this-changeset - - - - - 69789163 by Anna Weine at 2024-10-21T19:20:41+02:00 Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in params and crv in alg are the same r=keeler https://treeherder.mozilla.org/jobs?repo=try&revision=ed7936b105dea8e58… Differential Revision: https://phabricator.services.mozilla.com/D217273 - - - - - 256a5f5c by Pier Angelo Vendrame at 2024-10-21T19:20:41+02:00 Bug 1787790: Normalize system fonts with RFP on. r=emilio System fonts can leak any user customization of system fonts, or user's locale (e.g., en-US and ja Windows have different system fonts). Also, Linux distributions/desktop environments set default fonts in different ways. Customization can be detected either with font metrics, the font allowed list is not enabled or the font is included in it, or with getComputedStyle, that leaks the name of the font that Firefox tries to apply. This patch try to prevent these leaks by using a generic "sans-serif" for all system fonts, except on macOS, where it uses "-apple-system", and on Android, where these fonts always use Roboto. Differential Revision: https://phabricator.services.mozilla.com/D163576 - - - - - f372515f by Eitan Isaacson at 2024-10-21T19:20:41+02:00 Bug 1819160 - Map Android ids to doc/accessible id pairs. r=Jamie Differential Revision: https://phabricator.services.mozilla.com/D179737 - - - - - 07f4196a by Fatih at 2024-10-21T19:20:41+02:00 Bug 1830629: Remove unnecessary checks for pdf.js for RFP. r=tjr resource:// is exempt from RFP, so we no longer need to check pdf.js specifically. Differential Revision: https://phabricator.services.mozilla.com/D209359 - - - - - c4cfdc82 by Pier Angelo Vendrame at 2024-10-21T19:20:41+02:00 Bug 1832523 - Allow using NSS to sign and verify MAR signatures. r=application-update-reviewers,glandium,bytesized Allow using NSS for checking MAR signatures also in platforms where OS-native APIs are used by default, i.e., macOS and Windows. Differential Revision: https://phabricator.services.mozilla.com/D177743 - - - - - 0a3a9011 by Pier Angelo Vendrame at 2024-10-21T19:20:42+02:00 Bug 1849129: Prevent exceptions caused by extensions from interrupting the SearchService initialization. r=search-reviewers,Standard8 Differential Revision: https://phabricator.services.mozilla.com/D186456 - - - - - a40c23a5 by Emilio Cobos Álvarez at 2024-10-21T19:20:42+02:00 Bug 1853731 - Use html:img for message-bar-icon. r=Gijs,dao,settings-reviewers,desktop-theme-reviewers,sfoster Differential Revision: https://phabricator.services.mozilla.com/D188521 - - - - - e305a97e by Pier Angelo Vendrame at 2024-10-21T19:20:42+02:00 Bug 1854117 - Sort the DLL blocklist flags. r=mossop,win-reviewers,gstoll Differential Revision: https://phabricator.services.mozilla.com/D188716 - - - - - 830f4baa by Eden Chuang at 2024-10-21T19:20:42+02:00 Bug 1738426 - Ignoring status 206 and vary header checking for opaque response in Cache API. r=asuth Differential Revision: https://phabricator.services.mozilla.com/D186431 - - - - - ef97c9fd by edgul at 2024-10-21T19:20:42+02:00 Bug 1802057 - Block the following characters from use in the cookie name in the cookie string: 0x3B (semi-colon), 0x3D (equals), and 0x7F (del) r=dveditz,cookie-reviewers Differential Revision: https://phabricator.services.mozilla.com/D182373 - - - - - c210215c by Kelsey Gilbert at 2024-10-21T19:20:43+02:00 Bug 1819497 - Don't race on static bool for initialization. r=gfx-reviewers,aosmond We could do non-racy static init here (e.g. with a static initializer self-calling-closure), but there doesn't seem to be a strong reason for this. Let's just use a switch and get robustness from -Werror=switch. Differential Revision: https://phabricator.services.mozilla.com/D188054 - - - - - 8ede21fc by Edgar Chen at 2024-10-21T19:20:43+02:00 Bug 1828259 - Close XUL popup when entering/exiting fullscreen; r=smaug Differential Revision: https://phabricator.services.mozilla.com/D209355 - - - - - a48d10d2 by hackademix at 2024-10-21T19:20:43+02:00 Bug 1835987 - Change RFP-spoofed TZ to Atlantic/Reykjavik. r=tjr Atlantic/Reykjavik stays on UTC during all the year, but it is less likely to be blocked than plan UTC. Differential Revision: https://phabricator.services.mozilla.com/D212131 - - - - - 0312764e by edgul at 2024-10-21T19:20:43+02:00 Bug 1879952 - Fix test expectations with samesite=lax turned on r=tschuster Differential Revision: https://phabricator.services.mozilla.com/D201639 - - - - - 8c7c5b87 by edgul at 2024-10-21T19:20:43+02:00 Bug 1844827 - Added checks for sub-document navigations from cross-site to same-site in third-party checks when setting a cookie. r=cookie-reviewers,valentin,bvandersloot a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D204074 - - - - - defb76e0 by Ed at 2024-10-21T19:20:44+02:00 Bug 1844827 - Update the cookie test expectations for iframe samesite r=cookie-reviewers,valentin a=RyanVM Depends on D199770 Differential Revision: https://phabricator.services.mozilla.com/D199772 - - - - - e1dcb5b0 by Mark Banner at 2024-10-21T19:20:44+02:00 Bug 1845752. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D186676 - - - - - f99b92b4 by Pier Angelo Vendrame at 2024-10-21T19:20:44+02:00 Bug 1849186 - Add a preference not to expose the content title in the window title. r=Gijs,tabbrowser-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D190496 - - - - - c843cb7a by Bob Owen at 2024-10-21T19:20:44+02:00 Bug 1850072: Initialize RecordedDrawTargetCreation::mHasExistingData. r=jrmuizel This also specializes ElementStreamFormat for bool. Differential Revision: https://phabricator.services.mozilla.com/D187794 - - - - - a62a9c8b by Malte Juergens at 2024-10-21T19:20:45+02:00 Bug 1850200 - Add delay to HTTPS-Only "Continue to HTTPS Site" button r=freddyb Differential Revision: https://phabricator.services.mozilla.com/D187887 - - - - - 932e9d86 by Henry Wilkes at 2024-10-21T19:20:45+02:00 Bug 1851618 - Allow removing packaged locales from requestedLocales. r=settings-reviewers,eemeli,Gijs We open up the UI to allow the user to remove locales from their requestedLocales list, except for the default locale. Differential Revision: https://phabricator.services.mozilla.com/D209930 - - - - - 10b908b5 by Andreas Pehrson at 2024-10-21T19:20:45+02:00 Bug 1851803 - Introduce SourceMediaTrack::mDirectDisabledMode. r=karlt Similar to MediaTrack::mDisabledMode, but this is for uses on the SourceMediaTrack producer thread. It is still signaled via a control message from the control thread to maintain order of operations, and is protected by the SourceMediaTrack mutex. Differential Revision: https://phabricator.services.mozilla.com/D187554 - - - - - bb4d4ff4 by Pier Angelo Vendrame at 2024-10-21T19:20:45+02:00 Bug 1860020 - Remove the assertion on the value of toolkit.telemetry.enabled. r=KrisWright,chutten Bug 1444275 introduced an assertion on the parent process to check that the value of toolkit.telemetry.enabled is the expected one. However, this expected value could be different from the one set and locked e.g. in some forks. Therefore, the assertion prevented debug builds from working in these cases. Differential Revision: https://phabricator.services.mozilla.com/D195080 - - - - - f1ffff8c by Kagami Sascha Rosylight at 2024-10-21T19:20:45+02:00 Bug 1865238 - Use One UI Sans KR VF for Korean sans-serif font on Android r=jfkthame Per /etc/fonts.xml, there are now only two `<family lang="ko">` nodes there: * OneUISansKRVF series * SECCJK series (but no KR postfix anymore?) This patch uses One UI Sans KR VF as the replacement as this is newer and is a variable font (tested with https://codepen.io/SaschaNaz/pen/ExrdYXJ) Differential Revision: https://phabricator.services.mozilla.com/D195078 - - - - - f1770bf2 by Nuohan Li at 2024-10-21T19:20:46+02:00 Bug 1871109 - generateHash in Manifest.sys.mjs should use sha256 r=peterv, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D204928 - - - - - 6a832628 by Tom Ritter at 2024-10-21T19:20:46+02:00 Bug 1873526: Refactor the restriction override list from a big if statement to a list r=KrisWright Differential Revision: https://phabricator.services.mozilla.com/D198081 - - - - - eeef9257 by Nika Layzell at 2024-10-21T19:20:46+02:00 Bug 1875248 - Check for network error preventing ExternalHelperAppService before DONT_RETARGET, r=smaug This reverts the change from 30cde47f9364e5c7da78fd08fa8ab21737d22399, and instead re-orders the NS_ERROR_FILE_NOT_FOUND check before DONT_RETARGET. Testing suggests that a-download-click-404.html behaviour isn't impacted, and this improves the handling of this edge-case when doing process switching. Differential Revision: https://phabricator.services.mozilla.com/D202007 - - - - - 85f3bae4 by Pier Angelo Vendrame at 2024-10-21T19:20:46+02:00 Bug 1875306 - Localize numbers in the underflow and overflow error messages. r=emilio Differential Revision: https://phabricator.services.mozilla.com/D198965 - - - - - 655cf983 by Pier Angelo Vendrame at 2024-10-21T19:20:46+02:00 Bug 1875313 - Use en-US as a fallback when spoof English is enabled in ICUUtils. r=timhuang,tjr Differential Revision: https://phabricator.services.mozilla.com/D198967 - - - - - 5768df7a by Julian Descottes at 2024-10-21T19:20:47+02:00 Bug 1880374 - Disable DNS prefetching if document nodePrincipal is systemPrincipal r=valentin Differential Revision: https://phabricator.services.mozilla.com/D210830 - - - - - fc2f0f4c by Pier Angelo Vendrame at 2024-10-21T19:20:47+02:00 Bug 1880988 - Apply spoof English to the default detail summary. r=emilio Differential Revision: https://phabricator.services.mozilla.com/D202203 - - - - - 11e3c55d by Nika Layzell at 2024-10-21T19:24:45+02:00 Bug 1881037 - Part 1: Stop showing unknown protocol error pages for web-triggered loads, r=smaug,necko-reviewers,kershaw, a=dsmith Differential Revision: https://phabricator.services.mozilla.com/D217495 - - - - - ae0c1bb5 by Edgar Chen at 2024-10-21T19:24:45+02:00 Bug 1883396 - Exit fullscreen when two Escape keyup events occur in a short time; r=smaug Differential Revision: https://phabricator.services.mozilla.com/D209667 - - - - - a8a015ab by Fatih at 2024-10-21T19:24:45+02:00 Bug 1885101: Match screen and window properties with top window for ScreenRect, ScreenAvailRect and WindowOuterSize. r=timhuang,emilio This patch removes test_iframe.html. We remove it because the newly introduced test covers the tests done in that test. The reason for removing it in the first place is now that screen properties are inherited/spoofed xorigin, we get a 4px difference. The reasosn for 4px difference is the test runner runs tests in an iframe with a 2px border on each side. Differential Revision: https://phabricator.services.mozilla.com/D215509 - - - - - 5aa668b9 by Tom Ritter at 2024-10-21T19:24:45+02:00 Bug 1885258: Hidden fonts should obey the allow list r=jfkthame Differential Revision: https://phabricator.services.mozilla.com/D204571 - - - - - 4d143dec by Andreas Farre at 2024-10-21T19:24:46+02:00 Bug 1886222 - Start reload by calling reload in the parent. r=Gijs,canadahonk,smaug, a=dsmith (esr128->esr115 backport) Differential Revision: https://phabricator.services.mozilla.com/D211519 - - - - - c399c809 by Jonathan Kew at 2024-10-21T19:24:46+02:00 Bug 1886598 - Struct with Pointer member may not be memmove-able. r=gfx-reviewers,lsalzman Differential Revision: https://phabricator.services.mozilla.com/D206633 - - - - - 940b6f1b by Jonathan Kew at 2024-10-21T19:24:46+02:00 Bug 1890204 - Ensure font entry's unitsPerEm and font extents are initialized when gfxFont is created. r=gfx-reviewers,lsalzman This means that by the time we potentially call GetFontExtents() when drawing, the extents fields are guaranteed to have been been initialized, and there's no risk of the (read-only) access here racing with setting them in UnitsPerEm(). Differential Revision: https://phabricator.services.mozilla.com/D206920 - - - - - cbc4e0f1 by Kershaw Chang at 2024-10-21T19:24:46+02:00 Bug 1892449 - Set network.http.digest_auth_cnonce_length to 16, a=dmeehan Apparently, setting this value to 64 breaks some sites. We should use the same length as Chrome. Original Revision: https://phabricator.services.mozilla.com/D208103 Differential Revision: https://phabricator.services.mozilla.com/D208119 - - - - - aa9da3a6 by cypherpunks1 at 2024-10-21T19:24:46+02:00 Bug 1892052 - Do not persist custom network requests on PBM. r=devtools-reviewers,bomsy,nchevobbe Differential Revision: https://phabricator.services.mozilla.com/D207762 - - - - - 06ea7c6a by Jonathan Kew at 2024-10-21T19:24:47+02:00 Bug 1893891 - Clear mSharedBlobData if blob creation failed. a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D208983 Differential Revision: https://phabricator.services.mozilla.com/D209209 - - - - - 310454ed by cypherpunks1 at 2024-10-21T19:24:47+02:00 Bug 1892046 - Add origin attributes to about:reader requests. r=reader-mode-reviewers,cmkm Differential Revision: https://phabricator.services.mozilla.com/D207759 - - - - - c3a99784 by Timothy Nikkel at 2024-10-21T19:24:47+02:00 Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel. Differential Revision: https://phabricator.services.mozilla.com/D212083 - - - - - a0124a74 by Jan de Mooij at 2024-10-21T19:24:47+02:00 Bug 1900523 - Don't use bailout data for JSJitToWasm frames. r=iain Differential Revision: https://phabricator.services.mozilla.com/D212554 - - - - - 420e147e by Jan de Mooij at 2024-10-21T19:24:47+02:00 Bug 1902983 - Don't use bailout data after iterating Wasm frames. a=RyanVM This is similar to bug 1900523, but the fix there was incomplete because the `JSJitToWasm` frame type is only used when we go through the Wasm JIT entry trampoline. Ion can also call Wasm functions directly and in that case the type will be `FrameType::Exit`. Original Revision: https://phabricator.services.mozilla.com/D214098 Differential Revision: https://phabricator.services.mozilla.com/D214375 - - - - - db3f8d1e by Jon Coppeard at 2024-10-21T19:24:48+02:00 Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain Differential Revision: https://phabricator.services.mozilla.com/D214799 - - - - - 12052dfa by Kershaw Chang at 2024-10-21T19:24:48+02:00 Bug 1907726 - Make sure WebTransportSessionProxy::NotifyDatagramReceived is called after OnStopRequest, a=RyanVM The crash occurs because WebTransportSessionProxy::OnDatagramReceivedInternal is called before WebTransportSessionProxy::OnStopRequest. When this happens, WebTransportSessionProxy::mTarget is the main thread, so a task is dispatched to the main thread. This causes WebTransportSessionProxy::NotifyDatagramReceived to be called on the main thread. If WebTransportSessionProxy::NotifyDatagramReceived is invoked while WebTransportSessionProxy::mStopRequestCalled is true, it can lead to OnDatagramReceived being called on the main thread (instead of the socket thread), resulting in a crash. Original Revision: https://phabricator.services.mozilla.com/D220013 Differential Revision: https://phabricator.services.mozilla.com/D221661 - - - - - aea2ea2a by Sam Foster at 2024-10-21T19:24:48+02:00 Bug 1909099 - Always clean up old session restore and sync log files. r=markh,sessionstore-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D217520 - - - - - e42b03cd by Nika Layzell at 2024-10-21T19:24:48+02:00 Bug 1911745 - Unify BrowsingContext flag coherency checks, r=mccr8 Previously these checks were largely diagnostic tools for finding bugs in other code as it evolves. This unifies the checks a bit more and makes them stronger for BrowsingContexts created over IPC, providing a place for more coherency checks to be added in the future. Differential Revision: https://phabricator.services.mozilla.com/D218860 - - - - - 77021b25 by Steve Fink at 2024-10-21T19:24:49+02:00 Bug 1912471 - Disallow deserializing structured clone buffers with transferables more than once r=iain, a=dsmith Differential Revision: https://phabricator.services.mozilla.com/D220644 - - - - - c67ec7dd by Emilio Cobos Álvarez at 2024-10-21T19:24:49+02:00 Bug 1914106 - Deal with insertRule edge-case. r=jwatt a=RyanVM When there's trailing garbage after an @import rule we throw, but we still trigger the load (that's not great but not trivial to change). Deal with that case before calling ImportRuleLoaded(). Differential Revision: https://phabricator.services.mozilla.com/D219783 - - - - - 5cbd4cb6 by André Bargull at 2024-10-21T19:24:49+02:00 Bug 1915249: Add more nodiscard. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D220311 Differential Revision: https://phabricator.services.mozilla.com/D221663 - - - - - e265819d by Paul Zuehlcke at 2024-10-21T19:24:49+02:00 Bug 1916659, a=diannaS Original Revision: https://phabricator.services.mozilla.com/D222629 Differential Revision: https://phabricator.services.mozilla.com/D222934 - - - - - 92c9fcda by Henry Wilkes at 2024-10-21T19:24:49+02:00 Bug 41454: Move focus after calling openPreferences for a sub-category. Temporary fix until mozilla bug 1799153 gets a patch upstream. - - - - - d657ae62 by hackademix at 2024-10-21T19:24:50+02:00 Bug 42194: Fix blank net error page on failed DNS resolution with active proxy. - - - - - d6c1dc01 by Henry Wilkes at 2024-10-21T19:24:50+02:00 Bug 41483: Remove the firefox override for appstrings.properties Remove this patch after upstream bugzilla bug 1790187 - - - - - 0d65a480 by Marco Simonelli at 2024-10-21T19:24:50+02:00 Bug 41459: WebRTC fails to build under mingw (Part 1) - properly define NOMINMAX for just MSVC builds - - - - - 38409e5b by Marco Simonelli at 2024-10-21T19:24:50+02:00 Bug 41459: WebRTC fails to build under mingw (Part 2) - fixes required to build third_party/libwebrtc - - - - - 31afb04d by Marco Simonelli at 2024-10-21T19:24:50+02:00 Bug 41459: WebRTC fails to build under mingw (Part 3) - fixes required to build third_party/sipcc - - - - - 3a19fff3 by Marco Simonelli at 2024-10-21T19:24:51+02:00 Bug 41459: WebRTC fails to build under mingw (Part 4) - fixes requried to build netwerk/sctp - - - - - c6e8edd7 by Marco Simonelli at 2024-10-21T19:24:51+02:00 Bug 41459: WebRTC fails to build under mingw (Part 5) - fixes required to build dom/media/webrtc - - - - - 23eb92a3 by Marco Simonelli at 2024-10-21T19:24:51+02:00 Bug 41459: WebRTC fails to build under mingw (Part 6) - fixes required to build dom/media/systemservices - - - - - 1ade3e05 by hackademix at 2024-10-21T19:24:51+02:00 Bug 41854: Allow overriding download spam protection. - - - - - ffa20eee by hackademix at 2024-10-21T19:24:51+02:00 Bug 42835: Create an actor to filter file data transfers - - - - - 93ac479d by Gaba at 2024-10-21T19:24:52+02:00 Adding issue and merge request templates - - - - - 7630bc80 by Pier Angelo Vendrame at 2024-10-21T19:24:52+02:00 Base Browser's .mozconfigs. Bug 17858: Cannot create incremental MARs for hardened builds. Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff (which is part of mar-tools and is not distributed to end-users) with ASan. Bug 21849: Don't allow SSL key logging. Bug 25741 - TBA: Disable features at compile-time Define MOZ_ANDROID_NETWORK_STATE and MOZ_ANDROID_LOCATION Bug 27623 - Export MOZILLA_OFFICIAL during desktop builds This fixes a problem where some preferences had the wrong default value. Also see bug 27472 where we made a similar fix for Android. Bug 29859: Disable HLS support for now Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT Bug 33734: Set MOZ_NORMANDY to False Bug 33851: Omit Parental Controls. Bug 40252: Add --enable-rust-simd to our tor-browser mozconfig files Bug 41584: Move some configuration options to base-browser level - - - - - 305a8962 by Pier Angelo Vendrame at 2024-10-21T19:24:52+02:00 Tweaks to the build system Bug 40857: Modified the fat .aar creation file This is a workaround to build fat .aars with the compiling enviornment disabled. Mozilla does not use a similar configuration, but either runs a Firefox build and discards its output, or uses artifacts build. We might switch to artifact builds too, and drop this patch, or write a better one to upstream. But until then we need this patch. See also https://bugzilla.mozilla.org/show_bug.cgi?id=1763770. Bug 41458: Prevent `mach package-multi-locale` from actually creating a package macOS builds need some files to be moved around with ./mach package-multi-locale to create multi-locale packages. The required command isn't exposed through any other mach command. So, we patch package-multi-locale both to prevent it from failing when doing official builds and to detect any future changes on it. - - - - - 3b0529d1 by Pier Angelo Vendrame at 2024-10-21T19:24:52+02:00 Bug 41108: Remove privileged macOS installation from 102 - - - - - dc226763 by Dan Ballard at 2024-10-21T19:24:52+02:00 Bug 41149: Re-enable DLL injection protection in all builds not just nightlies - - - - - 575c519d by Matthew Finkel at 2024-10-21T19:24:53+02:00 Bug 24796: Comment out excess permissions from GeckoView The GeckoView AndroidManifest.xml is not preprocessed unlike Fennec's manifest, so we can't use the ifdef preprocessor guards around the permissions we do not want. Commenting the permissions is the next-best-thing. - - - - - 6eea9a35 by Matthew Finkel at 2024-10-21T19:24:53+02:00 Bug 28125: Prevent non-Necko network connections - - - - - 8b174219 by Mike Perry at 2024-10-21T19:24:53+02:00 Bug 12974: Disable NTLM and Negotiate HTTP Auth The Mozilla bugs: https://bugzilla.mozilla.org/show_bug.cgi?id=1046421, https://bugzilla.mozilla.org/show_bug.cgi?id=1261591, tor-browser#27602 - - - - - 3883b709 by Alex Catarineu at 2024-10-21T19:24:53+02:00 Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1768899 - - - - - 30b2a38d by Georg Koppen at 2024-10-21T19:24:54+02:00 Bug 16285: Exclude ClearKey system for now In the past the ClearKey system had not been compiled when specifying --disable-eme. But that changed and it is even bundled nowadays (see: Mozilla's bug 1300654). We don't want to ship it right now as the use case for it is not really visible while the code had security vulnerabilities in the past. - - - - - 400cc0bf by Kathy Brade at 2024-10-21T19:24:54+02:00 Bug 21431: Clean-up system extensions shipped in Firefox Only ship the pdfjs extension. - - - - - c17e6c4a by Kathy Brade at 2024-10-21T19:24:54+02:00 Bug 33852: Clean up about:logins (LockWise) to avoid mentioning sync, etc. Hide elements on about:logins that mention sync, "Firefox LockWise", and Mozilla's LockWise mobile apps. Disable the "Create New Login" button when security.nocertdb is true. - - - - - 6a01ff12 by Alex Catarineu at 2024-10-21T19:24:54+02:00 Bug 41457: Remove Mozilla permissions Bug 40025: Remove Mozilla add-on install permissions - - - - - 423fe880 by Kathy Brade at 2024-10-21T19:24:54+02:00 Bug 40002: Remove about:ion Firefox Ion (previously Firefox Pioneer) is an opt-in program in which people volunteer to participate in studies that collect detailed, sensitive data about how they use their browser. Bug 41662: Disable about:sync-logs Even though we disable sync by default with `identity.fxaccounts.enabled`, this about: page is still avilable. We could throw an exception on the constructor of the related component, but it would result only in an error in the console, without a visible "this address does not look right" error page. If we fix the issues with MOZ_SERVICES_SYNC, we can restore the component. - - - - - b83ac777 by Arthur Edelstein at 2024-10-21T19:24:55+02:00 Bug 26353: Prevent speculative connect that violated FPI. Connections were observed in the catch-all circuit when the user entered an https or http URL in the URL bar, or typed a search term. - - - - - 5eb344bb by Alex Catarineu at 2024-10-21T19:24:55+02:00 Bug 31740: Remove some unnecessary RemoteSettings instances More concretely, SearchService.jsm 'hijack-blocklists' and url-classifier-skip-urls. Avoid creating instance for 'anti-tracking-url-decoration'. If prefs are disabling their usage, avoid creating instances for 'cert-revocations' and 'intermediates'. Do not ship JSON dumps for collections we do not expect to need. For the ones in the 'main' bucket, this prevents them from being synced unnecessarily (the code in remote-settings does so for collections in the main bucket for which a dump or local data exists). For the collections in the other buckets, we just save some size by not shipping their dumps. We also clear the collections database on the v2 -> v3 migration. - - - - - e3aeadb8 by cypherpunks1 at 2024-10-21T19:24:55+02:00 Bug 41092: Add a RemoteSettings JSON dump for query-stripping - - - - - d7e810b5 by Pier Angelo Vendrame at 2024-10-21T19:24:55+02:00 Bug 41635: Disable the Normandy component Do not include Normandy at all whenever MOZ_NORMANDY is False. - - - - - 4911d42b by Georg Koppen at 2024-10-21T19:24:55+02:00 Bug 30541: Disable WebGL readPixel() for web content Related Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1428034 - - - - - d4d2011e by Alex Catarineu at 2024-10-21T19:24:56+02:00 Bug 28369: Stop shipping pingsender executable - - - - - e1645e96 by cypherpunks1 at 2024-10-21T19:24:56+02:00 Bug 41568: Disable LaterRun - - - - - d7a44b7f by cypherpunks1 at 2024-10-21T19:24:56+02:00 Bug 40717: Hide Windows SSO in settings - - - - - 7876ccf2 by Pier Angelo Vendrame at 2024-10-21T19:24:56+02:00 Bug 41599: Always return an empty string as network ID Firefox computes an internal network ID used to detect network changes and act consequently (e.g., to improve WebSocket UX). However, there are a few ways to get this internal network ID, so we patch them out, to be sure any new code will not be able to use them and possibly link users. We also sent a patch to Mozilla to seed the internal network ID, to prevent any accidental leak in the future. Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1817756 - - - - - 74d23166 by Richard Pospesel at 2024-10-21T19:24:56+02:00 Bug 41327: Disable UrlbarProviderInterventions - - - - - d73f257d by Richard Pospesel at 2024-10-21T19:24:57+02:00 Bug 42037: Disable about:firefoxview page - - - - - f0512bb8 by Mike Perry at 2024-10-21T19:24:57+02:00 Firefox preference overrides. This hack directly includes our preference changes in omni.ja. Bug 18292: Staged updates fail on Windows Temporarily disable staged updates on Windows. Bug 18297: Use separate Noto JP,KR,SC,TC fonts Bug 23404: Add Noto Sans Buginese to the macOS whitelist Bug 23745: Set dom.indexedDB.enabled = true Bug 13575: Disable randomised Firefox HTTP cache decay user tests. (Fernando Fernandez Mancera <ffmancera(a)riseup.net>) Bug 17252: Enable session identifiers with FPI Session tickets and session identifiers were isolated by OriginAttributes, so we can re-enable them by allowing the default value (true) of "security.ssl.disable_session_identifiers". The pref "security.enable_tls_session_tickets" is obsolete (removed in https://bugzilla.mozilla.org/917049) Bug 14952: Enable http/2 and AltSvc In Firefox, SPDY/HTTP2 now uses Origin Attributes for isolation of connections, push streams, origin frames, etc. That means we get first-party isolation provided "privacy.firstparty.isolate" is true. So in this patch, we stop overriding "network.http.spdy.enabled" and "network.http.spdy.enabled.http2". Alternate Services also use Origin Attributes for isolation. So we stop overriding "network.http.altsvc.enabled" and "network.http.altsvc.oe" as well. (All 4 of the abovementioned "network.http.*" prefs adopt Firefox 60ESR's default value of true.) However, we want to disable HTTP/2 push for now, so we set "network.http.spdy.allow-push" to false. "network.http.spdy.enabled.http2draft" was removed in Bug 1132357. "network.http.sped.enabled.v2" was removed in Bug 912550. "network.http.sped.enabled.v3" was removed in Bug 1097944. "network.http.sped.enabled.v3-1" was removed in Bug 1248197. Bug 26114: addons.mozilla.org is not special * Don't expose navigator.mozAddonManager on any site * Don't block NoScript from modifying addons.mozilla.org or other sites Enable ReaderView mode again (#27281). Bug 29916: Make sure enterprise policies are disabled Bug 2874: Block Components.interfaces from content Bug 26146: Spoof HTTP User-Agent header for desktop platforms In Tor Browser 8.0, the OS was revealed in both the HTTP User-Agent header and to JavaScript code via navigator.userAgent. To avoid leaking the OS inside each HTTP request (which many web servers log), always use the Windows 7 OS value in the desktop User-Agent header. We continue to allow access to the actual OS via JavaScript, since doing so improves compatibility with web applications such as GitHub and Google Docs. Bug 12885: Windows Jump Lists fail for Tor Browser Jumplist entries are stored in a binary file in: %APPDATA%\\Microsoft\Windows\Recent\CustomDestinations\ and has a name in the form [a-f0-9]+.customDestinations-ms The hex at the front is unique per app, and is ultimately derived from something called the 'App User Model ID' (AUMID) via some unknown hashing method. The AUMID is provided as a key when programmatically creating, updating, and deleting a jumplist. The default behaviour in firefox is for the installer to define an AUMID for an app, and save it in the registry so that the jumplist data can be removed by the uninstaller. However, the Tor Browser does not set this (or any other) regkey during installation, so this codepath fails and the app's AUMID is left undefined. As a result the app's AUMID ends up being defined by windows, but unknowable by Tor Browser. This unknown AUMID is used to create and modify the jumplist, but the delete API requires that we provide the app's AUMID explicitly. Since we don't know what the AUMID is (since the expected regkey where it is normally stored does not exist) jumplist deletion will fail and we will leave behind a mostly empty customDestinations-ms file. The name of the file is derived from the binary path, so an enterprising person could reverse engineer how that hex name is calculated, and generate the name for Tor Browser's default Desktop installation path to determine whether a person had used Tor Browser in the past. The 'taskbar.grouping.useprofile' option that is enabled by this patch works around this AUMID problem by having firefox.exe create it's own AUMID based on the profile path (rather than looking for a regkey). This way, if a user goes in and enables and disables jumplist entries, the backing store is properly deleted. Unfortunately, all windows users currently have this file lurking in the above mentioned directory and this patch will not remove it since it was created with an unknown AUMID. However, another patch could be written which goes to that directory and deletes any item containing the 'Tor Browser' string. See bug 28996. Bug 30845: Make sure default themes and other internal extensions are enabled Bug 28896: Enable extensions in private browsing by default Bug 31065: Explicitly allow proxying localhost Bug 31598: Enable letterboxing Disable Presentation API everywhere Bug 21549 - Use Firefox's WASM default pref. It is disabled at safer security levels. Bug 32321: Disable Mozilla's MitM pings Bug 19890: Disable installation of system addons By setting the URL to "" we make sure that already installed system addons get deleted as well. Bug 22548: Firefox downgrades VP9 videos to VP8. On systems where H.264 is not available or no HWA, VP9 is preferred. But in Tor Browser 7.0 all youtube videos are degraded to VP8. This behaviour can be turned off by setting media.benchmark.vp9.threshold to 0. All clients will get better experience and lower traffic, beause TBB doesn't use "Use hardware acceleration when available". Bug 25741 - TBA: Add mobile-override of 000-tor-browser prefs Bug 16441: Suppress "Reset Tor Browser" prompt. Bug 29120: Use the in-memory media cache and increase its maximum size. Bug 33697: use old search config based on list.json Bug 33855: Ensure that site-specific browser mode is disabled. Bug 30682: Disable Intermediate CA Preloading. Bug 40061: Omit the Windows default browser agent from the build Bug 40322: Consider disabling network.connectivity-service.enabled Bug 40408: Disallow SVG Context Paint in all web content Bug 40308: Disable network partitioning until we evaluate dFPI Bug 40322: Consider disabling network.connectivity-service.enabled Bug 40383: Disable dom.enable_event_timing Bug 40423: Disable http/3 Bug 40177: Update prefs for Fx91esr Bug 40700: Disable addons and features recommendations Bug 40682: Disable network.proxy.allow_bypass Bug 40736: Disable third-party cookies in PBM Bug 19850: Enabled HTTPS-Only by default Bug 40912: Hide the screenshot menu Bug 41292: Disable moreFromMozilla in preferences page Bug 40057: Ensure the CSS4 system colors are not a fingerprinting vector Bug 24686: Set network.http.tailing.enabled to true Bug 40183: Disable TLS ciphersuites using SHA-1 Bug 40783: Review 000-tor-browser.js and 001-base-profile.js for 102 We reviewed all the preferences we set for 102, and remove a few old ones. See the description of that issue to see all the preferences we believed were still valid for 102, and some brief description for the reasons to keep them. - - - - - 39aa6950 by hackademix at 2024-10-21T19:24:57+02:00 fixup! Firefox preference overrides. MB361: Disable only cyphersuites using SH1 for signing (ECDSA). - - - - - ddd07850 by Pier Angelo Vendrame at 2024-10-21T19:24:57+02:00 Bug 41043: Hardcode the UI font on Linux The mechanism to choose the UI font does not play well with our fontconfig configuration. As a result, the final criterion to choose the font for the UI was its version. Since we hardcode Arimo as a default sans-serif on preferences, we use it also for the UI. FontConfig will fall back to some other font for scripts Arimo does not cover as expected (we tested with Japanese). - - - - - 8ea8fcc9 by Pier Angelo Vendrame at 2024-10-21T19:24:57+02:00 Bug 41901: Hardcode normalized FontSubstitutes. Windows has a system to set font aliases through the registry. This allows some customization that could be used as a fingerprinting vector. Moreover, this mechanism is used by Windows itself, and different SKUs might have different default FontSubstitutes. - - - - - 467bc60a by Alex Catarineu at 2024-10-21T19:24:58+02:00 Bug 30605: Honor privacy.spoof_english in Android This checks `privacy.spoof_english` whenever `setLocales` is called from Fenix side and sets `intl.accept_languages` accordingly. Bug 40198: Expose privacy.spoof_english pref in GeckoView - - - - - 14c09a65 by Pier Angelo Vendrame at 2024-10-21T19:24:58+02:00 Bug 42562: Normalized the Accepted Languages on Android. The OS language might be outside the list of actually supported languages and it might leak the user's region. Therefore, we force the locale reported in Accept-Language to match one we support with translations, even when it means using a not exact region tag. - - - - - 5c376262 by Alex Catarineu at 2024-10-21T19:24:58+02:00 Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware - - - - - 79a2cb0b by Alex Catarineu at 2024-10-21T19:24:58+02:00 Bug 26345: Hide tracking protection UI - - - - - 5d7a8b45 by Pier Angelo Vendrame at 2024-10-21T19:24:59+02:00 Bug 9173: Change the default Firefox profile directory to be relative. This commit makes Firefox look for the default profile directory in a directory relative to the binary path. The directory can be specified through the --with-relative-data-dir. This is relative to the same directory as the firefox main binary for Linux and Windows. On macOS, we remove Contents/MacOS from it. Or, in other words, the directory is relative to the application bundle. This behavior can be overriden at runtime, by placing a file called system-install adjacent to the firefox main binary (also on macOS). - - - - - daa2e752 by Alex Catarineu at 2024-10-21T19:24:59+02:00 Bug 27604: Fix addon issues when moving the profile directory Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1429838 - - - - - d5d736d1 by Mike Perry at 2024-10-21T19:24:59+02:00 Bug 13028: Prevent potential proxy bypass cases. It looks like these cases should only be invoked in the NSS command line tools, and not the browser, but I decided to patch them anyway because there literally is a maze of network function pointers being passed around, and it's very hard to tell if some random code might not pass in the proper proxied versions of the networking code here by accident. Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1433509 - - - - - 4053744c by Pier Angelo Vendrame at 2024-10-21T19:24:59+02:00 Bug 40309: Avoid using regional OS locales Avoid regional OS locales if the pref `intl.regional_prefs.use_os_locales` is false but RFP is enabled. - - - - - 1e8f584a by Matthew Finkel at 2024-10-21T19:24:59+02:00 Bug 40432: Prevent probing installed applications Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1711084 - - - - - 12f36478 by cypherpunks1 at 2024-10-21T19:25:00+02:00 Bug 33955: When copying an image only copy the image contents to the clipboard - - - - - 85ded2f2 by cypherpunks1 at 2024-10-21T19:25:00+02:00 Bug 41791: Omit the source URL when copying page contents to the clipboard - - - - - ad09f7a0 by hackademix at 2024-10-21T19:25:00+02:00 Bug 42288: Allow language spoofing in status messages. - - - - - 72644e77 by Richard Pospesel at 2024-10-21T19:25:00+02:00 Bug 41659: Add canonical color definitions to base-browser - - - - - dcb1e5c4 by Pier Angelo Vendrame at 2024-10-21T19:25:00+02:00 Base Browser strings This commit adds all the strings needed by following Base Browser patches. - - - - - 197bab6d by Pier Angelo Vendrame at 2024-10-21T19:25:01+02:00 Bug 41369: Improve Firefox language settings for multi-lingual packages Change the language selector to be sorted by language code, rather than name, and to display the language code to the user. Bug 41372: Handle Japanese as a special case in preferences on macOS Japanese is treated in a special way on macOS. However, seeing the Japanese language tag could be confusing for users, and moreover the language name is not localized correctly like other langs. Bug 41378: Tell users that they can change their language at the first start With multi-lingual builds, Tor Browser matches the user's system language, but some users might want to change it. So, we tell them that it is possible, but only once. - - - - - 0dfa3209 by p13dz at 2024-10-21T19:25:01+02:00 Bug 40283: Workaround for the file upload bug - - - - - 45d937ec by Arthur Edelstein at 2024-10-21T19:25:01+02:00 Bug 18905: Hide unwanted items from help menu Bug 25660: Remove the "New Private Window" option - - - - - d13be5f6 by Pier Angelo Vendrame at 2024-10-21T19:25:01+02:00 Bug 41739: Remove "Website appearance" from about:preferences. It is ignored because of RFP and it is confusing for users. - - - - - 8efe9e13 by hackademix at 2024-10-21T19:25:01+02:00 Bug 42019: Empty browser's clipboard on browser shutdown - - - - - a9063258 by hackademix at 2024-10-21T19:25:02+02:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 43209: Check if any data is available before trying to retrieve it from the clipboard. - - - - - 4d813266 by hackademix at 2024-10-21T19:25:02+02:00 Bug 42084: Ensure English spoofing works even if preferences are set out of order. - - - - - 34e4b2f3 by Pier Angelo Vendrame at 2024-10-21T19:25:02+02:00 Bug 41930: Remove the UI to customize accept_languages. - - - - - 23e2b0c5 by Pier Angelo Vendrame at 2024-10-21T19:25:02+02:00 Bug 42376: Pass the locale list when constructing l10n in datetimebox The datetime input is inconsistent with other inputs when using spoof English: its placeholder is not translated, unlike the default values and texts of all the other inputs. - - - - - 8ca163fd by Pier Angelo Vendrame at 2024-10-21T19:25:02+02:00 Bug 42428: Make RFP spoof the timezone of document.lastModified. - - - - - ffede0aa by Pier Angelo Vendrame at 2024-10-21T19:25:03+02:00 Bug 42472: Spoof timezone in XSLT. - - - - - 5d983815 by hackademix at 2024-10-21T19:25:03+02:00 Bug 41434: Letterboxing, preemptively apply margins in a global CSS rule to mitigate race conditions on newly created windows and tabs. - - - - - 875ed88f by hackademix at 2024-10-21T19:25:03+02:00 Bug 41434: Letterboxing, improve logging. - - - - - 39df1548 by hackademix at 2024-10-21T19:25:03+02:00 Bug 31064: Letterboxing, exempt browser extensions. - - - - - 1bf8c959 by hackademix at 2024-10-21T19:25:04+02:00 Bug 32411: Letterboxing, exempt view-source: URIs. - - - - - 8be9c6e6 by hackademix at 2024-10-21T19:25:04+02:00 Bug 42574: Letterboxing, exempt pdf.js. - - - - - 6850b28c by hackademix at 2024-10-21T19:25:04+02:00 Bug 32308: Use direct browser sizing for letterboxing. Bug 30556: align letterboxing with 200x100 new win width stepping - - - - - 17803ad5 by hackademix at 2024-10-21T19:25:04+02:00 Bug 41631: Prevent weird initial window dimensions caused by subpixel computations - - - - - b5b74738 by hackademix at 2024-10-21T19:25:04+02:00 Bug 41918: Option to reuse last window size when letterboxing is enabled. - - - - - 62d5b9a5 by hackademix at 2024-10-21T19:25:05+02:00 Bug 41916: Letterboxing preferences UI - - - - - da24d7f2 by hackademix at 2024-10-21T19:25:05+02:00 Bug 41695: Warn on window maximization without letterboxing in RFPHelper module - - - - - f8c2c09c by hackademix at 2024-10-21T19:25:05+02:00 Bug 42443: Shrink window to match letterboxing size when the emtpy area is clicked. - - - - - e8721bd0 by Henry Wilkes at 2024-10-21T19:25:05+02:00 Bug 42528: Don't leak system scrollbar size on windows. - - - - - 1d9927ec by Henry Wilkes at 2024-10-21T19:25:05+02:00 Bug 31575: Disable Firefox Home (Activity Stream) Treat about:blank as the default home page and new tab page. Avoid loading AboutNewTab in BrowserGlue.sys.mjs in order to avoid several network requests that we do not need. Bug 41624: Disable about:pocket-* pages. Bug 40144: Redirect about:privatebrowsing to the user's home - - - - - 1bf01d0d by Kathy Brade at 2024-10-21T19:25:06+02:00 Bug 4234: Use the Firefox Update Process for Base Browser. Windows: disable "runas" code path in updater (15201). Windows: avoid writing to the registry (16236). Also includes fixes for tickets 13047, 13301, 13356, 13594, 15406, 16014, 16909, 24476, and 25909. Also fix bug 27221: purge the startup cache if the Base Browser version changed (even if the Firefox version and build ID did not change), e.g., after a minor Base Browser update. Also fix 32616: Disable GetSecureOutputDirectoryPath() functionality. Bug 26048: potentially confusing "restart to update" message Within the update doorhanger, remove the misleading message that mentions that windows will be restored after an update is applied, and replace the "Restart and Restore" button label with an existing "Restart to update Tor Browser" string. Bug 28885: notify users that update is downloading Add a "Downloading Base Browser update" item which appears in the hamburger (app) menu while the update service is downloading a MAR file. Before this change, the browser did not indicate to the user that an update was in progress, which is especially confusing in Tor Browser because downloads often take some time. If the user clicks on the new menu item, the about dialog is opened to allow the user to see download progress. As part of this fix, the update service was changed to always show update-related messages in the hamburger menu, even if the update was started in the foreground via the about dialog or via the "Check for Tor Browser Update" toolbar menu item. This change is consistent with the Tor Browser goal of making sure users are informed about the update process. Removed #28885 parts of this patch which have been uplifted to Firefox. - - - - - 0807d898 by Pier Angelo Vendrame at 2024-10-21T19:25:06+02:00 fixup! Bug 4234: Use the Firefox Update Process for Base Browser. Bug 42747: Discard unsupported updates earlier. Firefox's updater has a function to select updates, which checks mainly the version number. Therefore, a more recent update that is unsupported will be chosen over a compatible one. We patch this to be able to provide an alternative update path to Windows 7. - - - - - bd0e929f by Pier Angelo Vendrame at 2024-10-21T19:25:06+02:00 Bug 42061: Create an alpha update channel. - - - - - e432a6eb by Nicolas Vigier at 2024-10-21T19:25:06+02:00 Bug 41682: Add base-browser nightly mar signing key - - - - - 120ba80c by Pier Angelo Vendrame at 2024-10-21T19:25:07+02:00 Bug 41603: Customize the creation of MOZ_SOURCE_URL MOZ_SOURCE_URL is created by combining MOZ_SOURCE_REPO and MOZ_SOURCE_CHANGESET. But the code takes for granted that it refers to a Hg instance, so it combines them as `$MOZ_SOURCE_REPO/rev/$MOZ_SOURCE_CHANGESET`. With this commit, we change this logic to combine them to create a URL that is valid for GitLab. $MOZ_SOURCE_CHANGESET needs to be a commit hash, not a branch or a tag. If that is needed, we could use /-/tree/, instead of /-/commit/. - - - - - b9909d3b by Pier Angelo Vendrame at 2024-10-21T19:25:07+02:00 Bug 41698: Reword the recommendation badges in about:addons Firefox strings use { -brand-product-name }. As a result, it seems that the fork is recommending extensions, whereas AMO curators are doing that. So, we replace the strings with custom ones that clarify that Mozilla is recommending them. We assign the strings with JS because our translation backend does not support Fluent attributes, yet, but once it does, we should switch to them, instead. Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1825033 - - - - - 39a3cb81 by Pier Angelo Vendrame at 2024-10-21T19:25:07+02:00 Bug 42438: Tweaks to the migration wizard. Remove the items not compatible with our features (such as history) from the migration wizard. On Linux, allow to specify an alternative home directory, since we usually change $HOME in our startup script. - - - - - 9e928583 by Alex Catarineu at 2024-10-21T19:25:07+02:00 Bug 40069: Add helpers for message passing with extensions - - - - - 168c25bb by Matthew Finkel at 2024-10-21T19:25:07+02:00 Bug 41598: Prevent NoScript from being removed/disabled. Bug 40253: Explicitly allow NoScript in Private Browsing mode. - - - - - 9edc1d32 by Henry Wilkes at 2024-10-21T19:25:08+02:00 Bug 41736: Hide NoScript extension's toolbar button by default. This hides it from both the toolbar and the unified extensions panel. We also hide the unified-extension-button if the panel would be empty: not including the NoScript button when it is hidden. As a result, this will be hidden by default until a user installs another extension (or shows the NoScript button and unpins it). - - - - - fbd763f5 by hackademix at 2024-10-21T19:25:08+02:00 Bug 41834: Hide "Can't Be Removed - learn more" menu line for uninstallable add-ons - - - - - 4bbb885b by Pier Angelo Vendrame at 2024-10-21T19:25:08+02:00 Bug 40925: Implemented the Security Level component This component adds a new Security Level toolbar button which visually indicates the current global security level via icon (as defined by the extensions.torbutton.security_slider pref), a drop-down hanger with a short description of the current security level, and a new section in the about:preferences#privacy page where users can change their current security level. In addition, the hanger and the preferences page will show a visual warning when the user has modified prefs associated with the security level and provide a one-click 'Restore Defaults' button to get the user back on recommended settings. Bug 40125: Expose Security Level pref in GeckoView - - - - - 4e28af5f by Pier Angelo Vendrame at 2024-10-21T19:25:08+02:00 Bug 40926: Implemented the New Identity feature - - - - - 841b555b by Henry Wilkes at 2024-10-21T19:25:08+02:00 Bug 41736: Customize toolbar for base-browser. - - - - - 5a2e7786 by Pier Angelo Vendrame at 2024-10-21T19:25:09+02:00 Bug 42027: Base Browser migration procedures. This commit implmenents the the Base Browser's version of _migrateUI. - - - - - 69651b32 by Henry Wilkes at 2024-10-21T19:25:09+02:00 Bug 42583: Modify moz-support-link for Base Browser. - - - - - 08d38e7e by Henry Wilkes at 2024-10-21T19:25:09+02:00 Bug 42347: Add a notification for dropped OS version support. - - - - - 86dabbed by hackademix at 2024-10-21T19:25:09+02:00 Bug 42832: Download spam prevention exemption for browser extensions. - - - - - c07f3047 by Pier Angelo Vendrame at 2024-10-21T19:25:09+02:00 Bug 42467: Make OS HTTP User-Agent OS spoofing configurable by pref This commits makes it possible to disable OS spoofing in the HTTP User-Agent header, to see if matching header and JS property improve usability. - - - - - 30 changed files: - .eslintignore - + .gitlab/issue_templates/Emergency Security Issue.md - + .gitlab/issue_templates/bug.md - + .gitlab/merge_request_templates/default.md - accessible/android/SessionAccessibility.cpp - accessible/android/SessionAccessibility.h - accessible/ipc/DocAccessibleParent.cpp - accessible/ipc/DocAccessibleParent.h - accessible/ipc/moz.build - browser/actors/BrowserTabChild.sys.mjs - − browser/actors/RFPHelperChild.sys.mjs - − browser/actors/RFPHelperParent.sys.mjs - browser/actors/moz.build - browser/app/Makefile.in - browser/app/macbuild/Contents/MacOS-files.in - browser/app/moz.build - browser/app/permissions - + browser/app/profile/001-base-profile.js - browser/app/profile/firefox.js - browser/base/content/aboutDialog-appUpdater.js - browser/base/content/aboutDialog.js - browser/base/content/aboutDialog.xhtml - browser/base/content/appmenu-viewcache.inc.xhtml - browser/base/content/browser-addons.js - browser/base/content/browser-context.inc - browser/base/content/browser-menubar.inc - browser/base/content/browser-safebrowsing.js - browser/base/content/browser-sets.inc - browser/base/content/browser-siteIdentity.js - browser/base/content/browser.css The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/35… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/35… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new branch base-browser-115.17.0esr-13.5-1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new branch base-browser-115.17.0esr-13.5-1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.17.0esr-13.5-1] 218 commits: Bug 1644383 - add mutexs to avoid data race. r=media-playback-reviewers, padenot
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-115.17.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 15e42dc2 by alwu at 2024-10-21T19:20:39+02:00 Bug 1644383 - add mutexs to avoid data race. r=media-playback-reviewers,padenot Differential Revision: https://phabricator.services.mozilla.com/D206943 - - - - - 2fb39426 by Edgar Chen at 2024-10-21T19:20:40+02:00 Bug 1743329 - Handle ESC key to release pointer lock in parent process; r=smaug Differential Revision: https://phabricator.services.mozilla.com/D211621 - - - - - 45a8a295 by Edgar Chen at 2024-10-21T19:20:40+02:00 Bug 1743329 - Release pointer lock when xul popup is open; r=smaug,pbz Differential Revision: https://phabricator.services.mozilla.com/D211620 - - - - - 8e1dc38d by Edgar Chen at 2024-10-21T19:20:40+02:00 Bug 1743329 - Use nsMenuPopupFrame in GetVisiblePopups(); r=smaug Differential Revision: https://phabricator.services.mozilla.com/D211619 A further change was needed in nsCaret.cpp, see https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - - - - - f6424cac by Otto Länd at 2024-10-21T19:20:40+02:00 Bug 1743329: apply code formatting via Lando # ignore-this-changeset - - - - - 69789163 by Anna Weine at 2024-10-21T19:20:41+02:00 Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in params and crv in alg are the same r=keeler https://treeherder.mozilla.org/jobs?repo=try&revision=ed7936b105dea8e58… Differential Revision: https://phabricator.services.mozilla.com/D217273 - - - - - 256a5f5c by Pier Angelo Vendrame at 2024-10-21T19:20:41+02:00 Bug 1787790: Normalize system fonts with RFP on. r=emilio System fonts can leak any user customization of system fonts, or user's locale (e.g., en-US and ja Windows have different system fonts). Also, Linux distributions/desktop environments set default fonts in different ways. Customization can be detected either with font metrics, the font allowed list is not enabled or the font is included in it, or with getComputedStyle, that leaks the name of the font that Firefox tries to apply. This patch try to prevent these leaks by using a generic "sans-serif" for all system fonts, except on macOS, where it uses "-apple-system", and on Android, where these fonts always use Roboto. Differential Revision: https://phabricator.services.mozilla.com/D163576 - - - - - f372515f by Eitan Isaacson at 2024-10-21T19:20:41+02:00 Bug 1819160 - Map Android ids to doc/accessible id pairs. r=Jamie Differential Revision: https://phabricator.services.mozilla.com/D179737 - - - - - 07f4196a by Fatih at 2024-10-21T19:20:41+02:00 Bug 1830629: Remove unnecessary checks for pdf.js for RFP. r=tjr resource:// is exempt from RFP, so we no longer need to check pdf.js specifically. Differential Revision: https://phabricator.services.mozilla.com/D209359 - - - - - c4cfdc82 by Pier Angelo Vendrame at 2024-10-21T19:20:41+02:00 Bug 1832523 - Allow using NSS to sign and verify MAR signatures. r=application-update-reviewers,glandium,bytesized Allow using NSS for checking MAR signatures also in platforms where OS-native APIs are used by default, i.e., macOS and Windows. Differential Revision: https://phabricator.services.mozilla.com/D177743 - - - - - 0a3a9011 by Pier Angelo Vendrame at 2024-10-21T19:20:42+02:00 Bug 1849129: Prevent exceptions caused by extensions from interrupting the SearchService initialization. r=search-reviewers,Standard8 Differential Revision: https://phabricator.services.mozilla.com/D186456 - - - - - a40c23a5 by Emilio Cobos Álvarez at 2024-10-21T19:20:42+02:00 Bug 1853731 - Use html:img for message-bar-icon. r=Gijs,dao,settings-reviewers,desktop-theme-reviewers,sfoster Differential Revision: https://phabricator.services.mozilla.com/D188521 - - - - - e305a97e by Pier Angelo Vendrame at 2024-10-21T19:20:42+02:00 Bug 1854117 - Sort the DLL blocklist flags. r=mossop,win-reviewers,gstoll Differential Revision: https://phabricator.services.mozilla.com/D188716 - - - - - 830f4baa by Eden Chuang at 2024-10-21T19:20:42+02:00 Bug 1738426 - Ignoring status 206 and vary header checking for opaque response in Cache API. r=asuth Differential Revision: https://phabricator.services.mozilla.com/D186431 - - - - - ef97c9fd by edgul at 2024-10-21T19:20:42+02:00 Bug 1802057 - Block the following characters from use in the cookie name in the cookie string: 0x3B (semi-colon), 0x3D (equals), and 0x7F (del) r=dveditz,cookie-reviewers Differential Revision: https://phabricator.services.mozilla.com/D182373 - - - - - c210215c by Kelsey Gilbert at 2024-10-21T19:20:43+02:00 Bug 1819497 - Don't race on static bool for initialization. r=gfx-reviewers,aosmond We could do non-racy static init here (e.g. with a static initializer self-calling-closure), but there doesn't seem to be a strong reason for this. Let's just use a switch and get robustness from -Werror=switch. Differential Revision: https://phabricator.services.mozilla.com/D188054 - - - - - 8ede21fc by Edgar Chen at 2024-10-21T19:20:43+02:00 Bug 1828259 - Close XUL popup when entering/exiting fullscreen; r=smaug Differential Revision: https://phabricator.services.mozilla.com/D209355 - - - - - a48d10d2 by hackademix at 2024-10-21T19:20:43+02:00 Bug 1835987 - Change RFP-spoofed TZ to Atlantic/Reykjavik. r=tjr Atlantic/Reykjavik stays on UTC during all the year, but it is less likely to be blocked than plan UTC. Differential Revision: https://phabricator.services.mozilla.com/D212131 - - - - - 0312764e by edgul at 2024-10-21T19:20:43+02:00 Bug 1879952 - Fix test expectations with samesite=lax turned on r=tschuster Differential Revision: https://phabricator.services.mozilla.com/D201639 - - - - - 8c7c5b87 by edgul at 2024-10-21T19:20:43+02:00 Bug 1844827 - Added checks for sub-document navigations from cross-site to same-site in third-party checks when setting a cookie. r=cookie-reviewers,valentin,bvandersloot a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D204074 - - - - - defb76e0 by Ed at 2024-10-21T19:20:44+02:00 Bug 1844827 - Update the cookie test expectations for iframe samesite r=cookie-reviewers,valentin a=RyanVM Depends on D199770 Differential Revision: https://phabricator.services.mozilla.com/D199772 - - - - - e1dcb5b0 by Mark Banner at 2024-10-21T19:20:44+02:00 Bug 1845752. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D186676 - - - - - f99b92b4 by Pier Angelo Vendrame at 2024-10-21T19:20:44+02:00 Bug 1849186 - Add a preference not to expose the content title in the window title. r=Gijs,tabbrowser-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D190496 - - - - - c843cb7a by Bob Owen at 2024-10-21T19:20:44+02:00 Bug 1850072: Initialize RecordedDrawTargetCreation::mHasExistingData. r=jrmuizel This also specializes ElementStreamFormat for bool. Differential Revision: https://phabricator.services.mozilla.com/D187794 - - - - - a62a9c8b by Malte Juergens at 2024-10-21T19:20:45+02:00 Bug 1850200 - Add delay to HTTPS-Only "Continue to HTTPS Site" button r=freddyb Differential Revision: https://phabricator.services.mozilla.com/D187887 - - - - - 932e9d86 by Henry Wilkes at 2024-10-21T19:20:45+02:00 Bug 1851618 - Allow removing packaged locales from requestedLocales. r=settings-reviewers,eemeli,Gijs We open up the UI to allow the user to remove locales from their requestedLocales list, except for the default locale. Differential Revision: https://phabricator.services.mozilla.com/D209930 - - - - - 10b908b5 by Andreas Pehrson at 2024-10-21T19:20:45+02:00 Bug 1851803 - Introduce SourceMediaTrack::mDirectDisabledMode. r=karlt Similar to MediaTrack::mDisabledMode, but this is for uses on the SourceMediaTrack producer thread. It is still signaled via a control message from the control thread to maintain order of operations, and is protected by the SourceMediaTrack mutex. Differential Revision: https://phabricator.services.mozilla.com/D187554 - - - - - bb4d4ff4 by Pier Angelo Vendrame at 2024-10-21T19:20:45+02:00 Bug 1860020 - Remove the assertion on the value of toolkit.telemetry.enabled. r=KrisWright,chutten Bug 1444275 introduced an assertion on the parent process to check that the value of toolkit.telemetry.enabled is the expected one. However, this expected value could be different from the one set and locked e.g. in some forks. Therefore, the assertion prevented debug builds from working in these cases. Differential Revision: https://phabricator.services.mozilla.com/D195080 - - - - - f1ffff8c by Kagami Sascha Rosylight at 2024-10-21T19:20:45+02:00 Bug 1865238 - Use One UI Sans KR VF for Korean sans-serif font on Android r=jfkthame Per /etc/fonts.xml, there are now only two `<family lang="ko">` nodes there: * OneUISansKRVF series * SECCJK series (but no KR postfix anymore?) This patch uses One UI Sans KR VF as the replacement as this is newer and is a variable font (tested with https://codepen.io/SaschaNaz/pen/ExrdYXJ) Differential Revision: https://phabricator.services.mozilla.com/D195078 - - - - - f1770bf2 by Nuohan Li at 2024-10-21T19:20:46+02:00 Bug 1871109 - generateHash in Manifest.sys.mjs should use sha256 r=peterv, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D204928 - - - - - 6a832628 by Tom Ritter at 2024-10-21T19:20:46+02:00 Bug 1873526: Refactor the restriction override list from a big if statement to a list r=KrisWright Differential Revision: https://phabricator.services.mozilla.com/D198081 - - - - - eeef9257 by Nika Layzell at 2024-10-21T19:20:46+02:00 Bug 1875248 - Check for network error preventing ExternalHelperAppService before DONT_RETARGET, r=smaug This reverts the change from 30cde47f9364e5c7da78fd08fa8ab21737d22399, and instead re-orders the NS_ERROR_FILE_NOT_FOUND check before DONT_RETARGET. Testing suggests that a-download-click-404.html behaviour isn't impacted, and this improves the handling of this edge-case when doing process switching. Differential Revision: https://phabricator.services.mozilla.com/D202007 - - - - - 85f3bae4 by Pier Angelo Vendrame at 2024-10-21T19:20:46+02:00 Bug 1875306 - Localize numbers in the underflow and overflow error messages. r=emilio Differential Revision: https://phabricator.services.mozilla.com/D198965 - - - - - 655cf983 by Pier Angelo Vendrame at 2024-10-21T19:20:46+02:00 Bug 1875313 - Use en-US as a fallback when spoof English is enabled in ICUUtils. r=timhuang,tjr Differential Revision: https://phabricator.services.mozilla.com/D198967 - - - - - 5768df7a by Julian Descottes at 2024-10-21T19:20:47+02:00 Bug 1880374 - Disable DNS prefetching if document nodePrincipal is systemPrincipal r=valentin Differential Revision: https://phabricator.services.mozilla.com/D210830 - - - - - fc2f0f4c by Pier Angelo Vendrame at 2024-10-21T19:20:47+02:00 Bug 1880988 - Apply spoof English to the default detail summary. r=emilio Differential Revision: https://phabricator.services.mozilla.com/D202203 - - - - - 11e3c55d by Nika Layzell at 2024-10-21T19:24:45+02:00 Bug 1881037 - Part 1: Stop showing unknown protocol error pages for web-triggered loads, r=smaug,necko-reviewers,kershaw, a=dsmith Differential Revision: https://phabricator.services.mozilla.com/D217495 - - - - - ae0c1bb5 by Edgar Chen at 2024-10-21T19:24:45+02:00 Bug 1883396 - Exit fullscreen when two Escape keyup events occur in a short time; r=smaug Differential Revision: https://phabricator.services.mozilla.com/D209667 - - - - - a8a015ab by Fatih at 2024-10-21T19:24:45+02:00 Bug 1885101: Match screen and window properties with top window for ScreenRect, ScreenAvailRect and WindowOuterSize. r=timhuang,emilio This patch removes test_iframe.html. We remove it because the newly introduced test covers the tests done in that test. The reason for removing it in the first place is now that screen properties are inherited/spoofed xorigin, we get a 4px difference. The reasosn for 4px difference is the test runner runs tests in an iframe with a 2px border on each side. Differential Revision: https://phabricator.services.mozilla.com/D215509 - - - - - 5aa668b9 by Tom Ritter at 2024-10-21T19:24:45+02:00 Bug 1885258: Hidden fonts should obey the allow list r=jfkthame Differential Revision: https://phabricator.services.mozilla.com/D204571 - - - - - 4d143dec by Andreas Farre at 2024-10-21T19:24:46+02:00 Bug 1886222 - Start reload by calling reload in the parent. r=Gijs,canadahonk,smaug, a=dsmith (esr128->esr115 backport) Differential Revision: https://phabricator.services.mozilla.com/D211519 - - - - - c399c809 by Jonathan Kew at 2024-10-21T19:24:46+02:00 Bug 1886598 - Struct with Pointer member may not be memmove-able. r=gfx-reviewers,lsalzman Differential Revision: https://phabricator.services.mozilla.com/D206633 - - - - - 940b6f1b by Jonathan Kew at 2024-10-21T19:24:46+02:00 Bug 1890204 - Ensure font entry's unitsPerEm and font extents are initialized when gfxFont is created. r=gfx-reviewers,lsalzman This means that by the time we potentially call GetFontExtents() when drawing, the extents fields are guaranteed to have been been initialized, and there's no risk of the (read-only) access here racing with setting them in UnitsPerEm(). Differential Revision: https://phabricator.services.mozilla.com/D206920 - - - - - cbc4e0f1 by Kershaw Chang at 2024-10-21T19:24:46+02:00 Bug 1892449 - Set network.http.digest_auth_cnonce_length to 16, a=dmeehan Apparently, setting this value to 64 breaks some sites. We should use the same length as Chrome. Original Revision: https://phabricator.services.mozilla.com/D208103 Differential Revision: https://phabricator.services.mozilla.com/D208119 - - - - - aa9da3a6 by cypherpunks1 at 2024-10-21T19:24:46+02:00 Bug 1892052 - Do not persist custom network requests on PBM. r=devtools-reviewers,bomsy,nchevobbe Differential Revision: https://phabricator.services.mozilla.com/D207762 - - - - - 06ea7c6a by Jonathan Kew at 2024-10-21T19:24:47+02:00 Bug 1893891 - Clear mSharedBlobData if blob creation failed. a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D208983 Differential Revision: https://phabricator.services.mozilla.com/D209209 - - - - - 310454ed by cypherpunks1 at 2024-10-21T19:24:47+02:00 Bug 1892046 - Add origin attributes to about:reader requests. r=reader-mode-reviewers,cmkm Differential Revision: https://phabricator.services.mozilla.com/D207759 - - - - - c3a99784 by Timothy Nikkel at 2024-10-21T19:24:47+02:00 Bug 1899180. If a channel is not nsIPrivateBrowsingChannel and has no load context, use the private browsing field from it's origin attributes. r=necko-reviewers,anti-tracking-reviewers,valentin If the channel is not a nsIPrivateBrowsingChannel, and it also has no load context (eg inside svg images) then we will over write a non-zero mPrivateBrowsingId on the OriginAttributes of the channel with 0, making NS_UsePrivateBrowsing return false for the channel. Differential Revision: https://phabricator.services.mozilla.com/D212083 - - - - - a0124a74 by Jan de Mooij at 2024-10-21T19:24:47+02:00 Bug 1900523 - Don't use bailout data for JSJitToWasm frames. r=iain Differential Revision: https://phabricator.services.mozilla.com/D212554 - - - - - 420e147e by Jan de Mooij at 2024-10-21T19:24:47+02:00 Bug 1902983 - Don't use bailout data after iterating Wasm frames. a=RyanVM This is similar to bug 1900523, but the fix there was incomplete because the `JSJitToWasm` frame type is only used when we go through the Wasm JIT entry trampoline. Ion can also call Wasm functions directly and in that case the type will be `FrameType::Exit`. Original Revision: https://phabricator.services.mozilla.com/D214098 Differential Revision: https://phabricator.services.mozilla.com/D214375 - - - - - db3f8d1e by Jon Coppeard at 2024-10-21T19:24:48+02:00 Bug 1904011 - Ignore finalized scripts when iterating code covarage tables r=iain Differential Revision: https://phabricator.services.mozilla.com/D214799 - - - - - 12052dfa by Kershaw Chang at 2024-10-21T19:24:48+02:00 Bug 1907726 - Make sure WebTransportSessionProxy::NotifyDatagramReceived is called after OnStopRequest, a=RyanVM The crash occurs because WebTransportSessionProxy::OnDatagramReceivedInternal is called before WebTransportSessionProxy::OnStopRequest. When this happens, WebTransportSessionProxy::mTarget is the main thread, so a task is dispatched to the main thread. This causes WebTransportSessionProxy::NotifyDatagramReceived to be called on the main thread. If WebTransportSessionProxy::NotifyDatagramReceived is invoked while WebTransportSessionProxy::mStopRequestCalled is true, it can lead to OnDatagramReceived being called on the main thread (instead of the socket thread), resulting in a crash. Original Revision: https://phabricator.services.mozilla.com/D220013 Differential Revision: https://phabricator.services.mozilla.com/D221661 - - - - - aea2ea2a by Sam Foster at 2024-10-21T19:24:48+02:00 Bug 1909099 - Always clean up old session restore and sync log files. r=markh,sessionstore-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D217520 - - - - - e42b03cd by Nika Layzell at 2024-10-21T19:24:48+02:00 Bug 1911745 - Unify BrowsingContext flag coherency checks, r=mccr8 Previously these checks were largely diagnostic tools for finding bugs in other code as it evolves. This unifies the checks a bit more and makes them stronger for BrowsingContexts created over IPC, providing a place for more coherency checks to be added in the future. Differential Revision: https://phabricator.services.mozilla.com/D218860 - - - - - 77021b25 by Steve Fink at 2024-10-21T19:24:49+02:00 Bug 1912471 - Disallow deserializing structured clone buffers with transferables more than once r=iain, a=dsmith Differential Revision: https://phabricator.services.mozilla.com/D220644 - - - - - c67ec7dd by Emilio Cobos Álvarez at 2024-10-21T19:24:49+02:00 Bug 1914106 - Deal with insertRule edge-case. r=jwatt a=RyanVM When there's trailing garbage after an @import rule we throw, but we still trigger the load (that's not great but not trivial to change). Deal with that case before calling ImportRuleLoaded(). Differential Revision: https://phabricator.services.mozilla.com/D219783 - - - - - 5cbd4cb6 by André Bargull at 2024-10-21T19:24:49+02:00 Bug 1915249: Add more nodiscard. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D220311 Differential Revision: https://phabricator.services.mozilla.com/D221663 - - - - - e265819d by Paul Zuehlcke at 2024-10-21T19:24:49+02:00 Bug 1916659, a=diannaS Original Revision: https://phabricator.services.mozilla.com/D222629 Differential Revision: https://phabricator.services.mozilla.com/D222934 - - - - - 92c9fcda by Henry Wilkes at 2024-10-21T19:24:49+02:00 Bug 41454: Move focus after calling openPreferences for a sub-category. Temporary fix until mozilla bug 1799153 gets a patch upstream. - - - - - d657ae62 by hackademix at 2024-10-21T19:24:50+02:00 Bug 42194: Fix blank net error page on failed DNS resolution with active proxy. - - - - - d6c1dc01 by Henry Wilkes at 2024-10-21T19:24:50+02:00 Bug 41483: Remove the firefox override for appstrings.properties Remove this patch after upstream bugzilla bug 1790187 - - - - - 0d65a480 by Marco Simonelli at 2024-10-21T19:24:50+02:00 Bug 41459: WebRTC fails to build under mingw (Part 1) - properly define NOMINMAX for just MSVC builds - - - - - 38409e5b by Marco Simonelli at 2024-10-21T19:24:50+02:00 Bug 41459: WebRTC fails to build under mingw (Part 2) - fixes required to build third_party/libwebrtc - - - - - 31afb04d by Marco Simonelli at 2024-10-21T19:24:50+02:00 Bug 41459: WebRTC fails to build under mingw (Part 3) - fixes required to build third_party/sipcc - - - - - 3a19fff3 by Marco Simonelli at 2024-10-21T19:24:51+02:00 Bug 41459: WebRTC fails to build under mingw (Part 4) - fixes requried to build netwerk/sctp - - - - - c6e8edd7 by Marco Simonelli at 2024-10-21T19:24:51+02:00 Bug 41459: WebRTC fails to build under mingw (Part 5) - fixes required to build dom/media/webrtc - - - - - 23eb92a3 by Marco Simonelli at 2024-10-21T19:24:51+02:00 Bug 41459: WebRTC fails to build under mingw (Part 6) - fixes required to build dom/media/systemservices - - - - - 1ade3e05 by hackademix at 2024-10-21T19:24:51+02:00 Bug 41854: Allow overriding download spam protection. - - - - - ffa20eee by hackademix at 2024-10-21T19:24:51+02:00 Bug 42835: Create an actor to filter file data transfers - - - - - 93ac479d by Gaba at 2024-10-21T19:24:52+02:00 Adding issue and merge request templates - - - - - 7630bc80 by Pier Angelo Vendrame at 2024-10-21T19:24:52+02:00 Base Browser's .mozconfigs. Bug 17858: Cannot create incremental MARs for hardened builds. Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff (which is part of mar-tools and is not distributed to end-users) with ASan. Bug 21849: Don't allow SSL key logging. Bug 25741 - TBA: Disable features at compile-time Define MOZ_ANDROID_NETWORK_STATE and MOZ_ANDROID_LOCATION Bug 27623 - Export MOZILLA_OFFICIAL during desktop builds This fixes a problem where some preferences had the wrong default value. Also see bug 27472 where we made a similar fix for Android. Bug 29859: Disable HLS support for now Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT Bug 33734: Set MOZ_NORMANDY to False Bug 33851: Omit Parental Controls. Bug 40252: Add --enable-rust-simd to our tor-browser mozconfig files Bug 41584: Move some configuration options to base-browser level - - - - - 305a8962 by Pier Angelo Vendrame at 2024-10-21T19:24:52+02:00 Tweaks to the build system Bug 40857: Modified the fat .aar creation file This is a workaround to build fat .aars with the compiling enviornment disabled. Mozilla does not use a similar configuration, but either runs a Firefox build and discards its output, or uses artifacts build. We might switch to artifact builds too, and drop this patch, or write a better one to upstream. But until then we need this patch. See also https://bugzilla.mozilla.org/show_bug.cgi?id=1763770. Bug 41458: Prevent `mach package-multi-locale` from actually creating a package macOS builds need some files to be moved around with ./mach package-multi-locale to create multi-locale packages. The required command isn't exposed through any other mach command. So, we patch package-multi-locale both to prevent it from failing when doing official builds and to detect any future changes on it. - - - - - 3b0529d1 by Pier Angelo Vendrame at 2024-10-21T19:24:52+02:00 Bug 41108: Remove privileged macOS installation from 102 - - - - - dc226763 by Dan Ballard at 2024-10-21T19:24:52+02:00 Bug 41149: Re-enable DLL injection protection in all builds not just nightlies - - - - - 575c519d by Matthew Finkel at 2024-10-21T19:24:53+02:00 Bug 24796: Comment out excess permissions from GeckoView The GeckoView AndroidManifest.xml is not preprocessed unlike Fennec's manifest, so we can't use the ifdef preprocessor guards around the permissions we do not want. Commenting the permissions is the next-best-thing. - - - - - 6eea9a35 by Matthew Finkel at 2024-10-21T19:24:53+02:00 Bug 28125: Prevent non-Necko network connections - - - - - 8b174219 by Mike Perry at 2024-10-21T19:24:53+02:00 Bug 12974: Disable NTLM and Negotiate HTTP Auth The Mozilla bugs: https://bugzilla.mozilla.org/show_bug.cgi?id=1046421, https://bugzilla.mozilla.org/show_bug.cgi?id=1261591, tor-browser#27602 - - - - - 3883b709 by Alex Catarineu at 2024-10-21T19:24:53+02:00 Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1768899 - - - - - 30b2a38d by Georg Koppen at 2024-10-21T19:24:54+02:00 Bug 16285: Exclude ClearKey system for now In the past the ClearKey system had not been compiled when specifying --disable-eme. But that changed and it is even bundled nowadays (see: Mozilla's bug 1300654). We don't want to ship it right now as the use case for it is not really visible while the code had security vulnerabilities in the past. - - - - - 400cc0bf by Kathy Brade at 2024-10-21T19:24:54+02:00 Bug 21431: Clean-up system extensions shipped in Firefox Only ship the pdfjs extension. - - - - - c17e6c4a by Kathy Brade at 2024-10-21T19:24:54+02:00 Bug 33852: Clean up about:logins (LockWise) to avoid mentioning sync, etc. Hide elements on about:logins that mention sync, "Firefox LockWise", and Mozilla's LockWise mobile apps. Disable the "Create New Login" button when security.nocertdb is true. - - - - - 6a01ff12 by Alex Catarineu at 2024-10-21T19:24:54+02:00 Bug 41457: Remove Mozilla permissions Bug 40025: Remove Mozilla add-on install permissions - - - - - 423fe880 by Kathy Brade at 2024-10-21T19:24:54+02:00 Bug 40002: Remove about:ion Firefox Ion (previously Firefox Pioneer) is an opt-in program in which people volunteer to participate in studies that collect detailed, sensitive data about how they use their browser. Bug 41662: Disable about:sync-logs Even though we disable sync by default with `identity.fxaccounts.enabled`, this about: page is still avilable. We could throw an exception on the constructor of the related component, but it would result only in an error in the console, without a visible "this address does not look right" error page. If we fix the issues with MOZ_SERVICES_SYNC, we can restore the component. - - - - - b83ac777 by Arthur Edelstein at 2024-10-21T19:24:55+02:00 Bug 26353: Prevent speculative connect that violated FPI. Connections were observed in the catch-all circuit when the user entered an https or http URL in the URL bar, or typed a search term. - - - - - 5eb344bb by Alex Catarineu at 2024-10-21T19:24:55+02:00 Bug 31740: Remove some unnecessary RemoteSettings instances More concretely, SearchService.jsm 'hijack-blocklists' and url-classifier-skip-urls. Avoid creating instance for 'anti-tracking-url-decoration'. If prefs are disabling their usage, avoid creating instances for 'cert-revocations' and 'intermediates'. Do not ship JSON dumps for collections we do not expect to need. For the ones in the 'main' bucket, this prevents them from being synced unnecessarily (the code in remote-settings does so for collections in the main bucket for which a dump or local data exists). For the collections in the other buckets, we just save some size by not shipping their dumps. We also clear the collections database on the v2 -> v3 migration. - - - - - e3aeadb8 by cypherpunks1 at 2024-10-21T19:24:55+02:00 Bug 41092: Add a RemoteSettings JSON dump for query-stripping - - - - - d7e810b5 by Pier Angelo Vendrame at 2024-10-21T19:24:55+02:00 Bug 41635: Disable the Normandy component Do not include Normandy at all whenever MOZ_NORMANDY is False. - - - - - 4911d42b by Georg Koppen at 2024-10-21T19:24:55+02:00 Bug 30541: Disable WebGL readPixel() for web content Related Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1428034 - - - - - d4d2011e by Alex Catarineu at 2024-10-21T19:24:56+02:00 Bug 28369: Stop shipping pingsender executable - - - - - e1645e96 by cypherpunks1 at 2024-10-21T19:24:56+02:00 Bug 41568: Disable LaterRun - - - - - d7a44b7f by cypherpunks1 at 2024-10-21T19:24:56+02:00 Bug 40717: Hide Windows SSO in settings - - - - - 7876ccf2 by Pier Angelo Vendrame at 2024-10-21T19:24:56+02:00 Bug 41599: Always return an empty string as network ID Firefox computes an internal network ID used to detect network changes and act consequently (e.g., to improve WebSocket UX). However, there are a few ways to get this internal network ID, so we patch them out, to be sure any new code will not be able to use them and possibly link users. We also sent a patch to Mozilla to seed the internal network ID, to prevent any accidental leak in the future. Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1817756 - - - - - 74d23166 by Richard Pospesel at 2024-10-21T19:24:56+02:00 Bug 41327: Disable UrlbarProviderInterventions - - - - - d73f257d by Richard Pospesel at 2024-10-21T19:24:57+02:00 Bug 42037: Disable about:firefoxview page - - - - - f0512bb8 by Mike Perry at 2024-10-21T19:24:57+02:00 Firefox preference overrides. This hack directly includes our preference changes in omni.ja. Bug 18292: Staged updates fail on Windows Temporarily disable staged updates on Windows. Bug 18297: Use separate Noto JP,KR,SC,TC fonts Bug 23404: Add Noto Sans Buginese to the macOS whitelist Bug 23745: Set dom.indexedDB.enabled = true Bug 13575: Disable randomised Firefox HTTP cache decay user tests. (Fernando Fernandez Mancera <ffmancera(a)riseup.net>) Bug 17252: Enable session identifiers with FPI Session tickets and session identifiers were isolated by OriginAttributes, so we can re-enable them by allowing the default value (true) of "security.ssl.disable_session_identifiers". The pref "security.enable_tls_session_tickets" is obsolete (removed in https://bugzilla.mozilla.org/917049) Bug 14952: Enable http/2 and AltSvc In Firefox, SPDY/HTTP2 now uses Origin Attributes for isolation of connections, push streams, origin frames, etc. That means we get first-party isolation provided "privacy.firstparty.isolate" is true. So in this patch, we stop overriding "network.http.spdy.enabled" and "network.http.spdy.enabled.http2". Alternate Services also use Origin Attributes for isolation. So we stop overriding "network.http.altsvc.enabled" and "network.http.altsvc.oe" as well. (All 4 of the abovementioned "network.http.*" prefs adopt Firefox 60ESR's default value of true.) However, we want to disable HTTP/2 push for now, so we set "network.http.spdy.allow-push" to false. "network.http.spdy.enabled.http2draft" was removed in Bug 1132357. "network.http.sped.enabled.v2" was removed in Bug 912550. "network.http.sped.enabled.v3" was removed in Bug 1097944. "network.http.sped.enabled.v3-1" was removed in Bug 1248197. Bug 26114: addons.mozilla.org is not special * Don't expose navigator.mozAddonManager on any site * Don't block NoScript from modifying addons.mozilla.org or other sites Enable ReaderView mode again (#27281). Bug 29916: Make sure enterprise policies are disabled Bug 2874: Block Components.interfaces from content Bug 26146: Spoof HTTP User-Agent header for desktop platforms In Tor Browser 8.0, the OS was revealed in both the HTTP User-Agent header and to JavaScript code via navigator.userAgent. To avoid leaking the OS inside each HTTP request (which many web servers log), always use the Windows 7 OS value in the desktop User-Agent header. We continue to allow access to the actual OS via JavaScript, since doing so improves compatibility with web applications such as GitHub and Google Docs. Bug 12885: Windows Jump Lists fail for Tor Browser Jumplist entries are stored in a binary file in: %APPDATA%\\Microsoft\Windows\Recent\CustomDestinations\ and has a name in the form [a-f0-9]+.customDestinations-ms The hex at the front is unique per app, and is ultimately derived from something called the 'App User Model ID' (AUMID) via some unknown hashing method. The AUMID is provided as a key when programmatically creating, updating, and deleting a jumplist. The default behaviour in firefox is for the installer to define an AUMID for an app, and save it in the registry so that the jumplist data can be removed by the uninstaller. However, the Tor Browser does not set this (or any other) regkey during installation, so this codepath fails and the app's AUMID is left undefined. As a result the app's AUMID ends up being defined by windows, but unknowable by Tor Browser. This unknown AUMID is used to create and modify the jumplist, but the delete API requires that we provide the app's AUMID explicitly. Since we don't know what the AUMID is (since the expected regkey where it is normally stored does not exist) jumplist deletion will fail and we will leave behind a mostly empty customDestinations-ms file. The name of the file is derived from the binary path, so an enterprising person could reverse engineer how that hex name is calculated, and generate the name for Tor Browser's default Desktop installation path to determine whether a person had used Tor Browser in the past. The 'taskbar.grouping.useprofile' option that is enabled by this patch works around this AUMID problem by having firefox.exe create it's own AUMID based on the profile path (rather than looking for a regkey). This way, if a user goes in and enables and disables jumplist entries, the backing store is properly deleted. Unfortunately, all windows users currently have this file lurking in the above mentioned directory and this patch will not remove it since it was created with an unknown AUMID. However, another patch could be written which goes to that directory and deletes any item containing the 'Tor Browser' string. See bug 28996. Bug 30845: Make sure default themes and other internal extensions are enabled Bug 28896: Enable extensions in private browsing by default Bug 31065: Explicitly allow proxying localhost Bug 31598: Enable letterboxing Disable Presentation API everywhere Bug 21549 - Use Firefox's WASM default pref. It is disabled at safer security levels. Bug 32321: Disable Mozilla's MitM pings Bug 19890: Disable installation of system addons By setting the URL to "" we make sure that already installed system addons get deleted as well. Bug 22548: Firefox downgrades VP9 videos to VP8. On systems where H.264 is not available or no HWA, VP9 is preferred. But in Tor Browser 7.0 all youtube videos are degraded to VP8. This behaviour can be turned off by setting media.benchmark.vp9.threshold to 0. All clients will get better experience and lower traffic, beause TBB doesn't use "Use hardware acceleration when available". Bug 25741 - TBA: Add mobile-override of 000-tor-browser prefs Bug 16441: Suppress "Reset Tor Browser" prompt. Bug 29120: Use the in-memory media cache and increase its maximum size. Bug 33697: use old search config based on list.json Bug 33855: Ensure that site-specific browser mode is disabled. Bug 30682: Disable Intermediate CA Preloading. Bug 40061: Omit the Windows default browser agent from the build Bug 40322: Consider disabling network.connectivity-service.enabled Bug 40408: Disallow SVG Context Paint in all web content Bug 40308: Disable network partitioning until we evaluate dFPI Bug 40322: Consider disabling network.connectivity-service.enabled Bug 40383: Disable dom.enable_event_timing Bug 40423: Disable http/3 Bug 40177: Update prefs for Fx91esr Bug 40700: Disable addons and features recommendations Bug 40682: Disable network.proxy.allow_bypass Bug 40736: Disable third-party cookies in PBM Bug 19850: Enabled HTTPS-Only by default Bug 40912: Hide the screenshot menu Bug 41292: Disable moreFromMozilla in preferences page Bug 40057: Ensure the CSS4 system colors are not a fingerprinting vector Bug 24686: Set network.http.tailing.enabled to true Bug 40183: Disable TLS ciphersuites using SHA-1 Bug 40783: Review 000-tor-browser.js and 001-base-profile.js for 102 We reviewed all the preferences we set for 102, and remove a few old ones. See the description of that issue to see all the preferences we believed were still valid for 102, and some brief description for the reasons to keep them. - - - - - 39aa6950 by hackademix at 2024-10-21T19:24:57+02:00 fixup! Firefox preference overrides. MB361: Disable only cyphersuites using SH1 for signing (ECDSA). - - - - - ddd07850 by Pier Angelo Vendrame at 2024-10-21T19:24:57+02:00 Bug 41043: Hardcode the UI font on Linux The mechanism to choose the UI font does not play well with our fontconfig configuration. As a result, the final criterion to choose the font for the UI was its version. Since we hardcode Arimo as a default sans-serif on preferences, we use it also for the UI. FontConfig will fall back to some other font for scripts Arimo does not cover as expected (we tested with Japanese). - - - - - 8ea8fcc9 by Pier Angelo Vendrame at 2024-10-21T19:24:57+02:00 Bug 41901: Hardcode normalized FontSubstitutes. Windows has a system to set font aliases through the registry. This allows some customization that could be used as a fingerprinting vector. Moreover, this mechanism is used by Windows itself, and different SKUs might have different default FontSubstitutes. - - - - - 467bc60a by Alex Catarineu at 2024-10-21T19:24:58+02:00 Bug 30605: Honor privacy.spoof_english in Android This checks `privacy.spoof_english` whenever `setLocales` is called from Fenix side and sets `intl.accept_languages` accordingly. Bug 40198: Expose privacy.spoof_english pref in GeckoView - - - - - 14c09a65 by Pier Angelo Vendrame at 2024-10-21T19:24:58+02:00 Bug 42562: Normalized the Accepted Languages on Android. The OS language might be outside the list of actually supported languages and it might leak the user's region. Therefore, we force the locale reported in Accept-Language to match one we support with translations, even when it means using a not exact region tag. - - - - - 5c376262 by Alex Catarineu at 2024-10-21T19:24:58+02:00 Bug 40171: Make WebRequest and GeckoWebExecutor First-Party aware - - - - - 79a2cb0b by Alex Catarineu at 2024-10-21T19:24:58+02:00 Bug 26345: Hide tracking protection UI - - - - - 5d7a8b45 by Pier Angelo Vendrame at 2024-10-21T19:24:59+02:00 Bug 9173: Change the default Firefox profile directory to be relative. This commit makes Firefox look for the default profile directory in a directory relative to the binary path. The directory can be specified through the --with-relative-data-dir. This is relative to the same directory as the firefox main binary for Linux and Windows. On macOS, we remove Contents/MacOS from it. Or, in other words, the directory is relative to the application bundle. This behavior can be overriden at runtime, by placing a file called system-install adjacent to the firefox main binary (also on macOS). - - - - - daa2e752 by Alex Catarineu at 2024-10-21T19:24:59+02:00 Bug 27604: Fix addon issues when moving the profile directory Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1429838 - - - - - d5d736d1 by Mike Perry at 2024-10-21T19:24:59+02:00 Bug 13028: Prevent potential proxy bypass cases. It looks like these cases should only be invoked in the NSS command line tools, and not the browser, but I decided to patch them anyway because there literally is a maze of network function pointers being passed around, and it's very hard to tell if some random code might not pass in the proper proxied versions of the networking code here by accident. Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1433509 - - - - - 4053744c by Pier Angelo Vendrame at 2024-10-21T19:24:59+02:00 Bug 40309: Avoid using regional OS locales Avoid regional OS locales if the pref `intl.regional_prefs.use_os_locales` is false but RFP is enabled. - - - - - 1e8f584a by Matthew Finkel at 2024-10-21T19:24:59+02:00 Bug 40432: Prevent probing installed applications Bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1711084 - - - - - 12f36478 by cypherpunks1 at 2024-10-21T19:25:00+02:00 Bug 33955: When copying an image only copy the image contents to the clipboard - - - - - 85ded2f2 by cypherpunks1 at 2024-10-21T19:25:00+02:00 Bug 41791: Omit the source URL when copying page contents to the clipboard - - - - - ad09f7a0 by hackademix at 2024-10-21T19:25:00+02:00 Bug 42288: Allow language spoofing in status messages. - - - - - 72644e77 by Richard Pospesel at 2024-10-21T19:25:00+02:00 Bug 41659: Add canonical color definitions to base-browser - - - - - dcb1e5c4 by Pier Angelo Vendrame at 2024-10-21T19:25:00+02:00 Base Browser strings This commit adds all the strings needed by following Base Browser patches. - - - - - 197bab6d by Pier Angelo Vendrame at 2024-10-21T19:25:01+02:00 Bug 41369: Improve Firefox language settings for multi-lingual packages Change the language selector to be sorted by language code, rather than name, and to display the language code to the user. Bug 41372: Handle Japanese as a special case in preferences on macOS Japanese is treated in a special way on macOS. However, seeing the Japanese language tag could be confusing for users, and moreover the language name is not localized correctly like other langs. Bug 41378: Tell users that they can change their language at the first start With multi-lingual builds, Tor Browser matches the user's system language, but some users might want to change it. So, we tell them that it is possible, but only once. - - - - - 0dfa3209 by p13dz at 2024-10-21T19:25:01+02:00 Bug 40283: Workaround for the file upload bug - - - - - 45d937ec by Arthur Edelstein at 2024-10-21T19:25:01+02:00 Bug 18905: Hide unwanted items from help menu Bug 25660: Remove the "New Private Window" option - - - - - d13be5f6 by Pier Angelo Vendrame at 2024-10-21T19:25:01+02:00 Bug 41739: Remove "Website appearance" from about:preferences. It is ignored because of RFP and it is confusing for users. - - - - - 8efe9e13 by hackademix at 2024-10-21T19:25:01+02:00 Bug 42019: Empty browser's clipboard on browser shutdown - - - - - a9063258 by hackademix at 2024-10-21T19:25:02+02:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 43209: Check if any data is available before trying to retrieve it from the clipboard. - - - - - 4d813266 by hackademix at 2024-10-21T19:25:02+02:00 Bug 42084: Ensure English spoofing works even if preferences are set out of order. - - - - - 34e4b2f3 by Pier Angelo Vendrame at 2024-10-21T19:25:02+02:00 Bug 41930: Remove the UI to customize accept_languages. - - - - - 23e2b0c5 by Pier Angelo Vendrame at 2024-10-21T19:25:02+02:00 Bug 42376: Pass the locale list when constructing l10n in datetimebox The datetime input is inconsistent with other inputs when using spoof English: its placeholder is not translated, unlike the default values and texts of all the other inputs. - - - - - 8ca163fd by Pier Angelo Vendrame at 2024-10-21T19:25:02+02:00 Bug 42428: Make RFP spoof the timezone of document.lastModified. - - - - - ffede0aa by Pier Angelo Vendrame at 2024-10-21T19:25:03+02:00 Bug 42472: Spoof timezone in XSLT. - - - - - 5d983815 by hackademix at 2024-10-21T19:25:03+02:00 Bug 41434: Letterboxing, preemptively apply margins in a global CSS rule to mitigate race conditions on newly created windows and tabs. - - - - - 875ed88f by hackademix at 2024-10-21T19:25:03+02:00 Bug 41434: Letterboxing, improve logging. - - - - - 39df1548 by hackademix at 2024-10-21T19:25:03+02:00 Bug 31064: Letterboxing, exempt browser extensions. - - - - - 1bf8c959 by hackademix at 2024-10-21T19:25:04+02:00 Bug 32411: Letterboxing, exempt view-source: URIs. - - - - - 8be9c6e6 by hackademix at 2024-10-21T19:25:04+02:00 Bug 42574: Letterboxing, exempt pdf.js. - - - - - 6850b28c by hackademix at 2024-10-21T19:25:04+02:00 Bug 32308: Use direct browser sizing for letterboxing. Bug 30556: align letterboxing with 200x100 new win width stepping - - - - - 17803ad5 by hackademix at 2024-10-21T19:25:04+02:00 Bug 41631: Prevent weird initial window dimensions caused by subpixel computations - - - - - b5b74738 by hackademix at 2024-10-21T19:25:04+02:00 Bug 41918: Option to reuse last window size when letterboxing is enabled. - - - - - 62d5b9a5 by hackademix at 2024-10-21T19:25:05+02:00 Bug 41916: Letterboxing preferences UI - - - - - da24d7f2 by hackademix at 2024-10-21T19:25:05+02:00 Bug 41695: Warn on window maximization without letterboxing in RFPHelper module - - - - - f8c2c09c by hackademix at 2024-10-21T19:25:05+02:00 Bug 42443: Shrink window to match letterboxing size when the emtpy area is clicked. - - - - - e8721bd0 by Henry Wilkes at 2024-10-21T19:25:05+02:00 Bug 42528: Don't leak system scrollbar size on windows. - - - - - 1d9927ec by Henry Wilkes at 2024-10-21T19:25:05+02:00 Bug 31575: Disable Firefox Home (Activity Stream) Treat about:blank as the default home page and new tab page. Avoid loading AboutNewTab in BrowserGlue.sys.mjs in order to avoid several network requests that we do not need. Bug 41624: Disable about:pocket-* pages. Bug 40144: Redirect about:privatebrowsing to the user's home - - - - - 1bf01d0d by Kathy Brade at 2024-10-21T19:25:06+02:00 Bug 4234: Use the Firefox Update Process for Base Browser. Windows: disable "runas" code path in updater (15201). Windows: avoid writing to the registry (16236). Also includes fixes for tickets 13047, 13301, 13356, 13594, 15406, 16014, 16909, 24476, and 25909. Also fix bug 27221: purge the startup cache if the Base Browser version changed (even if the Firefox version and build ID did not change), e.g., after a minor Base Browser update. Also fix 32616: Disable GetSecureOutputDirectoryPath() functionality. Bug 26048: potentially confusing "restart to update" message Within the update doorhanger, remove the misleading message that mentions that windows will be restored after an update is applied, and replace the "Restart and Restore" button label with an existing "Restart to update Tor Browser" string. Bug 28885: notify users that update is downloading Add a "Downloading Base Browser update" item which appears in the hamburger (app) menu while the update service is downloading a MAR file. Before this change, the browser did not indicate to the user that an update was in progress, which is especially confusing in Tor Browser because downloads often take some time. If the user clicks on the new menu item, the about dialog is opened to allow the user to see download progress. As part of this fix, the update service was changed to always show update-related messages in the hamburger menu, even if the update was started in the foreground via the about dialog or via the "Check for Tor Browser Update" toolbar menu item. This change is consistent with the Tor Browser goal of making sure users are informed about the update process. Removed #28885 parts of this patch which have been uplifted to Firefox. - - - - - 0807d898 by Pier Angelo Vendrame at 2024-10-21T19:25:06+02:00 fixup! Bug 4234: Use the Firefox Update Process for Base Browser. Bug 42747: Discard unsupported updates earlier. Firefox's updater has a function to select updates, which checks mainly the version number. Therefore, a more recent update that is unsupported will be chosen over a compatible one. We patch this to be able to provide an alternative update path to Windows 7. - - - - - bd0e929f by Pier Angelo Vendrame at 2024-10-21T19:25:06+02:00 Bug 42061: Create an alpha update channel. - - - - - e432a6eb by Nicolas Vigier at 2024-10-21T19:25:06+02:00 Bug 41682: Add base-browser nightly mar signing key - - - - - 120ba80c by Pier Angelo Vendrame at 2024-10-21T19:25:07+02:00 Bug 41603: Customize the creation of MOZ_SOURCE_URL MOZ_SOURCE_URL is created by combining MOZ_SOURCE_REPO and MOZ_SOURCE_CHANGESET. But the code takes for granted that it refers to a Hg instance, so it combines them as `$MOZ_SOURCE_REPO/rev/$MOZ_SOURCE_CHANGESET`. With this commit, we change this logic to combine them to create a URL that is valid for GitLab. $MOZ_SOURCE_CHANGESET needs to be a commit hash, not a branch or a tag. If that is needed, we could use /-/tree/, instead of /-/commit/. - - - - - b9909d3b by Pier Angelo Vendrame at 2024-10-21T19:25:07+02:00 Bug 41698: Reword the recommendation badges in about:addons Firefox strings use { -brand-product-name }. As a result, it seems that the fork is recommending extensions, whereas AMO curators are doing that. So, we replace the strings with custom ones that clarify that Mozilla is recommending them. We assign the strings with JS because our translation backend does not support Fluent attributes, yet, but once it does, we should switch to them, instead. Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1825033 - - - - - 39a3cb81 by Pier Angelo Vendrame at 2024-10-21T19:25:07+02:00 Bug 42438: Tweaks to the migration wizard. Remove the items not compatible with our features (such as history) from the migration wizard. On Linux, allow to specify an alternative home directory, since we usually change $HOME in our startup script. - - - - - 9e928583 by Alex Catarineu at 2024-10-21T19:25:07+02:00 Bug 40069: Add helpers for message passing with extensions - - - - - 168c25bb by Matthew Finkel at 2024-10-21T19:25:07+02:00 Bug 41598: Prevent NoScript from being removed/disabled. Bug 40253: Explicitly allow NoScript in Private Browsing mode. - - - - - 9edc1d32 by Henry Wilkes at 2024-10-21T19:25:08+02:00 Bug 41736: Hide NoScript extension's toolbar button by default. This hides it from both the toolbar and the unified extensions panel. We also hide the unified-extension-button if the panel would be empty: not including the NoScript button when it is hidden. As a result, this will be hidden by default until a user installs another extension (or shows the NoScript button and unpins it). - - - - - fbd763f5 by hackademix at 2024-10-21T19:25:08+02:00 Bug 41834: Hide "Can't Be Removed - learn more" menu line for uninstallable add-ons - - - - - 4bbb885b by Pier Angelo Vendrame at 2024-10-21T19:25:08+02:00 Bug 40925: Implemented the Security Level component This component adds a new Security Level toolbar button which visually indicates the current global security level via icon (as defined by the extensions.torbutton.security_slider pref), a drop-down hanger with a short description of the current security level, and a new section in the about:preferences#privacy page where users can change their current security level. In addition, the hanger and the preferences page will show a visual warning when the user has modified prefs associated with the security level and provide a one-click 'Restore Defaults' button to get the user back on recommended settings. Bug 40125: Expose Security Level pref in GeckoView - - - - - 4e28af5f by Pier Angelo Vendrame at 2024-10-21T19:25:08+02:00 Bug 40926: Implemented the New Identity feature - - - - - 841b555b by Henry Wilkes at 2024-10-21T19:25:08+02:00 Bug 41736: Customize toolbar for base-browser. - - - - - 5a2e7786 by Pier Angelo Vendrame at 2024-10-21T19:25:09+02:00 Bug 42027: Base Browser migration procedures. This commit implmenents the the Base Browser's version of _migrateUI. - - - - - 69651b32 by Henry Wilkes at 2024-10-21T19:25:09+02:00 Bug 42583: Modify moz-support-link for Base Browser. - - - - - 08d38e7e by Henry Wilkes at 2024-10-21T19:25:09+02:00 Bug 42347: Add a notification for dropped OS version support. - - - - - 86dabbed by hackademix at 2024-10-21T19:25:09+02:00 Bug 42832: Download spam prevention exemption for browser extensions. - - - - - c07f3047 by Pier Angelo Vendrame at 2024-10-21T19:25:09+02:00 Bug 42467: Make OS HTTP User-Agent OS spoofing configurable by pref This commits makes it possible to disable OS spoofing in the HTTP User-Agent header, to see if matching header and JS property improve usability. - - - - - b481d201 by Henry Wilkes at 2024-10-21T19:31:15+02:00 Bug 42308: Create README for tor-browser. We drop the README.txt that comes from Mozilla Firefox and add README.md for tor-browser. - - - - - 04118a85 by Richard Pospesel at 2024-10-21T19:31:15+02:00 Bug 41649: Create rebase and security backport gitlab issue templates - - - - - 8b7855e2 by Beatriz Rizental at 2024-10-21T19:31:15+02:00 Add CI for Tor Browser - - - - - 155b360c by Richard Pospesel at 2024-10-21T19:31:15+02:00 Bug 41089: Add tor-browser build scripts + Makefile to tor-browser - - - - - 2d5e9de9 by Henry Wilkes at 2024-10-21T19:31:15+02:00 Bug 41803: Add some developer tools for working on tor-browser. - - - - - 370eea58 by Kathy Brade at 2024-10-21T19:31:16+02:00 Bug 11641: Disable remoting by default. Unless the -osint command line flag is used, the browser now defaults to the equivalent of -no-remote. There is a new -allow-remote flag that may be used to restore the original (Firefox-like) default behavior. - - - - - bd865126 by Alex Catarineu at 2024-10-21T19:31:16+02:00 Add TorStrings module for localization - - - - - bb2a4991 by Henry Wilkes at 2024-10-21T19:31:46+02:00 Tor Browser strings This commit adds all the strings needed for Tor Browser patches. - - - - - 6258013c by Henry Wilkes at 2024-10-21T19:31:46+02:00 Tor Browser localization migration scripts. - - - - - 2bf720d1 by Henry Wilkes at 2024-10-21T19:31:47+02:00 Bug 42305: Add script to combine translation files across versions. - - - - - 775ce552 by Mike Perry at 2024-10-21T19:31:47+02:00 Bug 2176: Rebrand Firefox to TorBrowser See also Bugs #5194, #7187, #8115, #8219. This patch does some basic renaming of Firefox to TorBrowser. The rest of the branding is done by images and icons. Also fix bug 27905. Bug 25702: Update Tor Browser icon to follow design guidelines - Updated all of the branding in /browser/branding/official with new 'stable' icon series. - Updated /extensions/onboarding/content/img/tor-watermark.png with new icon and add the source svg in the same directory - Copied /browser/branding/official over /browser/branding/nightly and the new /browser/branding/alpha directories. Replaced content with 'nightly' and 'alpha' icon series. Updated VisualElements_70.png and VisualElements_150.png with updated icons in each branding directory (fixes #22654) - Updated firefox.VisualElementsManfiest.xml with updated colors in each branding directory - Added firefox.svg to each branding directory from which all the other icons are derived (apart from document.icns and document.ico) - Added default256.png and default512.png icons - Updated aboutTBUpdate.css to point to branding-aware icon128.png and removed original icon - Use the Tor Browser icon within devtools/client/themes/images/. Bug 30631: Blurry Tor Browser icon on macOS app switcher It would seem the png2icns tool does not generate correct icns files and so on macOS the larger icons were missing resulting in blurry icons in the OS chrome. Regenerated the padded icons in a macOS VM using iconutil. Bug 28196: preparations for using torbutton tor-browser-brand.ftl A small change to Fluent FileSource class is required so that we can register a new source without its supported locales being counted as available locales for the browser. Bug 31803: Replaced about:debugging logo with flat version Bug 21724: Make Firefox and Tor Browser distinct macOS apps When macOS opens a document or selects a default browser, it sometimes uses the CFBundleSignature. Changing from the Firefox MOZB signature to a different signature TORB allows macOS to distinguish between Firefox and Tor Browser. Bug 32092: Fix Tor Browser Support link in preferences For bug 40562, we moved onionPattern* from bug 27476 to here, as about:tor needs these files but it is included earlier. Bug 41278: Create Tor Browser styled pdf logo similar to the vanilla Firefox one Bug 42088: New application icons (used in-app and on linux). Bug 42087: New application icons (windows). - - - - - 8b38b1a1 by Henry Wilkes at 2024-10-21T19:31:47+02:00 Bug 42583: Modify moz-support-link for Tor Browser. - - - - - 0f2d443b by hackademix at 2024-10-21T19:31:47+02:00 Bug 41917: Tor brand-specific styles. - - - - - 034bd451 by Henry Wilkes at 2024-10-21T19:31:47+02:00 Add purple tor version of the loading APNG. - - - - - ae499b11 by sanketh at 2024-10-21T19:31:48+02:00 Bug 40209: Implement Basic Crypto Safety Adds a CryptoSafety actor which detects when you've copied a crypto address from a HTTP webpage and shows a warning. Closes #40209. Bug 40428: Fix string attribute names - - - - - 9366190b by Mike Perry at 2024-10-21T19:31:48+02:00 TB3: Tor Browser's official .mozconfigs. Also: Add an --enable-tor-browser-data-outside-app-dir configure option Add --with-tor-browser-version configure option Bug 31457: disable per-installation profiles The dedicated profiles (per-installation) feature does not interact well with our bundled profiles on Linux and Windows, and it also causes multiple profiles to be created on macOS under TorBrowser-Data. Bug 31935: Disable profile downgrade protection. Since Tor Browser does not support more than one profile, disable the prompt and associated code that offers to create one when a version downgrade situation is detected. Add --enable-tor-browser-update build option Bug 40793: moved Tor configuration options from old-configure.in to moz.configure Bug 41584: Move some configuration options to base-browser level - - - - - ddd2824b by Henry Wilkes at 2024-10-21T19:31:48+02:00 Bug 41340: Enable TOR_BROWSER_NIGHTLY_BUILD features for dev and nightly builds tor-browser#41285: Enable fluent warnings. - - - - - 3432e5b6 by Pier Angelo Vendrame at 2024-10-21T19:31:48+02:00 Bug 40562: Added Tor Browser preferences to 000-tor-browser.js Before reordering patches, we used to keep the Tor-related patches (torbutton and tor-launcher) at the beginning. After that issue, we decided to move them towards the end. In addition to that, we have decided to move Tor Browser-only preferences there, too, to make Base Browser-only fixups easier to apply. - - - - - e8a550ac by Morgan at 2024-10-21T19:33:24+02:00 fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js Bug 43170: Disable user-agent spoofing in HTTP header - - - - - 359f47ca by Pier Angelo Vendrame at 2024-10-21T19:33:24+02:00 Bug 13252: Customize profile management on macOS On macOS we allow both portable mode and system installation. However, in the latter case, we customize Firefox's directories to match the hierarchy we use for the portable mode. Also, display an informative error message if the TorBrowser-Data directory cannot be created due to an "access denied" or a "read only volume" error. - - - - - 25530d34 by Pier Angelo Vendrame at 2024-10-21T19:33:24+02:00 Bug 40933: Add tor-launcher functionality Bug 41926: Reimplement the control port - - - - - 78f5cad7 by Cecylia Bocovich at 2024-10-21T19:33:24+02:00 Lox integration - - - - - 2128db61 by Richard Pospesel at 2024-10-21T19:33:25+02:00 Bug 40597: Implement TorSettings module - migrated in-page settings read/write implementation from about:preferences#tor to the TorSettings module - TorSettings initially loads settings from the tor daemon, and saves them to firefox prefs - TorSettings notifies observers when a setting has changed; currently only QuickStart notification is implemented for parity with previous preference notify logic in about:torconnect and about:preferences#tor - about:preferences#tor, and about:torconnect now read and write settings thorugh the TorSettings module - all tor settings live in the torbrowser.settings.* preference branch - removed unused pref modify permission for about:torconnect content page from AsyncPrefs.jsm Bug 40645: Migrate Moat APIs to Moat.jsm module - - - - - 2f5c4c03 by hackademix at 2024-10-21T19:33:25+02:00 fixup! Bug 40597: Implement TorSettings module - - - - - fa4df7fe by Arthur Edelstein at 2024-10-21T19:33:25+02:00 Bug 3455: Add DomainIsolator, for isolating circuit by domain. Add an XPCOM component that registers a ProtocolProxyChannelFilter which sets the username/password for each web request according to url bar domain. Bug 9442: Add New Circuit button Bug 13766: Set a 10 minute circuit dirty timeout for the catch-all circ. Bug 19206: Include a 128 bit random tag as part of the domain isolator nonce. Bug 19206: Clear out the domain isolator state on `New Identity`. Bug 21201.2: Isolate by firstPartyDomain from OriginAttributes Bug 21745: Fix handling of catch-all circuit Bug 41741: Refactor the domain isolator and new circuit - - - - - 4085ef5a by Henry Wilkes at 2024-10-21T19:33:25+02:00 Bug 41600: Add a tor circuit display panel. - - - - - 2dba20a4 by Pier Angelo Vendrame at 2024-10-21T19:33:25+02:00 Bug 42247: Android helpers for the TorProvider GeckoView is missing some API we use on desktop for the integration with the tor daemon, such as subprocess. Therefore, we need to implement them in Java and plumb the data back and forth between JS and Java. - - - - - 5c8d8969 by hackademix at 2024-10-21T19:33:26+02:00 Bug 8324: Prevent DNS proxy bypasses caused by Drag&Drop Bug 41613: Skip Drang & Drop filtering for DNS-safe URLs - - - - - 9dc9b29b by Amogh Pradeep at 2024-10-21T19:33:26+02:00 Orfox: Centralized proxy applied to AbstractCommunicator and BaseResources. See Bug 1357997 for partial uplift. Also: Bug 28051 - Use our Orbot for proxying our connections Bug 31144 - ESR68 Network Code Review - - - - - 5e294aac by Matthew Finkel at 2024-10-21T19:33:26+02:00 Bug 25741: TBA: Disable GeckoNetworkManager The browser should not need information related to the network interface or network state, tor should take care of that. - - - - - 9b49c86a by Kathy Brade at 2024-10-21T19:33:26+02:00 Bug 14631: Improve profile access error messages. Instead of always reporting that the profile is locked, display specific messages for "access denied" and "read-only file system". To allow for localization, get profile-related error strings from Torbutton. Use app display name ("Tor Browser") in profile-related error alerts. - - - - - 78cfcd83 by Pier Angelo Vendrame at 2024-10-21T19:33:26+02:00 Bug 40807: Added QRCode.js to toolkit/modules - - - - - a9706922 by Richard Pospesel at 2024-10-21T19:33:27+02:00 Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection This patch adds a new about:preferences#connection page which allows modifying bridge, proxy, and firewall settings from within Tor Browser. All of the functionality present in tor-launcher's Network Configuration panel is present: - Setting built-in bridges - Requesting bridges from BridgeDB via moat - Using user-provided bridges - Configuring SOCKS4, SOCKS5, and HTTP/HTTPS proxies - Setting firewall ports - Viewing and Copying Tor's logs - The Networking Settings in General preferences has been removed Bug 40774: Update about:preferences page to match new UI designs - - - - - ebf6231b by Richard Pospesel at 2024-10-21T19:33:27+02:00 Bug 27476: Implement about:torconnect captive portal within Tor Browser - implements new about:torconnect page as tor-launcher replacement - adds new torconnect component to browser - tor process management functionality remains implemented in tor-launcher through the TorProtocolService module - adds warning/error box to about:preferences#tor when not connected to tor Bug 40773: Update the about:torconnect frontend page to match additional UI flows. Bug 41608: Add a toolbar status button and a urlbar "Connect" button. - - - - - 013dff6d by Pier Angelo Vendrame at 2024-10-21T19:33:27+02:00 Temporary changes to about:torconnect for Android. We are planning of tempoorarily using about:torconnect on Android, until the native UX is ready. - - - - - 535147ff by Henry Wilkes at 2024-10-21T19:33:27+02:00 Bug 7494: Create local home page for TBB. Bug 41333: Update about:tor to new design. Including: + make the favicon match the branding icon. + make the location bar show a search icon. - - - - - 2e69e97a by Arthur Edelstein at 2024-10-21T19:33:28+02:00 Bug 12620: TorBrowser regression tests Regression tests for Bug #2950: Make Permissions Manager memory-only Regression tests for TB4: Tor Browser's Firefox preference overrides. Note: many more functional tests could be made here Regression tests for #2874: Block Components.interfaces from content Bug 18923: Add a script to run all Tor Browser specific tests Regression tests for Bug #16441: Suppress "Reset Tor Browser" prompt. - - - - - fde4bc1f by Pier Angelo Vendrame at 2024-10-21T19:33:28+02:00 Bug 41668: Tweaks to the Base Browser updater for Tor Browser This commit was once part of "Bug 4234: Use the Firefox Update Process for Tor Browser.". However, some parts of it were not needed for Base Browser and some derivative browsers. Therefore, we extracted from that commit the parts for Tor Browser legacy, and we add them back to the patch set with this commit. - - - - - 7a88ba4a by Kathy Brade at 2024-10-21T19:33:28+02:00 Bug 12647: Support symlinks in the updater. - - - - - a94e77a6 by Kathy Brade at 2024-10-21T19:33:28+02:00 Bug 19121: reinstate the update.xml hash check This is a partial revert of commit f1241db6986e4b54473a1ed870f7584c75d51122. Revert most changes from Mozilla Bug 862173 "don't verify mar file hash when using mar signing to verify the mar file (lessens main thread I/O)." We kept the addition to the AppConstants API in case other JS code references it in the future. - - - - - 3d6346cb by Pier Angelo Vendrame at 2024-10-21T19:33:28+02:00 fixup! Bug 19121: reinstate the update.xml hash check Revert "Bug 19121: reinstate the update.xml hash check" This reverts commit 39a712fbaf18cb64b6dc601c71bac82718de1a01. - - - - - 99f89be8 by Kathy Brade at 2024-10-21T19:33:29+02:00 Bug 16940: After update, load local change notes. Add an about:tbupdate page that displays the first section from TorBrowser/Docs/ChangeLog.txt and includes a link to the remote post-update page (typically our blog entry for the release). Always load about:tbupdate in a content process, but implement the code that reads the file system (changelog) in the chrome process for compatibility with future sandboxing efforts. Also fix bug 29440. Now about:tbupdate is styled as a fairly simple changelog page that is designed to be displayed via a link that is on about:tor. - - - - - 21f2261a by Georg Koppen at 2024-10-21T19:33:29+02:00 Bug 32658: Create a new MAR signing key It's time for our rotation again: Move the backup key in the front position and add a new backup key. Bug 33803: Move our primary nightly MAR signing key to tor-browser Bug 33803: Add a secondary nightly MAR signing key - - - - - e9fc02b8 by Mike Perry at 2024-10-21T19:33:29+02:00 Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing eBay and Amazon don't treat Tor users very well. Accounts often get locked and payments reversed. Also: Bug 16322: Update DuckDuckGo search engine We are replacing the clearnet URL with an onion service one (thanks to a patch by a cypherpunk) and are removing the duplicated DDG search engine. Duplicating DDG happend due to bug 1061736 where Mozilla included DDG itself into Firefox. Interestingly, this caused breaking the DDG search if JavaScript is disabled as the Mozilla engine, which gets loaded earlier, does not use the html version of the search page. Moreover, the Mozilla engine tracked where the users were searching from by adding a respective parameter to the search query. We got rid of that feature as well. Also: This fixes bug 20809: the DuckDuckGo team has changed its server-side code in a way that lets users with JavaScript enabled use the default landing page while those without JavaScript available get redirected directly to the non-JS page. We adapt the search engine URLs accordingly. Also fixes bug 29798 by making sure we only specify the Google search engine we actually ship an .xml file for. Also regression tests. squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing Bug 40494: Update Startpage search provider squash! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing Bug 40438: Add Blockchair as a search engine Bug 33342: Avoid disconnect search addon error after removal. We removed the addon in #32767, but it was still being loaded from addonStartup.json.lz4 and throwing an error on startup because its resource: location is not available anymore. - - - - - 8f445b90 by Alex Catarineu at 2024-10-21T19:33:29+02:00 Bug 40073: Disable remote Public Suffix List fetching In https://bugzilla.mozilla.org/show_bug.cgi?id=1563246 Firefox implemented fetching the Public Suffix List via RemoteSettings and replacing the default one at runtime, which we do not want. - - - - - beadda14 by Henry Wilkes at 2024-10-21T19:33:29+02:00 Bug 41906: Hide DNS over HTTPS preferences. - - - - - 2aca0083 by Richard Pospesel at 2024-10-21T19:33:30+02:00 Bug 23247: Communicating security expectations for .onion Encrypting pages hosted on Onion Services with SSL/TLS is redundant (in terms of hiding content) as all traffic within the Tor network is already fully encrypted. Therefore, serving HTTP pages from an Onion Service is more or less fine. Prior to this patch, Tor Browser would mostly treat pages delivered via Onion Services as well as pages delivered in the ordinary fashion over the internet in the same way. This created some inconsistencies in behaviour and misinformation presented to the user relating to the security of pages delivered via Onion Services: - HTTP Onion Service pages did not have any 'lock' icon indicating the site was secure - HTTP Onion Service pages would be marked as unencrypted in the Page Info screen - Mixed-mode content restrictions did not apply to HTTP Onion Service pages embedding Non-Onion HTTP content This patch fixes the above issues, and also adds several new 'Onion' icons to the mix to indicate all of the various permutations of Onion Services hosted HTTP or HTTPS pages with HTTP or HTTPS content. Strings for Onion Service Page Info page are pulled from Torbutton's localization strings. - - - - - 4c59607a by Kathy Brade at 2024-10-21T19:33:30+02:00 Bug 30237: Add v3 onion services client authentication prompt When Tor informs the browser that client authentication is needed, temporarily load about:blank instead of about:neterror and prompt for the user's key. If a correctly formatted key is entered, use Tor's ONION_CLIENT_AUTH_ADD control port command to add the key (via Torbutton's control port module) and reload the page. If the user cancels the prompt, display the standard about:neterror "Unable to connect" page. This requires a small change to browser/actors/NetErrorChild.jsm to account for the fact that the docShell no longer has the failedChannel information. The failedChannel is used to extract TLS-related error info, which is not applicable in the case of a canceled .onion authentication prompt. Add a leaveOpen option to PopupNotifications.show so we can display error messages within the popup notification doorhanger without closing the prompt. Add support for onion services strings to the TorStrings module. Add support for Tor extended SOCKS errors (Tor proposal 304) to the socket transport and SOCKS layers. Improved display of all of these errors will be implemented as part of bug 30025. Also fixes bug 19757: Add a "Remember this key" checkbox to the client auth prompt. Add an "Onion Services Authentication" section within the about:preferences "Privacy & Security section" to allow viewing and removal of v3 onion client auth keys that have been stored on disk. Also fixes bug 19251: use enhanced error pages for onion service errors. - - - - - e95970c6 by Alex Catarineu at 2024-10-21T19:33:30+02:00 Bug 21952: Implement Onion-Location Whenever a valid Onion-Location HTTP header (or corresponding HTML <meta> http-equiv attribute) is found in a document load, we either redirect to it (if the user opted-in via preference) or notify the presence of an onionsite alternative with a badge in the urlbar. - - - - - 2b4a33c6 by Pier Angelo Vendrame at 2024-10-21T19:33:30+02:00 Bug 40458: Implement .tor.onion aliases We have enabled HTTPS-Only mode, therefore we do not need HTTPS-Everywhere anymore. However, we want to keep supporting .tor.onion aliases (especially for securedrop). Therefore, in this patch we implemented the parsing of HTTPS-Everywhere rulesets, and the redirect of .tor.onion domains. Actually, Tor Browser believes they are actual domains. We change them on the fly on the SOCKS proxy requests to resolve the domain, and on the code that verifies HTTPS certificates. - - - - - 82fa2a9b by Pier Angelo Vendrame at 2024-10-21T19:33:31+02:00 Bug 11698: Incorporate Tor Browser Manual pages into Tor Browser This patch associates the about:manual page to a translated page that must be injected to browser/omni.ja after the build. The content must be placed in chrome/browser/content/browser/manual/, so that is then available at chrome://browser/content/manual/. We preferred giving absolute freedom to the web team, rather than having to change the patch in case of changes on the documentation. - - - - - 6688758a by Pier Angelo Vendrame at 2024-10-21T19:33:31+02:00 Bug 41435: Add a Tor Browser migration function For now this function only deletes old language packs for which we are already packaging the strings with the application. - - - - - b396dcae by Henry Wilkes at 2024-10-21T19:33:31+02:00 Bug 42110: Add TorUIUtils module for common tor component methods. - - - - - 8fc341e0 by Dan Ballard at 2024-10-21T19:33:31+02:00 Bug 40701: Add security warning when downloading a file Shown in the downloads panel, about:downloads and places.xhtml. - - - - - 9380256b by Henry Wilkes at 2024-10-21T19:33:31+02:00 Bug 41736: Customize toolbar for tor-browser. - - - - - 07f8fcfb by hackademix at 2024-10-21T19:33:32+02:00 Bug 41728: Pin bridges.torproject.org domains to Let's Encrypt's root cert public key - - - - - ec3d77b5 by Henry Wilkes at 2024-10-21T19:33:32+02:00 Customize moz-toggle for tor-browser. - - - - - 5eab3226 by Richard Pospesel at 2024-10-21T19:33:32+02:00 Bug 41822: Unconditionally disable default browser UX in about:preferences - - - - - 4ad5f76a by Cecylia Bocovich at 2024-10-21T19:33:32+02:00 Temporary commit: manually place generated wasm files These files are built reproducibly using tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_re… We're manually adding them here while working on the interface, but eventually these should be placed in the right location using tor-browser-build. - - - - - 320c29f3 by Henry Wilkes at 2024-10-21T19:33:32+02:00 TEMPORARY: Copy torbrowser_strings.xml to the 13.5 branch. NOTE: Only needed for the `tor-browser` `13.5` branches. Bug 42480: Make sure the torbrowser_strings.xml file is in the 13.5 branch for the tor-browser `update-translations` CI. The file should otherwise remain unused for the 13.5 branch. File was copied from https://gitlab.torproject.org/tpo/translation/-/blob/f27eda6d10a4585a8402c5… - - - - - 78175ba2 by Henry Wilkes at 2024-10-21T19:33:33+02:00 Bug 43125: Extend the 13.5 EOL expiry date for tor-browser. - - - - - cae4eb5d by Henry Wilkes at 2024-10-21T19:33:33+02:00 Bug 43098: Year End Campaign 2024. Implements YEC 2024 for about:tor. - - - - - 18d48e81 by Henry Wilkes at 2024-10-21T19:33:33+02:00 fixup! Bug 43098: Year End Campaign 2024. Bug 43149: Use special YEC 2024 donate url. - - - - - 30 changed files: - .eslintignore - .gitignore - + .gitlab-ci.yml - + .gitlab/ci/update-translations.yml - + .gitlab/issue_templates/Backport Android Security Fixes.md - + .gitlab/issue_templates/Emergency Security Issue.md - + .gitlab/issue_templates/Rebase Browser - Alpha.md - + .gitlab/issue_templates/Rebase Browser - Stable.md - + .gitlab/issue_templates/bug.md - + .gitlab/merge_request_templates/default.md - + README.md - − README.txt - accessible/android/SessionAccessibility.cpp - accessible/android/SessionAccessibility.h - accessible/ipc/DocAccessibleParent.cpp - accessible/ipc/DocAccessibleParent.h - accessible/ipc/moz.build - + browser/actors/AboutTBUpdateChild.jsm - + browser/actors/AboutTBUpdateParent.jsm - browser/actors/BrowserTabChild.sys.mjs - + browser/actors/CryptoSafetyChild.jsm - + browser/actors/CryptoSafetyParent.jsm - − browser/actors/RFPHelperChild.sys.mjs - − browser/actors/RFPHelperParent.sys.mjs - browser/actors/moz.build - browser/app/Makefile.in - browser/app/macbuild/Contents/Info.plist.in - browser/app/macbuild/Contents/MacOS-files.in - browser/app/moz.build - browser/app/permissions The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/359ca1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/359ca1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new branch tor-browser-128.4.0esr-14.0-1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new branch tor-browser-128.4.0esr-14.0-1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] fixup! Add CI for Base Browser
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: b9153ddf by Beatriz Rizental at 2024-10-22T10:35:30+02:00 fixup! Add CI for Base Browser Run file-whitespace linter for .java file changes. - - - - - 1 changed file: - .gitlab/ci/lint.yml Changes: ===================================== .gitlab/ci/lint.yml ===================================== @@ -264,6 +264,7 @@ file-whitespace: - '**/*.rst' - '**/*.webidl' - '**/*.xhtml' + - '**/*.java' - 'tools/lint/file-whitespace.yml' # Run job whenever a commit is merged to a protected branch - if: $CI_COMMIT_REF_PROTECTED == 'true' View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/b91… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/b91… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] 2 commits: fixup! Bug 42716: Disable unwanted about: pages
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: cf87b58a by Beatriz Rizental at 2024-10-22T10:34:01+02:00 fixup! Bug 42716: Disable unwanted about: pages - - - - - 6b8bd60d by Beatriz Rizental at 2024-10-22T10:34:13+02:00 fixup! Add CI for Base Browser Run file-whitespace linter for .java file changes. - - - - - 2 changed files: - .gitlab/ci/lint.yml - docshell/base/nsAboutRedirector.cpp Changes: ===================================== .gitlab/ci/lint.yml ===================================== @@ -264,6 +264,7 @@ file-whitespace: - '**/*.rst' - '**/*.webidl' - '**/*.xhtml' + - '**/*.java' - 'tools/lint/file-whitespace.yml' # Run job whenever a commit is merged to a protected branch - if: $CI_COMMIT_REF_PROTECTED == 'true' ===================================== docshell/base/nsAboutRedirector.cpp ===================================== @@ -193,7 +193,7 @@ static const RedirEntry kRedirMap[] = { # endif {"telemetry", "chrome://global/content/aboutTelemetry.xhtml", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, -#endif +#endif {"translations", "chrome://global/content/translations/translations.html", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/f06a46… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/f06a46… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] 4 commits: fixup! Bug 42660: Disable ProxySelector.openConnectionWithProxy and NOPify...
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: aad5e9c7 by Beatriz Rizental at 2024-10-22T10:15:38+02:00 fixup! Bug 42660: Disable ProxySelector.openConnectionWithProxy and NOPify CrashReporter.sendCrashReport - - - - - b27ebe80 by Beatriz Rizental at 2024-10-22T10:16:06+02:00 fixup! [android] Modify add-on support - - - - - 7d9e9856 by Beatriz Rizental at 2024-10-22T10:20:38+02:00 fixup! Add CI for Base Browser Run file-whitespace linter for .java file changes. - - - - - 638726b3 by Beatriz Rizental at 2024-10-22T10:24:10+02:00 fixup! Bug 42716: Disable unwanted about: pages - - - - - 5 changed files: - .gitlab/ci/lint.yml - docshell/base/nsAboutRedirector.cpp - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/CrashReporter.java - toolkit/mozapps/extensions/AddonManager.sys.mjs - toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs Changes: ===================================== .gitlab/ci/lint.yml ===================================== @@ -264,6 +264,7 @@ file-whitespace: - '**/*.rst' - '**/*.webidl' - '**/*.xhtml' + - '**/*.java' - 'tools/lint/file-whitespace.yml' # Run job whenever a commit is merged to a protected branch - if: $CI_COMMIT_REF_PROTECTED == 'true' ===================================== docshell/base/nsAboutRedirector.cpp ===================================== @@ -193,7 +193,7 @@ static const RedirEntry kRedirMap[] = { # endif {"telemetry", "chrome://global/content/aboutTelemetry.xhtml", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, -#endif +#endif {"torconnect", "chrome://global/content/torconnect/aboutTorConnect.html", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::URI_CAN_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT | ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/CrashReporter.java ===================================== @@ -173,7 +173,7 @@ public class CrashReporter { if (true) { return GeckoResult.fromValue("0"); } - + Log.d(LOGTAG, "Sending crash report: " + minidumpFile.getPath()); HttpURLConnection conn = null; ===================================== toolkit/mozapps/extensions/AddonManager.sys.mjs ===================================== @@ -2541,7 +2541,8 @@ var AddonManagerInternal = { if (installAllowed) { if (AppConstants.platform == "android") { aInstall.cancel(); - return this.installGeckoViewWebExtension(aInstall.sourceURI); + this.installGeckoViewWebExtension(aInstall.sourceURI); + return; } startInstall("AMO"); } else if (installPerm === Ci.nsIPermissionManager.DENY_ACTION) { ===================================== toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs ===================================== @@ -4476,7 +4476,10 @@ export var XPIInstall = { } // tor-browser#43132: short-circuit permission check on Android scriptless install from AMO - if (AppConstants.platform == "android" && uri.prePath == "https://addons.mozilla.org") { + if ( + AppConstants.platform == "android" && + uri.prePath == "https://addons.mozilla.org" + ) { return true; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ff517b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ff517b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] fixup! Add CI for Base Browser
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: f06a4621 by Beatriz Rizental at 2024-10-22T09:51:04+02:00 fixup! Add CI for Base Browser - - - - - 1 changed file: - .gitlab/ci/lint.yml Changes: ===================================== .gitlab/ci/lint.yml ===================================== @@ -23,7 +23,7 @@ - git fetch --depth 500 local - git remote add origin "$CI_REPOSITORY_URL" - git fetch origin ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} - - git checkout ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} + - git checkout origin/${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} eslint: extends: .base View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/f06a462… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/f06a462… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] fixup! Add CI for Base Browser
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 2c841ad2 by Beatriz Rizental at 2024-10-22T09:51:21+02:00 fixup! Add CI for Base Browser - - - - - 1 changed file: - .gitlab/ci/lint.yml Changes: ===================================== .gitlab/ci/lint.yml ===================================== @@ -23,7 +23,7 @@ - git fetch --depth 500 local - git remote add origin "$CI_REPOSITORY_URL" - git fetch origin ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} - - git checkout ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} + - git checkout origin/${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} eslint: extends: .base View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/2c8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/2c8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] fixup! Add CI for Base Browser
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: ff517bad by Beatriz Rizental at 2024-10-22T09:46:10+02:00 fixup! Add CI for Base Browser - - - - - 1 changed file: - .gitlab/ci/lint.yml Changes: ===================================== .gitlab/ci/lint.yml ===================================== @@ -23,7 +23,7 @@ - git fetch --depth 500 local - git remote add origin "$CI_REPOSITORY_URL" - git fetch origin ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} - - git checkout ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} + - git checkout origin/${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} eslint: extends: .base View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ff517ba… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ff517ba… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.3.0esr-14.0-1] 2 commits: fixup! Add CI for Base Browser
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 1b763c7e by Beatriz Rizental at 2024-10-22T09:41:23+02:00 fixup! Add CI for Base Browser Use tb-build dedicated runners for lint CI. - - - - - eefd74b3 by Beatriz Rizental at 2024-10-22T09:41:24+02:00 fixup! Add CI for Base Browser Re-enable lint jobs for default branches - - - - - 3 changed files: - .gitlab-ci.yml - .gitlab/ci/lint.yml - − .gitlab/ci/setup.yml Changes: ===================================== .gitlab-ci.yml ===================================== @@ -1,10 +1,9 @@ stages: - - setup - lint variables: IMAGE_PATH: containers.torproject.org/tpo/applications/tor-browser/base:latest + LOCAL_REPO_PATH: /srv/apps-repos/${CI_PROJECT_NAME}.git include: - - local: '.gitlab/ci/setup.yml' - local: '.gitlab/ci/lint.yml' ===================================== .gitlab/ci/lint.yml ===================================== @@ -2,13 +2,9 @@ stage: lint image: $IMAGE_PATH interruptible: true - needs: - - job: setup-env - artifacts: true - - job: create-bundle - artifacts: true variables: MOZBUILD_STATE_PATH: "$CI_PROJECT_DIR/.cache/mozbuild" + # A copy of the repository already is available in the runner. GIT_STRATEGY: "none" cache: paths: @@ -18,26 +14,21 @@ when: 'always' # Share the cache throughout all pipelines running for a given branch key: $CI_COMMIT_REF_SLUG + tags: + # Run these jobs in the browser dedicated runners. + - firefox before_script: - # DEBUG: Are all artifacts here? - - ls -a - - mkdir app && cd app - # Initialize a fresh git repo - git init - # Add app.bundle as the remote. All operations that communicate with the remote will be local. - - git remote add origin ../app.bundle - # shallow.txt contains the SHA of the base commit of the bundle. - # The bundle is shallow, therefore it's base commit will not have a parent. - # Adding the SHA of the base commit to .git/shallow tells git that it doesn't need - # to crash when it realizes said base commit doesn't have a parent. - - cp ../shallow.txt .git/shallow - # Finally, unpack the bundle. Time it for debugging purposes. - - time git pull origin $BRANCH_NAME + - git remote add local "$LOCAL_REPO_PATH" + - git fetch --depth 500 local + - git remote add origin "$CI_REPOSITORY_URL" + - git fetch origin ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} + - git checkout ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} eslint: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l eslint + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l eslint rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -61,12 +52,12 @@ eslint: - 'tools/lint/eslint/eslint-plugin-mozilla/**' - 'tools/lint/eslint/eslint-plugin-spidermonkey-js/**' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' stylelint: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l stylelint + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l stylelint rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -79,12 +70,12 @@ stylelint: - '**/.stylelintignore' - '**/*stylelintrc*' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' py-black: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l black + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l black rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -98,12 +89,12 @@ py-black: - 'pyproject.toml' - 'tools/lint/black.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' py-ruff: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l ruff + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l ruff rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -117,12 +108,12 @@ py-ruff: - 'tools/lint/python/ruff.py' - 'tools/lint/python/ruff_requirements.txt' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' yaml: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l yaml + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l yaml rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -132,12 +123,12 @@ yaml: - '**/*.yaml' - '**/.ymllint' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' shellcheck: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l shellcheck + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l shellcheck rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -146,13 +137,13 @@ shellcheck: - '**/*.sh' - 'tools/lint/shellcheck.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' clang-format: extends: .base script: - ./mach configure --without-wasm-sandboxed-libraries --with-base-browser-version=0.0.0 - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l clang-format + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l clang-format rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -166,12 +157,12 @@ clang-format: - '**/*.mm' - 'tools/lint/clang-format.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' rustfmt: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l rustfmt + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l rustfmt rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -180,12 +171,12 @@ rustfmt: - '**/*.rs' - 'tools/lint/rustfmt.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' fluent-lint: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l fluent-lint + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l fluent-lint rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -195,12 +186,12 @@ fluent-lint: - 'tools/lint/fluent-lint.yml' - 'tools/lint/fluent-lint/exclusions.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' localization: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l l10n + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l l10n rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -212,12 +203,12 @@ localization: - 'third_party/python/fluent/**' - 'tools/lint/l10n.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' mingw-capitalization: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l mingw-capitalization + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l mingw-capitalization rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -229,12 +220,12 @@ mingw-capitalization: - '**/*.h' - 'tools/lint/mingw-capitalization.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' mscom-init: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l mscom-init + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l mscom-init rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -246,12 +237,12 @@ mscom-init: - '**/*.h' - 'tools/lint/mscom-init.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' file-whitespace: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l file-whitespace + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l file-whitespace rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -275,12 +266,12 @@ file-whitespace: - '**/*.xhtml' - 'tools/lint/file-whitespace.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' test-manifest: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l test-manifest-alpha -l test-manifest-disable -l test-manifest-skip-if + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l test-manifest-alpha -l test-manifest-disable -l test-manifest-skip-if rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -290,12 +281,12 @@ test-manifest: - 'python/mozlint/**' - 'tools/lint/**' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' trojan-source: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l trojan-source + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l trojan-source rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -309,4 +300,4 @@ trojan-source: - '**/*.rs' - 'tools/lint/trojan-source.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' ===================================== .gitlab/ci/setup.yml deleted ===================================== @@ -1,56 +0,0 @@ -setup-env: - stage: setup - interruptible: true - variables: - GIT_STRATEGY: "none" - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' || $CI_COMMIT_REF_PROTECTED == 'true' - script: - - | - if [ -n "$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" ]; then - echo "BRANCH_NAME=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" > build.env - else - echo "BRANCH_NAME=$CI_COMMIT_REF_NAME" > build.env - fi - artifacts: - reports: - dotenv: - - build.env - -create-bundle: - stage: setup - # TODO: Find a better suited image, this one just has git. - image: python - needs: - - job: setup-env - artifacts: true - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' || $CI_COMMIT_REF_PROTECTED == 'true' - variables: - GIT_DEPTH: "1" - interruptible: true - script: - # DEBUG: Check repository status. - - git status - # DEBUG: Check branches in repository - - git branch - # Force switch to a named branch. We force it in case there is already - # a branch with the same name from previous runs. - - git switch -C $BRANCH_NAME - # Create a git bundle -- this will generate the app.bundle file, - # which can be used as a git remote for offline fetching. - - git bundle create app.bundle $BRANCH_NAME - # Retain the SHA of the base of this shallow repository. - - cat .git/shallow > shallow.txt - # DEBUG: Check sizes. - - du -sh .git - - du -sh app.bundle - # Since this is the only job we have access to the Gitlab remote, - # let's get a list of changed files to use in the next jobs. - - .gitlab/ci/scripts/helpers.py --get-changed-files > changedfiles.txt - artifacts: - paths: - - app.bundle - - shallow.txt - - changedfiles.txt - expire_in: 1 hour View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/e8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/e8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.3.0esr-14.0-1] 2 commits: fixup! Add CI for Base Browser
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch base-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 2489123c by Beatriz Rizental at 2024-10-22T09:39:39+02:00 fixup! Add CI for Base Browser Use tb-build dedicated runners for lint CI. - - - - - bfcc1f54 by Beatriz Rizental at 2024-10-22T09:39:41+02:00 fixup! Add CI for Base Browser Re-enable lint jobs for default branches - - - - - 3 changed files: - .gitlab-ci.yml - .gitlab/ci/lint.yml - − .gitlab/ci/setup.yml Changes: ===================================== .gitlab-ci.yml ===================================== @@ -1,10 +1,9 @@ stages: - - setup - lint variables: IMAGE_PATH: containers.torproject.org/tpo/applications/tor-browser/base:latest + LOCAL_REPO_PATH: /srv/apps-repos/${CI_PROJECT_NAME}.git include: - - local: '.gitlab/ci/setup.yml' - local: '.gitlab/ci/lint.yml' ===================================== .gitlab/ci/lint.yml ===================================== @@ -2,13 +2,9 @@ stage: lint image: $IMAGE_PATH interruptible: true - needs: - - job: setup-env - artifacts: true - - job: create-bundle - artifacts: true variables: MOZBUILD_STATE_PATH: "$CI_PROJECT_DIR/.cache/mozbuild" + # A copy of the repository already is available in the runner. GIT_STRATEGY: "none" cache: paths: @@ -18,26 +14,21 @@ when: 'always' # Share the cache throughout all pipelines running for a given branch key: $CI_COMMIT_REF_SLUG + tags: + # Run these jobs in the browser dedicated runners. + - firefox before_script: - # DEBUG: Are all artifacts here? - - ls -a - - mkdir app && cd app - # Initialize a fresh git repo - git init - # Add app.bundle as the remote. All operations that communicate with the remote will be local. - - git remote add origin ../app.bundle - # shallow.txt contains the SHA of the base commit of the bundle. - # The bundle is shallow, therefore it's base commit will not have a parent. - # Adding the SHA of the base commit to .git/shallow tells git that it doesn't need - # to crash when it realizes said base commit doesn't have a parent. - - cp ../shallow.txt .git/shallow - # Finally, unpack the bundle. Time it for debugging purposes. - - time git pull origin $BRANCH_NAME + - git remote add local "$LOCAL_REPO_PATH" + - git fetch --depth 500 local + - git remote add origin "$CI_REPOSITORY_URL" + - git fetch origin ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} + - git checkout ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} eslint: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l eslint + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l eslint rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -61,12 +52,12 @@ eslint: - 'tools/lint/eslint/eslint-plugin-mozilla/**' - 'tools/lint/eslint/eslint-plugin-spidermonkey-js/**' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' stylelint: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l stylelint + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l stylelint rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -79,12 +70,12 @@ stylelint: - '**/.stylelintignore' - '**/*stylelintrc*' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' py-black: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l black + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l black rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -98,12 +89,12 @@ py-black: - 'pyproject.toml' - 'tools/lint/black.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' py-ruff: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l ruff + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l ruff rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -117,12 +108,12 @@ py-ruff: - 'tools/lint/python/ruff.py' - 'tools/lint/python/ruff_requirements.txt' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' yaml: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l yaml + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l yaml rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -132,12 +123,12 @@ yaml: - '**/*.yaml' - '**/.ymllint' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' shellcheck: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l shellcheck + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l shellcheck rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -146,13 +137,13 @@ shellcheck: - '**/*.sh' - 'tools/lint/shellcheck.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' clang-format: extends: .base script: - ./mach configure --without-wasm-sandboxed-libraries --with-base-browser-version=0.0.0 - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l clang-format + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l clang-format rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -166,12 +157,12 @@ clang-format: - '**/*.mm' - 'tools/lint/clang-format.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' rustfmt: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l rustfmt + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l rustfmt rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -180,12 +171,12 @@ rustfmt: - '**/*.rs' - 'tools/lint/rustfmt.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' fluent-lint: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l fluent-lint + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l fluent-lint rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -195,12 +186,12 @@ fluent-lint: - 'tools/lint/fluent-lint.yml' - 'tools/lint/fluent-lint/exclusions.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' localization: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l l10n + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l l10n rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -212,12 +203,12 @@ localization: - 'third_party/python/fluent/**' - 'tools/lint/l10n.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' mingw-capitalization: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l mingw-capitalization + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l mingw-capitalization rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -229,12 +220,12 @@ mingw-capitalization: - '**/*.h' - 'tools/lint/mingw-capitalization.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' mscom-init: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l mscom-init + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l mscom-init rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -246,12 +237,12 @@ mscom-init: - '**/*.h' - 'tools/lint/mscom-init.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' file-whitespace: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l file-whitespace + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l file-whitespace rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -275,12 +266,12 @@ file-whitespace: - '**/*.xhtml' - 'tools/lint/file-whitespace.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' test-manifest: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l test-manifest-alpha -l test-manifest-disable -l test-manifest-skip-if + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l test-manifest-alpha -l test-manifest-disable -l test-manifest-skip-if rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -290,12 +281,12 @@ test-manifest: - 'python/mozlint/**' - 'tools/lint/**' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' trojan-source: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l trojan-source + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l trojan-source rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -309,4 +300,4 @@ trojan-source: - '**/*.rs' - 'tools/lint/trojan-source.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' ===================================== .gitlab/ci/setup.yml deleted ===================================== @@ -1,56 +0,0 @@ -setup-env: - stage: setup - interruptible: true - variables: - GIT_STRATEGY: "none" - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' || $CI_COMMIT_REF_PROTECTED == 'true' - script: - - | - if [ -n "$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" ]; then - echo "BRANCH_NAME=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" > build.env - else - echo "BRANCH_NAME=$CI_COMMIT_REF_NAME" > build.env - fi - artifacts: - reports: - dotenv: - - build.env - -create-bundle: - stage: setup - # TODO: Find a better suited image, this one just has git. - image: python - needs: - - job: setup-env - artifacts: true - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' || $CI_COMMIT_REF_PROTECTED == 'true' - variables: - GIT_DEPTH: "1" - interruptible: true - script: - # DEBUG: Check repository status. - - git status - # DEBUG: Check branches in repository - - git branch - # Force switch to a named branch. We force it in case there is already - # a branch with the same name from previous runs. - - git switch -C $BRANCH_NAME - # Create a git bundle -- this will generate the app.bundle file, - # which can be used as a git remote for offline fetching. - - git bundle create app.bundle $BRANCH_NAME - # Retain the SHA of the base of this shallow repository. - - cat .git/shallow > shallow.txt - # DEBUG: Check sizes. - - du -sh .git - - du -sh app.bundle - # Since this is the only job we have access to the Gitlab remote, - # let's get a list of changed files to use in the next jobs. - - .gitlab/ci/scripts/helpers.py --get-changed-files > changedfiles.txt - artifacts: - paths: - - app.bundle - - shallow.txt - - changedfiles.txt - expire_in: 1 hour View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/8f7307… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/8f7307… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.3.0esr-14.0-1] 2 commits: fixup! Add CI for Base Browser
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed to branch tor-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 73192867 by Beatriz Rizental at 2024-10-22T07:31:38+00:00 fixup! Add CI for Base Browser Use tb-build dedicated runners for lint CI. - - - - - 3accc5a1 by Beatriz Rizental at 2024-10-22T07:31:38+00:00 fixup! Add CI for Base Browser Re-enable lint jobs for default branches - - - - - 3 changed files: - .gitlab-ci.yml - .gitlab/ci/lint.yml - − .gitlab/ci/setup.yml Changes: ===================================== .gitlab-ci.yml ===================================== @@ -1,12 +1,11 @@ stages: - - setup - lint - update-translations variables: IMAGE_PATH: containers.torproject.org/tpo/applications/tor-browser/base:latest + LOCAL_REPO_PATH: /srv/apps-repos/${CI_PROJECT_NAME}.git include: - - local: '.gitlab/ci/setup.yml' - local: '.gitlab/ci/lint.yml' - local: '.gitlab/ci/update-translations.yml' ===================================== .gitlab/ci/lint.yml ===================================== @@ -2,13 +2,9 @@ stage: lint image: $IMAGE_PATH interruptible: true - needs: - - job: setup-env - artifacts: true - - job: create-bundle - artifacts: true variables: MOZBUILD_STATE_PATH: "$CI_PROJECT_DIR/.cache/mozbuild" + # A copy of the repository already is available in the runner. GIT_STRATEGY: "none" cache: paths: @@ -18,26 +14,21 @@ when: 'always' # Share the cache throughout all pipelines running for a given branch key: $CI_COMMIT_REF_SLUG + tags: + # Run these jobs in the browser dedicated runners. + - firefox before_script: - # DEBUG: Are all artifacts here? - - ls -a - - mkdir app && cd app - # Initialize a fresh git repo - git init - # Add app.bundle as the remote. All operations that communicate with the remote will be local. - - git remote add origin ../app.bundle - # shallow.txt contains the SHA of the base commit of the bundle. - # The bundle is shallow, therefore it's base commit will not have a parent. - # Adding the SHA of the base commit to .git/shallow tells git that it doesn't need - # to crash when it realizes said base commit doesn't have a parent. - - cp ../shallow.txt .git/shallow - # Finally, unpack the bundle. Time it for debugging purposes. - - time git pull origin $BRANCH_NAME + - git remote add local "$LOCAL_REPO_PATH" + - git fetch --depth 500 local + - git remote add origin "$CI_REPOSITORY_URL" + - git fetch origin ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} + - git checkout ${CI_COMMIT_BRANCH:-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} eslint: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l eslint + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l eslint rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -61,12 +52,12 @@ eslint: - 'tools/lint/eslint/eslint-plugin-mozilla/**' - 'tools/lint/eslint/eslint-plugin-spidermonkey-js/**' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' stylelint: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l stylelint + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l stylelint rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -79,12 +70,12 @@ stylelint: - '**/.stylelintignore' - '**/*stylelintrc*' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' py-black: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l black + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l black rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -98,12 +89,12 @@ py-black: - 'pyproject.toml' - 'tools/lint/black.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' py-ruff: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l ruff + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l ruff rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -117,12 +108,12 @@ py-ruff: - 'tools/lint/python/ruff.py' - 'tools/lint/python/ruff_requirements.txt' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' yaml: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l yaml + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l yaml rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -132,12 +123,12 @@ yaml: - '**/*.yaml' - '**/.ymllint' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' shellcheck: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l shellcheck + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l shellcheck rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -146,13 +137,13 @@ shellcheck: - '**/*.sh' - 'tools/lint/shellcheck.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' clang-format: extends: .base script: - ./mach configure --without-wasm-sandboxed-libraries --with-base-browser-version=0.0.0 - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l clang-format + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l clang-format rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -166,12 +157,12 @@ clang-format: - '**/*.mm' - 'tools/lint/clang-format.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' rustfmt: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l rustfmt + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l rustfmt rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -180,12 +171,12 @@ rustfmt: - '**/*.rs' - 'tools/lint/rustfmt.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' fluent-lint: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l fluent-lint + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l fluent-lint rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -195,12 +186,12 @@ fluent-lint: - 'tools/lint/fluent-lint.yml' - 'tools/lint/fluent-lint/exclusions.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' localization: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l l10n + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l l10n rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -212,12 +203,12 @@ localization: - 'third_party/python/fluent/**' - 'tools/lint/l10n.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' mingw-capitalization: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l mingw-capitalization + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l mingw-capitalization rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -229,12 +220,12 @@ mingw-capitalization: - '**/*.h' - 'tools/lint/mingw-capitalization.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' mscom-init: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l mscom-init + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l mscom-init rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -246,12 +237,12 @@ mscom-init: - '**/*.h' - 'tools/lint/mscom-init.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' file-whitespace: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l file-whitespace + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l file-whitespace rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -275,12 +266,12 @@ file-whitespace: - '**/*.xhtml' - 'tools/lint/file-whitespace.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' test-manifest: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l test-manifest-alpha -l test-manifest-disable -l test-manifest-skip-if + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l test-manifest-alpha -l test-manifest-disable -l test-manifest-skip-if rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -290,12 +281,12 @@ test-manifest: - 'python/mozlint/**' - 'tools/lint/**' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' trojan-source: extends: .base script: - - cat ../changedfiles.txt | xargs -d '\n' ./mach lint -l trojan-source + - .gitlab/ci/scripts/helpers.py --get-changed-files | xargs -d '\n' ./mach lint -l trojan-source rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' changes: @@ -309,4 +300,4 @@ trojan-source: - '**/*.rs' - 'tools/lint/trojan-source.yml' # Run job whenever a commit is merged to a protected branch - # - if: $CI_COMMIT_REF_PROTECTED == 'true' + - if: $CI_COMMIT_REF_PROTECTED == 'true' ===================================== .gitlab/ci/setup.yml deleted ===================================== @@ -1,56 +0,0 @@ -setup-env: - stage: setup - interruptible: true - variables: - GIT_STRATEGY: "none" - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' || $CI_COMMIT_REF_PROTECTED == 'true' - script: - - | - if [ -n "$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" ]; then - echo "BRANCH_NAME=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" > build.env - else - echo "BRANCH_NAME=$CI_COMMIT_REF_NAME" > build.env - fi - artifacts: - reports: - dotenv: - - build.env - -create-bundle: - stage: setup - # TODO: Find a better suited image, this one just has git. - image: python - needs: - - job: setup-env - artifacts: true - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' || $CI_COMMIT_REF_PROTECTED == 'true' - variables: - GIT_DEPTH: "1" - interruptible: true - script: - # DEBUG: Check repository status. - - git status - # DEBUG: Check branches in repository - - git branch - # Force switch to a named branch. We force it in case there is already - # a branch with the same name from previous runs. - - git switch -C $BRANCH_NAME - # Create a git bundle -- this will generate the app.bundle file, - # which can be used as a git remote for offline fetching. - - git bundle create app.bundle $BRANCH_NAME - # Retain the SHA of the base of this shallow repository. - - cat .git/shallow > shallow.txt - # DEBUG: Check sizes. - - du -sh .git - - du -sh app.bundle - # Since this is the only job we have access to the Gitlab remote, - # let's get a list of changed files to use in the next jobs. - - .gitlab/ci/scripts/helpers.py --get-changed-files > changedfiles.txt - artifacts: - paths: - - app.bundle - - shallow.txt - - changedfiles.txt - expire_in: 1 hour View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/1affb9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/1affb9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag FIREFOX_128_4_0esr_BUILD1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new tag FIREFOX_128_4_0esr_BUILD1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/FIREF… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag FIREFOX_128_4_0esr_BUILD1
by Pier Angelo Vendrame (＠pierov) 22 Oct '24

22 Oct '24

Pier Angelo Vendrame pushed new tag FIREFOX_128_4_0esr_BUILD1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/FIREFOX_1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-14.0-build1
by morgan (＠morgan) 21 Oct '24

21 Oct '24

morgan pushed new tag tbb-14.0-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41272: Prepare Tor Browser 14.0
by morgan (＠morgan) 21 Oct '24

21 Oct '24

morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: af22c694 by Morgan at 2024-10-21T20:12:26+00:00 Bug 41272: Prepare Tor Browser 14.0 - - - - - 7 changed files: - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/config - projects/firefox/config - projects/geckoview/config - projects/manual/config - projects/translation/config - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,226 @@ +Tor Browser 14.0 - October 17 2024 + * All Platforms + * Bug 30543: compat: make spoofed orientation reflect spoofed screen dimensions [1607032 + 1918202] [tor-browser] + * Bug 30862: 10ms time precision via EXSLT date-time function [tor-browser] + * Bug 41328: Follow firefox ESMify for Bug 1308512 [tor-browser] + * Bug 42054: ESR128: investigate - thorin's list [tor-browser] + * Bug 42220: Flip all the possible preferences to prevent any automatic download [tor-browser] + * Bug 42255: pdfjs.disabled used to be part of RFP until Bug 1838415; lock pref to false in stable [tor-browser] + * Bug 42356: Review 000-tor-browser.js and 001-base-profile.js for 128 [tor-browser] + * Bug 42601: Check Bug 1894779: Allow font-face urls to be resource:// urls and relax CORS for resource:// URLs [tor-browser] + * Bug 42611: Set clipboard.imageAsFile.enabled to false [tor-browser] + * Bug 42646: Drop patch for tor-browser#40166 [tor-browser] + * Bug 42683: Create script to generate issue triage csv's from bugzilla query and git scraping [tor-browser] + * Bug 42684: Disable network prefetch [tor-browser] + * Bug 42685: compat: ESR128: enable textmetrics [tor-browser] + * Bug 42716: Disable unwanted about:* pages [tor-browser] + * Bug 42730: Make RemoteSettings use only local dumps [tor-browser] + * Bug 42746: Extend prefers-contrast rules to include forced-colors [tor-browser] + * Bug 42759: CI: remove localization file names that are in neither 14.0 nor 13.5 branches [tor-browser] + * Bug 42814: Opt out from Firefox relay by default. [tor-browser] + * Bug 42830: Enable WebAudio APIs [tor-browser] + * Bug 42831: Remove the shopping components [tor-browser] + * Bug 42867: Disable contentRelevancy component [tor-browser] + * Bug 43011: Ship only one copy of the MIT license, like upstream. [tor-browser] + * Bug 43012: Mixed content: browser requests HTTPS images from onion domain accessed via HTTP [tor-browser] + * Bug 43013: security.mixed_content.upgrade_display_content.image is true by default [tor-browser] + * Bug 43054: check bounceTrackingProtection in PB mode does not persist to disk [tor-browser] + * Bug 43074: Pass the browser to TorDomainIsolator.newCircuitForBrowser [tor-browser] + * Bug 43144: Ensure non-privacy browsing also sets the GPC header [tor-browser] + * Bug 43163: Disable offscreen canvas until verified it is not fingerprintable [tor-browser] + * Bug 43170: Disable user-agent spoofing in HTTP header [tor-browser] + * Bug 43178: Audit fingerprinting overrides (MozBug 1834274) [tor-browser] + * Bug 43184: Backport Bugzilla 1922294: RFP: fixup square spoofed orientation [tor-browser] + * Bug 43197: Disable automatic exception for HTTPS-First [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 128.3.0esr + * Updated NoScript to 11.4.42 + * Bug 40147: Re-enable Picture-in-Picture mode [tor-browser] + * Bug 41309: Re-enable screenshots component [tor-browser] + * Bug 41811: Primary buttons that result in a connection attempt should be purple [tor-browser] + * Bug 41817: Add more color aliases that take dark mode into account [tor-browser] + * Bug 41820: Downloads warning styling improvements (use moz-message-bar) [tor-browser] + * Bug 42070: Backport Bugzilla 1834307 and hide smooth-scroll UX [tor-browser] + * Bug 42212: Fluent migration: onion services [tor-browser] + * Bug 42362: "New window" missing from File menu [tor-browser] + * Bug 42441: Evaluate RR version-by-RR version rebases instead of ESR-to-ESR [tor-browser] + * Bug 42488: ESR 128: Remove role="code" from tor circuit panel [tor-browser] + * Bug 42603: Remove safebrowsing URLs [tor-browser] + * Bug 42612: Re-implement moz-toggle customizations for ESR 128 [tor-browser] + * Bug 42617: Restore the HTML form on DDG when using safest in 128 [tor-browser] + * Bug 42629: Tweak `isOnNewTabPage` patch [tor-browser] + * Bug 42630: Review LaterRun in 128 [tor-browser] + * Bug 42640: Disable Firefox Flame button due to unknown interactions with New Identity [tor-browser] + * Bug 42641: Move from panel-footer class to moz-button-group [tor-browser] + * Bug 42643: downloads panel separator has mismatched margin [tor-browser] + * Bug 42644: toolbar rules in panelUI-shared.css are unneccessary [tor-browser] + * Bug 42647: "Switching to a new device" regressed on 128 [tor-browser] + * Bug 42653: The Neterror page has a checkbox to report iframe origin errors to TPO [tor-browser] + * Bug 42662: Use data-hidden-from-search for hiding the firefox connection settings [tor-browser] + * Bug 42663: Tor Browser "Connection" settings missing a tooltip [tor-browser] + * Bug 42665: Drop "Learn More" spacing [tor-browser] + * Bug 42667: Add description-deemphasized class to our additions to about:preferences [tor-browser] + * Bug 42679: Use a more robust approach to hide the "tracking protection" urlbar button [tor-browser] + * Bug 42687: Disable Privacy-Preserving Attribution [tor-browser] + * Bug 42695: Use `--arrowpanel-` variables for tor circuit panel spacing [tor-browser] + * Bug 42698: Bridge card background contrast is low for bridge-moji [tor-browser] + * Bug 42699: Drop level="top" attribute from panels [tor-browser] + * Bug 42700: Remove !nodes condition from gTorCircuitPanel._updateCurrentBrowser [tor-browser] + * Bug 42704: Drop the badged="true" attribute from security level button [tor-browser] + * Bug 42705: Update our preferences to account for new line height [tor-browser] + * Bug 42713: Some --in-content CSS variables were renamed/removed [tor-browser] + * Bug 42718: Remove the firefox-view button from UI, even when always-on private-browsing mode is disabled [tor-browser] + * Bug 42735: Disable recent search suggestions [tor-browser] + * Bug 42740: Stop trying to hide "Restore previous session" [tor-browser] + * Bug 42742: Inconsistent use of "New private window" vs "New window" [tor-browser] + * Bug 42743: Invalid onion sites are shown as secure in the page info window [tor-browser] + * Bug 42744: Light theme override for "about:tor" is inherited by chrome error pages. [tor-browser] + * Bug 42745: Remove some residuals from update scripts [tor-browser] + * Bug 42764: Unconditionally disable find-bar transition animation [tor-browser] + * Bug 42777: Remove 'Website Privacy Preferences' and ensure sensible default prefs [tor-browser] + * Bug 42803: Lost focus styling for built-in bridges radio options [tor-browser] + * Bug 42806: Use the `lh` CSS unit [tor-browser] + * Bug 42872: Disable translations until audited and solved the UX problems [tor-browser] + * Bug 43015: Missing region-name-skr fluent entry when fetching TorConnect country names [tor-browser] + * Bug 43067: Use html:link rather than xml-stylesheet in our dialogs [tor-browser] + * Bug 43071: Make sure "tor-button" elements that are also "primary" still use the tor colors [tor-browser] + * Bug 43072: moz-message-bar does not get announced on Orca screen-reader [tor-browser] + * Bug 43075: Should we drop link spacing in about:tor [tor-browser] + * Bug 43081: Remove hard-coded CSS `line-height` [tor-browser] + * Bug 43082: Search engine icon is not shown while typing in the address bar [tor-browser] + * Bug 43083: Backport fix for Mozilla 1436462 [tor-browser] + * Bug 43087: Onion pattern on about:torconnect needs a dark theme asset [tor-browser] + * Bug 43103: Verify whether an update is unsupported before choosing one [tor-browser] + * Bug 43104: Local files and extensions can't be loaded in new windows before bootstrap [tor-browser] + * Bug 43105: Migrating Disconnect is not needed anymore [tor-browser] + * Bug 43109: Remove mention of Firefox Relay from settings [tor-browser] + * Bug 43115: Height of search bar has collapsed on about:tor [tor-browser] + * Bug 43117: Hide 'Always underline links' option [tor-browser] + * Bug 43118: hide CFR [tor-browser] + * Bug 43131: Reduce layout jank when loading about:tor [tor-browser] + * Bug 43134: Backport Bugzilla 1436226 Hardcode VP8/VP9 [tor-browser] + * Bug 43164: Prevent search-bar from being auto-hidden when not used for awhile [tor-browser] + * Bug 43169: compat: align userAgent in navigator + HTTP Header [tor-browser] + * Bug 43174: Issue with custom home page on local filesystem [tor-browser] + * Bug 43209: UI freezes when clipboard is empty after screen lock [tor-browser] + * Bug 43217: Fullscreen videos have rounded letterboxing corners [tor-browser] + * Bug 43218: Switch to browser.reload, since Browser:Reload signal was dropped upstream [tor-browser] + * Bug 41248: Check and update bundled font versions [tor-browser-build] + * Windows + macOS + * Bug 43021: Revert the OS deprecation notification introduced in #42347 [tor-browser] + * macOS + Linux + * Bug 42467: Make OS HTTP User-Agent OS spoofing configurable by pref [tor-browser] + * Windows + * Bug 43051: windows: remove UI for "open Tor Browser automatically when computer starts" [tor-browser] + * macOS + * Bug 42494: mac: add Arial Black and Arial Narrow to allowlist [tor-browser] + * Linux + * Bug 42702: Cannot access the clipboard for the crypto address check (wayland) [tor-browser] + * Bug 42773: Replace ~ with the original HOME [tor-browser] + * Bug 43092: Disable Wayland by default in 14.0 [tor-browser] + * Bug 43101: Security features warning links to Firefox installation support page with incomplete info [tor-browser] + * Bug 43141: Hardcode Arimo as a system-ui font [tor-browser] + * Bug 43196: Remove the vendor name from the "is playing media" notification on Linux [tor-browser] + * Bug 41237: Add some aliases to our Linux font config for compatibility [tor-browser-build] + * Android + * Updated GeckoView to 128.3.0esr + * Bug 41550: Remove unused extensions from Tor Browser for Android [tor-browser] + * Bug 42386: Remove unused assets to reduce APK size [tor-browser] + * Bug 42590: “Tor browser” text in top left of home fragment/new tab view gets cut off with larger text sizes [tor-browser] + * Bug 42655: Implement "New circuit for this site" on Android [tor-browser] + * Bug 42660: Review the patch on Android's ProxySelector [tor-browser] + * Bug 42731: Verify `privacy.spoof_english` still works once we have Android builds [tor-browser] + * Bug 42954: Remove product recommendation API integration (Review Mozilla 1857215) [tor-browser] + * Bug 43006: Disable RFP for Font Visibility on Android [tor-browser] + * Bug 43016: Re-disable Nimbus [tor-browser] + * Bug 43043: Remove credit card autofill UI elements from menu [tor-browser] + * Bug 43048: Firefox logo on splash [tor-browser] + * Bug 43050: Center text in connect buttons [tor-browser] + * Bug 43052: Remove non private tabs icon and "other device tabs" from tab view [tor-browser] + * Bug 43057: fenix/.../search/list.json failing linting [tor-browser] + * Bug 43078: Disable Sharing Links to TBA [tor-browser] + * Bug 43088: Query stripping is disabled on Android [tor-browser] + * Bug 43094: Remove "Open in regular tab" button [tor-browser] + * Bug 43097: NoScript fails to install on Android [tor-browser] + * Bug 43102: Android notifications tell to make Firefox your default browser [tor-browser] + * Bug 43108: Backport Android fullscreen notifications refactoring on ESR128 [tor-browser] + * Bug 43114: Reader view uses the catch-all circuit on Android [tor-browser] + * Bug 43116: The lack of GeoIP databases produces a lot of spam in the console on Android [tor-browser] + * Bug 43128: Use DuckDuckGo HTML on the Safest security level for Android [tor-browser] + * Bug 43129: about:neterror cannot display SVG on Android with Security Level Safest [tor-browser] + * Bug 43132: Enable extensions installation on Tor Browser 14 for Android. [tor-browser] + * Bug 43146: Update the icon of DuckDuckGo onion search engine on Android [tor-browser] + * Bug 43147: Remove unused search plugins from the apk files [tor-browser] + * Bug 43151: MOZ_DATA_REPORTING, MOZ_TELEMETRY_REPORTING, MOZ_CRASHREPORTER, and MOZ_BACKGROUNDTASKS enabled on Android [tor-browser] + * Bug 43172: remove remote settings and SERPTelemetry [tor-browser] + * Bug 43202: Extensions page unnecessarily fetches recommended addons on Android [tor-browser] + * Bug 43223: Hide option to open bookmarks in non-private tabs on Android [tor-browser] + * Bug 43225: Hide non-private tab settings and history search on Android [tor-browser] + * Bug 43227: Hide the Firefox Suggest label above search suggestions on Android [tor-browser] + * Bug 43228: Fix the "What's new" URL and text on Android [tor-browser] + * Bug 41223: Tor Browser Alpha version not displayed correctly [tor-browser-build] + * Build System + * All Platforms + * Updated Go to 1.22.8 + * Bug 42722: clang-format and localization linters are not running [tor-browser] + * Bug 42799: Do not run lint pipelines on new tag [tor-browser] + * Bug 43014: Add purgecaches to the dev build [tor-browser] + * Bug 43156: Update translation CI to account for the extended 13.5 release [tor-browser] + * Bug 43157: Move tb-dev to base-browser [tor-browser] + * Bug 43181: Run translation CI if there is a change in a string.xml file [tor-browser] + * Bug 41013: Add a README to each project [tor-browser-build] + * Bug 41096: Set SOURCE_DATE_EPOCH in the default env variables [tor-browser-build] + * Bug 41155: Update toolchains for ESR128 [tor-browser-build] + * Bug 41156: Split the Rust configuration options [tor-browser-build] + * Bug 41180: Some files do not need to be copied when building tor-expert-bundle [tor-browser-build] + * Bug 41188: Upgrade binutils to 2.41 [tor-browser-build] + * Bug 41189: Add matzfan to list of downstream projects in alpha release-prep template [tor-browser-build] + * Bug 41195: Update Go to 1.22 [tor-browser-build] + * Bug 41198: Update release-prep issue template to include notifiying anti-censorship team of package name changes for GetTor distributor [tor-browser-build] + * Bug 41203: Tor Blog generation script uses the wrong url scheme for alpha releases [tor-browser-build] + * Bug 41236: Remove binutils when not needed [tor-browser-build] + * Bug 41273: relprep.py: bump Firefox and GV to a (yet) non-existing tag when the last one does not match HEAD [tor-browser-build] + * Bug 41274: Improve fetch_changelogs.py for major releases [tor-browser-build] + * Bug 40078: Update tools/tb-build-06-start-nightly-build after tor-browser-build#40829 [tor-browser-bundle-testsuite] + * Windows + macOS + Linux + * Bug 42668: Drop torconnect rule in eslint-plugin-mozilla [tor-browser] + * Bug 41247: Adapt tools/update-responses/update_responses to support multiple versions in the same xml files [tor-browser-build] + * Bug 41256: tools/signing/upload-update_responses-to-staticiforme should regenerate update-responses when it already exists [tor-browser-build] + * Bug 41259: Don't try to generate incrementals for versions which don't set incremental_from [tor-browser-build] + * Bug 41270: Add updater rewriterules to make 13.5.7 a watershed [tor-browser-build] + * Windows + macOS + * Bug 41197: Modify update-responses to prevent upgrades on unsupported Windows and macOS versions [tor-browser-build] + * Windows + * Bug 29318: Drop mingw-w64/gcc toolchain [tor-browser-build] + * Bug 29320: Use mingw-w64/clang toolchain to build Rust [tor-browser-build] + * Bug 41185: Drop Windows 7 support for 14.0 from build tools [tor-browser-build] + * Bug 41201: Bump the Windows version checked by the installer [tor-browser-build] + * macOS + * Bug 41267: Go dropping support for macOS <= 11.0 in Go 1.23 [tor-browser-build] + * Android + * Bug 42480: Use translation CI in android [tor-browser] + * Bug 40544: Bump Java 8 version to something more recent [tor-browser-build] + * Bug 41106: Non matching builds after application-services not being rebuilt in a long time [tor-browser-build] + * Bug 41123: Drop the firefox-android project [tor-browser-build] + * Bug 41171: Switch Android containers to Debian bookworm [tor-browser-build] + * Bug 41172: Refactor the android-toolchain project [tor-browser-build] + * Bug 41178: Force IPv4 when downloading in fix_gradle_deps.py [tor-browser-build] + * Bug 41200: Remove allowed_addons.json and the related tools [tor-browser-build] + * Bug 41210: Use tor-expert-bundle-aar in geckoview/build_apk [tor-browser-build] + * Bug 41211: The Android license file is not deterministic anymore [tor-browser-build] + * Bug 41214: Update geckoview/config to be more like firefox/config [tor-browser-build] + * Bug 41217: Update realprep.py script to handle Firefox 128-based Tor Browser Android [tor-browser-build] + * Bug 41224: Do not ship Conjure and GeoIP databases on Android x86, x86-64 to save some space [tor-browser-build] + * Bug 41232: Re-implement single-arch builds after the monorepo migration [tor-browser-build] + * Bug 41234: More dependencies are needed when building Android as a release [tor-browser-build] + * Bug 41261: Use an uncompressed NoScript xpi file to improve apk compression [tor-browser-build] + +Tor Browser 13.5.8 - October 14 2024 + * Android + * Updated NoScript to 11.4.42 + * Bug 43099: YEC 2024 Takeover for Android Stable [tor-browser] + * Bug 43173: Backport security fixes from Firefox 131 [tor-browser] + Tor Browser 14.0a9 - October 08 2024 * All Platforms * Bug 43197: Disable automatic exception for HTTPS-First [tor-browser] ===================================== projects/browser/config ===================================== @@ -108,9 +108,9 @@ input_files: enable: '[% ! c("var/android") %]' - filename: Bundle-Data enable: '[% ! c("var/android") %]' - - URL: https://addons.mozilla.org/firefox/downloads/file/4357325/noscript-11.4.40.… + - URL: https://addons.mozilla.org/firefox/downloads/file/4363712/noscript-11.4.42.… name: noscript - sha256sum: 242ead426159d871480a13062cbee08abc97da746cdc5c643aee2692e9adbbb2 + sha256sum: fd2d420afd93829bb6fe30ec6f8ba926d3d54d7583b8bbd822053b8cd13c0472 - URL: https://addons.mozilla.org/firefox/downloads/file/4359936/ublock_origin-1.6… name: ublock-origin sha256sum: e2cda9b2a1b0a7f6e5ef0da9f87f28df52f8560587ba2e51a3003121cfb81600 ===================================== projects/firefox/config ===================================== @@ -19,7 +19,7 @@ var: browser_series: '14.0' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 4 + browser_build: 6 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' ===================================== projects/geckoview/config ===================================== @@ -21,7 +21,7 @@ var: browser_series: '14.0' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 4 + browser_build: 6 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' ===================================== projects/manual/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 # To update, see doc/how-to-update-the-manual.txt # Remember to update also the package's hash, with the version! -version: 210938 +version: 214072 filename: 'manual-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -23,6 +23,6 @@ input_files: - project: container-image - URL: 'https://build-sources.tbb.torproject.org/manual_[% c("version") %].zip' name: manual - sha256sum: eb83259f0525a14dae1a1c3944e1e5ac3a2f8111a42834ab0f401628c8a38791 + sha256sum: 744fc65f6dd2cc2b85f4927fbb55ff6e17f06b9c99bd0bae7a311d732438b818 - filename: packagemanual.py name: package_script ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: ceb66dd0937da14962cb535699242b2526e11f02 + git_hash: 547400dd678f476ec38efde2cf703d57c1a3e8c7 targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: dbf1454fdbd3256d65985cc1c46391ce0ec159e7 + git_hash: 38d5c3b11cfb96833ae2c7dc3122829b29583d6f targets: nightly: git_hash: 'tor-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: 669ea989fa07933df7ab03ec0077e166e0dcc961 + git_hash: 705bbd235cadf827b6d4e0003d59c290f2feaa44 compress_tar: 'zst' targets: nightly: ===================================== rbm.conf ===================================== @@ -73,21 +73,21 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '14.0a9' + torbrowser_version: '14.0' torbrowser_build: 'build1' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. - browser_release_date: '2024/10/08 20:33:09' + browser_release_date: '2024/10/16 16:45:00' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: - - 14.0a8 - - 14.0a7 - - 14.0a6 + - 13.5.7 + - 13.5.6 + - 13.5.5 mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' - torbrowser_legacy_version: 13.5a11 + torbrowser_legacy_version: 13.5.7 torbrowser_legacy_platform_version: 115.16.0 # By default, we sort the list of installed packages. This allows sharing View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-128.3.0esr-14.0-1-build6
by morgan (＠morgan) 21 Oct '24

21 Oct '24

morgan pushed new tag tor-browser-128.3.0esr-14.0-1-build6 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new branch mullvad-browser-115.17.0esr-13.5-1
by Pier Angelo Vendrame (＠pierov) 21 Oct '24

21 Oct '24

Pier Angelo Vendrame pushed new branch mullvad-browser-115.17.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new branch tor-browser-115.17.0esr-13.5-1
by Pier Angelo Vendrame (＠pierov) 21 Oct '24

21 Oct '24

Pier Angelo Vendrame pushed new branch tor-browser-115.17.0esr-13.5-1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0