- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build][main] Bug 41063: Run "file $keyring" in tools/keyring/list-all-keyrings
by richard (＠richard) 11 Jan '24

11 Jan '24

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 0fe87b4a by Nicolas Vigier at 2024-01-11T10:47:16+01:00 Bug 41063: Run "file $keyring" in tools/keyring/list-all-keyrings - - - - - 1 changed file: - tools/keyring/list-all-keyrings Changes: ===================================== tools/keyring/list-all-keyrings ===================================== @@ -6,5 +6,6 @@ set -e cd $(dirname "$0")/../.. for keyring in ./keyring/*.gpg do + file "$keyring" gpg --no-auto-check-trustdb --list-options show-unusable-subkeys,show-keyring --no-default-keyring --list-keys --keyring "$keyring" done View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher][main] Depend on dbus-glib
by boklm (＠boklm) 11 Jan '24

11 Jan '24

boklm pushed to branch main at The Tor Project / Applications / torbrowser-launcher Commits: 961da39f by Vecna at 2024-01-11T09:57:30+00:00 Depend on dbus-glib - - - - - 1 changed file: - build_rpm.sh Changes: ===================================== build_rpm.sh ===================================== @@ -6,7 +6,7 @@ VERSION=$(cat share/torbrowser-launcher/version) rm -r build dist # build binary package -python3 setup.py bdist_rpm --requires="python3-qt5, python3-gpg, python3-requests, python3-pysocks, python3-packaging, gnupg2" +python3 setup.py bdist_rpm --requires="python3-qt5, python3-gpg, python3-requests, python3-pysocks, python3-packaging, gnupg2, dbus-glib" # install it echo "" View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher][main] 2 commits: Update Copyright lines (#11)
by boklm (＠boklm) 10 Jan '24

10 Jan '24

boklm pushed to branch main at The Tor Project / Applications / torbrowser-launcher Commits: e5b82a62 by Nicolas Vigier at 2024-01-10T09:47:10+01:00 Update Copyright lines (#11) - - - - - 6f55236b by Nicolas Vigier at 2024-01-10T09:47:11+01:00 Update torbrowser_launcher.pot - - - - - 8 changed files: - LICENSE - setup.py - share/metainfo/org.torproject.torbrowser-launcher.metainfo.xml - torbrowser-launcher - torbrowser_launcher.pot - torbrowser_launcher/__init__.py - torbrowser_launcher/launcher.py - torbrowser_launcher/settings.py Changes: ===================================== LICENSE ===================================== @@ -1,4 +1,5 @@ Copyright (c) 2013-2023 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2024 Tor Project Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation ===================================== setup.py ===================================== @@ -2,7 +2,8 @@ Tor Browser Launcher https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/ -Copyright (c) 2013-2017 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2013-2023 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2024 Tor Project Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation @@ -100,6 +101,8 @@ setup( version=version, author="Micah Lee", author_email="micah(a)micahflee.com", + maintainer="Nicolas Vigier", + maintainer_email="boklm(a)torproject.org", url="https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/", platforms=["GNU/Linux"], license="MIT", ===================================== share/metainfo/org.torproject.torbrowser-launcher.metainfo.xml ===================================== @@ -1,5 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> - + + <component type="desktop-application"> <id>org.torproject.torbrowser-launcher</id> <launchable type="desktop-id">torbrowser.desktop</launchable> @@ -27,7 +28,7 @@ </screenshot> </screenshots> <url type="homepage">https://gitlab.torproject.org/tpo/applications/torbrowser-launcher</url> - <update_contact>micah(a)micahflee.com</update_contact> + <update_contact>boklm(a)torproject.org</update_contact> <content_rating type="oars-1.1"/> <releases> <release version="0.3.6" date="2022-12-13"/> ===================================== torbrowser-launcher ===================================== @@ -3,7 +3,8 @@ Tor Browser Launcher https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/ -Copyright (c) 2013-2017 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2013-2023 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2024 Tor Project Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation ===================================== torbrowser_launcher.pot ===================================== @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2018-03-23 15:47-0700\n" +"POT-Creation-Date: 2024-01-09 17:04+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL(a)li.org>\n" @@ -17,153 +17,154 @@ msgstr "" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" -#: __init__.py:65 launcher.py:470 +#: __init__.py:76 launcher.py:520 msgid "Tor Browser Launcher" msgstr "" -#: __init__.py:66 -msgid "By Micah Lee, licensed under MIT" +#: __init__.py:77 +msgid "By Micah Lee & Tor Project, licensed under MIT" msgstr "" -#: __init__.py:67 +#: __init__.py:78 #, python-brace-format msgid "version {0}" msgstr "" -#: common.py:100 +#: common.py:90 #, python-brace-format msgid "Error creating {0}" msgstr "" -#: common.py:102 common.py:180 +#: common.py:187 #, python-brace-format -msgid "{0} is not writable" +msgid "Renamed {0} to {1}" msgstr "" -#: common.py:177 +#: common.py:201 #, python-brace-format msgid "Cannot create directory {0}" msgstr "" -#: common.py:187 +#: common.py:204 +#, python-brace-format +msgid "{0} is not writable" +msgstr "" + +#: common.py:211 msgid "Creating GnuPG homedir" msgstr "" -#: common.py:254 +#: common.py:302 #, python-format msgid "Could not import key with fingerprint: %s." msgstr "" -#: common.py:259 +#: common.py:309 msgid "Not all keys were imported successfully!" msgstr "" -#: launcher.py:83 +#: launcher.py:87 msgid "Downloading Tor Browser for the first time." msgstr "" -#: launcher.py:85 +#: launcher.py:90 msgid "" "Your version of Tor Browser is out-of-date. Downloading the newest version." msgstr "" -#: launcher.py:100 +#: launcher.py:111 msgid "Downloading over Tor" msgstr "" -#: launcher.py:111 +#: launcher.py:122 msgid "Tor Browser" msgstr "" -#: launcher.py:128 +#: launcher.py:141 msgid "Start" msgstr "" -#: launcher.py:174 +#: launcher.py:191 msgid "Yes" msgstr "" -#: launcher.py:178 +#: launcher.py:195 msgid "Exit" msgstr "" -#: launcher.py:192 settings.py:136 +#: launcher.py:209 settings.py:136 msgid "Cancel" msgstr "" -#: launcher.py:231 launcher.py:245 launcher.py:249 launcher.py:279 -#: launcher.py:281 +#: launcher.py:246 launcher.py:267 launcher.py:276 launcher.py:315 +#: launcher.py:318 msgid "Downloading" msgstr "" -#: launcher.py:238 +#: launcher.py:257 msgid "Latest version: {}" msgstr "" -#: launcher.py:241 +#: launcher.py:261 msgid "Error detecting Tor Browser version." msgstr "" -#: launcher.py:256 launcher.py:357 +#: launcher.py:291 launcher.py:389 msgid "Verifying Signature" msgstr "" -#: launcher.py:260 +#: launcher.py:295 msgid "Extracting" msgstr "" -#: launcher.py:264 +#: launcher.py:299 msgid "Running" msgstr "" -#: launcher.py:268 +#: launcher.py:303 msgid "Starting download over again" msgstr "" -#: launcher.py:279 launcher.py:295 +#: launcher.py:315 launcher.py:334 msgid "(over Tor)" msgstr "" -#: launcher.py:293 +#: launcher.py:330 msgid "Downloaded" msgstr "" -#: launcher.py:393 +#: launcher.py:431 msgid "Installing" msgstr "" -#: launcher.py:401 +#: launcher.py:440 #, python-brace-format msgid "Tor Browser Launcher doesn't understand the file format of {0}" msgstr "" -#: launcher.py:427 +#: launcher.py:471 msgid "" "The version of Tor Browser you have installed is earlier than it should be, " "which could be a sign of an attack!" msgstr "" -#: launcher.py:446 +#: launcher.py:488 msgid "Downloading Tor Browser over again." msgstr "" -#: launcher.py:516 launcher.py:525 launcher.py:533 +#: launcher.py:561 launcher.py:569 msgid "Download Error:" msgstr "" -#: launcher.py:517 +#: launcher.py:563 msgid "You are currently using a non-default mirror" msgstr "" -#: launcher.py:518 +#: launcher.py:565 msgid "Would you like to switch back to the default?" msgstr "" -#: launcher.py:527 -msgid "Would you like to try the English version of Tor Browser instead?" -msgstr "" - -#: launcher.py:548 +#: launcher.py:585 #, python-brace-format msgid "" "Invalid SSL certificate for:\n" @@ -172,11 +173,11 @@ msgid "" "You may be under attack." msgstr "" -#: launcher.py:550 +#: launcher.py:588 msgid "Try the download again using Tor?" msgstr "" -#: launcher.py:559 +#: launcher.py:598 #, python-brace-format msgid "" "Error starting download:\n" @@ -187,7 +188,7 @@ msgid "" "running?" msgstr "" -#: launcher.py:563 +#: launcher.py:604 #, python-brace-format msgid "" "Error starting download:\n" @@ -197,42 +198,38 @@ msgid "" "Are you connected to the internet?" msgstr "" -#: settings.py:46 +#: settings.py:48 msgid "Tor Browser Launcher Settings" msgstr "" -#: settings.py:50 +#: settings.py:52 msgid "Download over system Tor" msgstr "" -#: settings.py:57 -msgid "Force downloading English version of Tor Browser" -msgstr "" - -#: settings.py:66 +#: settings.py:59 msgid "Tor server" msgstr "" -#: settings.py:82 +#: settings.py:74 msgid "Status: Installed" msgstr "" -#: settings.py:84 +#: settings.py:76 msgid "Status: Not Installed" msgstr "" -#: settings.py:87 +#: settings.py:79 msgid "Install Tor Browser" msgstr "" -#: settings.py:92 +#: settings.py:86 msgid "Reinstall Tor Browser" msgstr "" -#: settings.py:115 +#: settings.py:111 msgid "Mirror" msgstr "" -#: settings.py:131 +#: settings.py:129 msgid "Save && Exit" msgstr "" ===================================== torbrowser_launcher/__init__.py ===================================== @@ -2,7 +2,8 @@ Tor Browser Launcher https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/ -Copyright (c) 2013-2021 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2013-2023 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2024 Tor Project Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation @@ -73,7 +74,7 @@ def main(): tor_browser_launcher_version = buf.read().strip() print(_("Tor Browser Launcher")) - print(_("By Micah Lee, licensed under MIT")) + print(_("By Micah Lee & Tor Project, licensed under MIT")) print(_("version {0}").format(tor_browser_launcher_version)) print("https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/") ===================================== torbrowser_launcher/launcher.py ===================================== @@ -2,7 +2,8 @@ Tor Browser Launcher https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/ -Copyright (c) 2013-2021 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2013-2023 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2024 Tor Project Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation ===================================== torbrowser_launcher/settings.py ===================================== @@ -2,7 +2,8 @@ Tor Browser Launcher https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/ -Copyright (c) 2013-2021 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2013-2023 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2024 Tor Project Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/compar… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/compar… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/firefox-android][firefox-android-115.2.1-13.5-1] 8 commits: Bug 1810776 - Move DismissedTabBackground into its own file
by Dan Ballard (＠dan) 10 Jan '24

10 Jan '24

Dan Ballard pushed to branch firefox-android-115.2.1-13.5-1 at The Tor Project / Applications / firefox-android Commits: eb11d34f by Alexandru2909 at 2024-01-10T09:23:58+01:00 Bug 1810776 - Move DismissedTabBackground into its own file - - - - - d3d59baf by DreVla at 2024-01-10T09:23:59+01:00 Bug 1828493 - Apply purple overlay on list item when in multi-select When having the list layout for tabs tray and entering multi-select mode, the selected list items should have a purple non opaque overlay on the thumbnail, as it was before in the XML implementation. - - - - - 594d50c7 by Alexandru2909 at 2024-01-10T09:23:59+01:00 Bug 1810776 - Add SwipeToDismiss to composed tabs tray - - - - - 65c66210 by Noah Bond at 2024-01-10T09:24:00+01:00 Bug 1815579 - Improve performance of image loading in tab items - - - - - 7a94beac by Noah Bond at 2024-01-10T09:24:00+01:00 Bug 1840896 - Remove `rememberSaveable` since bitmaps are not serializable - - - - - 963aaa93 by Noah Bond at 2024-01-10T09:24:01+01:00 Bug 1844967 - Improve performance of tab thumbnail loading in Compose - - - - - f6a83e7b by Matthew Tighe at 2024-01-10T09:24:01+01:00 Bug 1721904 - update thumbnail caching on app open - - - - - 4d646df9 by hackademix at 2024-01-10T10:24:54+01:00 Bug 42191: Temporary StrictMode relaxation to clear the thumbnail cache. - - - - - 30 changed files: - android-components/components/browser/state/src/main/java/mozilla/components/browser/state/action/BrowserAction.kt - android-components/components/browser/state/src/main/java/mozilla/components/browser/state/reducer/ContentStateReducer.kt - android-components/components/browser/tabstray/src/main/java/mozilla/components/browser/tabstray/TabViewHolder.kt - android-components/components/browser/tabstray/src/test/java/mozilla/components/browser/tabstray/DefaultTabViewHolderTest.kt - android-components/components/browser/thumbnails/src/main/java/mozilla/components/browser/thumbnails/ThumbnailsMiddleware.kt - android-components/components/browser/thumbnails/src/main/java/mozilla/components/browser/thumbnails/storage/ThumbnailStorage.kt - android-components/components/browser/thumbnails/src/main/java/mozilla/components/browser/thumbnails/utils/ThumbnailDiskCache.kt - android-components/components/browser/thumbnails/src/test/java/mozilla/components/browser/thumbnails/ThumbnailsMiddlewareTest.kt - android-components/components/browser/thumbnails/src/test/java/mozilla/components/browser/thumbnails/loader/ThumbnailLoaderTest.kt - android-components/components/browser/thumbnails/src/test/java/mozilla/components/browser/thumbnails/storage/ThumbnailStorageTest.kt - android-components/components/browser/thumbnails/src/test/java/mozilla/components/browser/thumbnails/utils/ThumbnailDiskCacheTest.kt - android-components/components/concept/base/src/main/java/mozilla/components/concept/base/images/ImageRequest.kt - fenix/app/src/main/java/org/mozilla/fenix/browser/TabPreview.kt - fenix/app/src/main/java/org/mozilla/fenix/browser/ToolbarGestureHandler.kt - + fenix/app/src/main/java/org/mozilla/fenix/compose/SwipeToDismiss.kt - + fenix/app/src/main/java/org/mozilla/fenix/compose/TabThumbnail.kt - fenix/app/src/main/java/org/mozilla/fenix/compose/ThumbnailCard.kt - + fenix/app/src/main/java/org/mozilla/fenix/compose/ThumbnailImage.kt - fenix/app/src/main/java/org/mozilla/fenix/compose/list/ListItem.kt - + fenix/app/src/main/java/org/mozilla/fenix/compose/tabstray/DismissedTabBackground.kt - fenix/app/src/main/java/org/mozilla/fenix/compose/tabstray/TabGridItem.kt - fenix/app/src/main/java/org/mozilla/fenix/compose/tabstray/TabListItem.kt - fenix/app/src/main/java/org/mozilla/fenix/home/collections/CollectionItem.kt - fenix/app/src/main/java/org/mozilla/fenix/home/recentsyncedtabs/view/RecentSyncedTab.kt - fenix/app/src/main/java/org/mozilla/fenix/home/recentsyncedtabs/view/RecentSyncedTabViewHolder.kt - fenix/app/src/main/java/org/mozilla/fenix/home/recenttabs/view/RecentTabViewHolder.kt - fenix/app/src/main/java/org/mozilla/fenix/home/recenttabs/view/RecentTabs.kt - fenix/app/src/main/java/org/mozilla/fenix/tabstray/TabsTray.kt - fenix/app/src/main/java/org/mozilla/fenix/tabstray/TabsTrayFragment.kt - fenix/app/src/main/java/org/mozilla/fenix/tabstray/TabsTrayTabLayouts.kt The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/c1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/c1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 41059: Update keyring/torbrowser.gpg with updated key
by richard (＠richard) 10 Jan '24

10 Jan '24

richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 2a253fd5 by Nicolas Vigier at 2024-01-10T15:55:56+00:00 Bug 41059: Update keyring/torbrowser.gpg with updated key Tor Browser gpg key has been updated with a new expiration date on its current subkey. (cherry picked from commit 07f2eaceff557d7dbb10123d7af9cec752f0e6f8) - - - - - 1 changed file: - keyring/torbrowser.gpg Changes: ===================================== keyring/torbrowser.gpg ===================================== Binary files a/keyring/torbrowser.gpg and b/keyring/torbrowser.gpg differ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41059: Update keyring/torbrowser.gpg with updated key
by richard (＠richard) 10 Jan '24

10 Jan '24

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 07f2eace by Nicolas Vigier at 2024-01-10T15:54:54+00:00 Bug 41059: Update keyring/torbrowser.gpg with updated key Tor Browser gpg key has been updated with a new expiration date on its current subkey. - - - - - 1 changed file: - keyring/torbrowser.gpg Changes: ===================================== keyring/torbrowser.gpg ===================================== Binary files a/keyring/torbrowser.gpg and b/keyring/torbrowser.gpg differ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 2 commits: Bug 40606: Use Clang to compile NSIS
by Pier Angelo Vendrame (＠pierov) 10 Jan '24

10 Jan '24

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 3c17b385 by Pier Angelo Vendrame at 2024-01-10T10:10:45+01:00 Bug 40606: Use Clang to compile NSIS NSIS officially supports only MSVC and GCC as compilers, so it was one of the two projects forcing us to keep a GCC toolchain for Windows. With this commit, we adapt the tricks Mozilla uses to build NSIS with Clang, and remove the dependency on mingw-w64. The main trick is to use the GNU assembler instead of Clang's internal one to build NSIS's system plugin. Luckily, it can be found in binutils, without a full GCC build. - - - - - 018b7e26 by Pier Angelo Vendrame at 2024-01-10T11:11:19+01:00 Bug 40900: Update NSIS to 3.09. The update allows us to delete the no-reloc-section patch, and while we are at it, we can replace the no-insert-timestamp patch with SOURCE_DATE_EPOCH, which we set as the creation date of the Source directory form the tarball. - - - - - 5 changed files: - projects/nsis/build - projects/nsis/config - − projects/nsis/no-insert-timestamp.patch - − projects/nsis/no-reloc-section.diff - + projects/nsis/resource-reproducible.diff Changes: ===================================== projects/nsis/build ===================================== @@ -4,21 +4,41 @@ mkdir -p /var/tmp/build tar -C /var/tmp/build -xf nsis-[% c('version') %].tar.bz2 +# We need the GNU assembler for the system plugin +tar -C /var/tmp/dist -xf [% c('input_files_by_name/binutils') %] + # NSIS requires zlib and we later set the path using ZLIB_W32. tar -C /var/tmp/build -xf [% c('input_files_by_name/zlib') %] +# This trick is adapted from Firefox's +# taskcluster/scripts/misc/build-mingw32-nsis.sh +compiler_prefix=/var/tmp/dist/mingw-w64-clang/bin/[% c("arch") %]-w64-mingw32 +cat <<'EOF' >"$compiler_prefix-gcc" +#!/bin/sh +# SCons ignores the external $PATH, so we add binutils here. +export PATH=/var/tmp/dist/binutils/bin:$PATH +case "$@" in +*/Call*.S) + $(dirname $0)/[% c("arch") %]-w64-mingw32-clang -fno-integrated-as "$@" + ;; +*) + $(dirname $0)/[% c("arch") %]-w64-mingw32-clang "$@" + ;; +esac +EOF + +chmod +x "$compiler_prefix-gcc" +ln -s "$compiler_prefix-clang++" "$compiler_prefix-g++" + cd /var/tmp/build/nsis-[% c('version') %]-src -# Adding --no-insert-timestamp to APPEND_LINKFLAGS is not working as it -# is used for both the host and cross-compiled parts, but this option is -# only valid for the Windows linker. Therefore we add it using a patch -# to the cross-compilation part only. Still needed as of 3.06.1, see: #40090. -patch -p1 < $rootdir/no-insert-timestamp.patch -# tor-browser-build#40822: NSIS adds a flag to tell it supports ASLR, but it -# does so only to pass MS certifications. According to the NSIS forums, they -# intended not to ship the .reloc to save space. But, according to the bug -# tracker, binutils 2.36 started adding a .reloc section by default, and we need -# to disable it with this patch. -patch -p1 < $rootdir/no-reloc-section.diff + +# These two sed commands also come from build-mingw32-nsis.sh +sed -i 's/-Wl,--exclude-libs,msvcrt.a/-Wl,-Xlink=-fixed/' SCons/Config/gnu +sed -i '2i extern "C"' SCons/Config/{memcpy,memset}.c + +export SOURCE_DATE_EPOCH=$(stat -c '%Y' Source) +# Resource.dll does not obey the source date epoch... +patch -p1 < "$rootdir/resource-reproducible.diff" [% IF c("var/windows-x86_64") %] # Seems like setting TARGET_ARCH is not enough so we need to patch build.cpp @@ -30,8 +50,7 @@ patch -p1 < $rootdir/no-reloc-section.diff [% END %] [% SET scons_args = 'VERSION=' _ c("version") - _ ' APPEND_CCFLAGS="-fgnu89-inline"' - _ " SKIPUTILS='NSIS Menu' XGCC_W32_PREFIX=" _ c("arch") _ "-w64-mingw32-" + _ " SKIPUTILS='NSIS Menu,Makensisw' XGCC_W32_PREFIX=" _ c("arch") _ "-w64-mingw32-" _ " TARGET_ARCH=" _ target _ " ZLIB_W32=/var/tmp/build/zlib/" _ ' PREFIX=/var/tmp/dist/nsis' -%] ===================================== projects/nsis/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 3.08 +version: 3.09 filename: 'nsis-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -11,21 +11,16 @@ var: - zlib1g-dev - libcppunit-dev - xsltproc - # NSIS has an assembly part that cannot be compiled with Clang. - # Mozilla uses -fno-integrated-as (see - # taskcluster/scripts/misc/build-mingw32-nsis.sh) but for some reason this - # does not seem to work for us, so just keep GCC for the moment, since we are - # already using it for Rust anyway. - compiler: mingw-w64 input_files: - project: container-image - filename: 'nsis-[% c("version") %].tar.bz2' URL: 'https://downloads.sourceforge.net/nsis/nsis-[% c("version") %]-src.tar.bz2' - sha256sum: a85270ad5386182abecb2470e3d7e9bec9fe4efd95210b13551cb386830d1e87 - - filename: no-insert-timestamp.patch - - filename: no-reloc-section.diff + sha256sum: 0cd846c6e9c59068020a87bfca556d4c630f2c5d554c1098024425242ddc56e2 - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' + - name: binutils + project: binutils - name: zlib project: zlib + - filename: resource-reproducible.diff ===================================== projects/nsis/no-insert-timestamp.patch deleted ===================================== @@ -1,27 +0,0 @@ -diff -ur nsis-3.03-src/SCons/Config/gnu nsis-3.03-src.n/SCons/Config/gnu ---- nsis-3.03-src/SCons/Config/gnu 2017-10-06 15:30:20.000000000 -0400 -+++ nsis-3.03-src.n/SCons/Config/gnu 2018-06-17 13:26:05.945495151 -0400 -@@ -102,6 +102,7 @@ - stub_env.Append(LINKFLAGS = ['$NODEFLIBS_FLAG']) # no standard libraries - stub_env.Append(LINKFLAGS = ['$ALIGN_FLAG']) # 512 bytes align - stub_env.Append(LINKFLAGS = ['$MAP_FLAG']) # generate map file -+stub_env.Append(LINKFLAGS = ['-Wl,--no-insert-timestamp']) # remove timestamps for reproducible builds - - stub_uenv = stub_env.Clone() - stub_uenv.Append(CPPDEFINES = ['_UNICODE', 'UNICODE']) -@@ -142,6 +143,7 @@ - plugin_env.Append(LINKFLAGS = ['$MAP_FLAG']) # generate map file - plugin_env.Append(LINKFLAGS = ['-static-libgcc']) # remove libgcc*.dll dependency - plugin_env.Append(LINKFLAGS = ['-static-libstdc++']) # remove libstdc++*.dll dependency -+plugin_env.Append(LINKFLAGS = ['-Wl,--no-insert-timestamp']) # remove timestamps for reproducible builds - - plugin_uenv = plugin_env.Clone() - plugin_uenv.Append(CPPDEFINES = ['_UNICODE', 'UNICODE']) -@@ -181,6 +183,7 @@ - - util_env.Append(LINKFLAGS = ['-mwindows']) # build windows executables - util_env.Append(LINKFLAGS = ['$ALIGN_FLAG']) # 512 bytes align -+util_env.Append(LINKFLAGS = ['-Wl,--no-insert-timestamp']) # remove timestamps for reproducible builds - - - conf = FlagsConfigure(util_env) ===================================== projects/nsis/no-reloc-section.diff deleted ===================================== @@ -1,14 +0,0 @@ -diff -Naur nsis-3.08-orig/SCons/Config/gnu nsis-3.08-src/SCons/Config/gnu ---- nsis-3.08-orig/SCons/Config/gnu 2023-03-23 09:22:46.315471779 +0100 -+++ nsis-3.08-src/SCons/Config/gnu 2023-03-23 09:24:05.260933879 +0100 -@@ -103,6 +103,10 @@ - stub_env.Append(LINKFLAGS = ['$ALIGN_FLAG']) # 512 bytes align - stub_env.Append(LINKFLAGS = ['$MAP_FLAG']) # generate map file - -+# https://sourceforge.net/p/nsis/bugs/1283/?limit=25#e303, -+# https://sourceforge.net/p/nsis/bugs/1283/?limit=25#e303/e90f -+stub_env.Append(LINKFLAGS = ['-Wl,--disable-reloc-section']) -+ - conf = FlagsConfigure(stub_env) - conf.CheckCompileFlag('-fno-tree-loop-distribute-patterns') # GCC 10: Don't generate msvcrt!memmove calls (bug #1248) - conf.Finish() ===================================== projects/nsis/resource-reproducible.diff ===================================== @@ -0,0 +1,10 @@ +diff '--color=auto' -rupN nsis-3.09-orig/Contrib/System/SConscript nsis-3.09-src/Contrib/System/SConscript +--- nsis-3.09-orig/Contrib/System/SConscript 2024-01-10 11:07:15.161175520 +0100 ++++ nsis-3.09-src/Contrib/System/SConscript 2024-01-10 11:08:47.338628667 +0100 +@@ -76,4 +76,5 @@ resources = Split(""" + + env.Depends(res_target, resources) + +-env.SharedLibrary('Resource', res_target + res_main) ++resource = env.SharedLibrary('Resource', res_target + res_main) ++env.MakeReproducible(resource) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/firefox-android][firefox-android-115.2.1-13.5-1] 2 commits: fixup! Bug 1823316 - Use 'Snackbar' themed Dialog to notify on making app full-screen
by ma1 (＠ma1) 10 Jan '24

10 Jan '24

ma1 pushed to branch firefox-android-115.2.1-13.5-1 at The Tor Project / Applications / firefox-android Commits: a57e5d10 by hackademix at 2024-01-10T08:41:06+01:00 fixup! Bug 1823316 - Use 'Snackbar' themed Dialog to notify on making app full-screen Fix tor-browser#42355 backporting regression. - - - - - c1397e81 by t-p-white at 2024-01-10T08:41:06+01:00 Bug 1864549 - Fix for IllegalStateException in full screen notification dialog - - - - - 2 changed files: - android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/dialog/FullScreenNotificationDialog.kt - fenix/app/src/main/java/org/mozilla/fenix/browser/BaseBrowserFragment.kt Changes: ===================================== android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/dialog/FullScreenNotificationDialog.kt ===================================== @@ -59,11 +59,12 @@ class FullScreenNotificationDialog(@LayoutRes val layout: Int) : window.setGravity(Gravity.BOTTOM) window.clearFlags(WindowManager.LayoutParams.FLAG_DIM_BEHIND) } + } - lifecycleScope.launch { - delay(SNACKBAR_DURATION_LONG_MS) - dismiss() - } + // Attempt to automatically dismiss the dialog after the given duration. + lifecycleScope.launch { + delay(SNACKBAR_DURATION_LONG_MS) + dialog?.dismiss() } } } ===================================== fenix/app/src/main/java/org/mozilla/fenix/browser/BaseBrowserFragment.kt ===================================== @@ -1491,6 +1491,7 @@ abstract class BaseBrowserFragment : parentFragmentManager, ) + activity?.enterToImmersiveMode() (view as? SwipeGestureLayout)?.isSwipeEnabled = false browserToolbarView.collapse() browserToolbarView.view.isVisible = false View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/be… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/be… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 41058: Update Snowflake to 2.8.1
by richard (＠richard) 09 Jan '24

09 Jan '24

richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: d7ba22ea by Richard Pospesel at 2024-01-09T17:39:48+00:00 Bug 41058: Update Snowflake to 2.8.1 (cherry picked from commit 4ea089e41deb39fd5837eca71a29274dcb60c9fc) - - - - - 1 changed file: - projects/snowflake/config Changes: ===================================== projects/snowflake/config ===================================== @@ -1,7 +1,9 @@ # vim: filetype=yaml sw=2 version: '[% c("abbrev") %]' git_url: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… -git_hash: b5d702f48315ee7dc718496dc6996f266e0ba047 #v2.6.1 +git_hash: v2.8.1 +gpg_keyring: anti-censorship.gpg +tag_gpg_id: 1 container: use_container: 1 @@ -20,6 +22,6 @@ steps: pkg_type: go_vendor project: snowflake norec: - sha256sum: 47ba1520df228ecffcf48ea4d826a365f39f31d9122200dd993c437cf347dc09 + sha256sum: 6e41846a6d3e94891847d74ac08c6888c1540e0b0680ed3900ca54d7c35e1752 target_replace: '^torbrowser-(?!testbuild).*': 'torbrowser-linux-x86_64' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41058: Update Snowflake to 2.8.1
by richard (＠richard) 09 Jan '24

09 Jan '24

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 4ea089e4 by Richard Pospesel at 2024-01-09T17:38:39+00:00 Bug 41058: Update Snowflake to 2.8.1 - - - - - 1 changed file: - projects/snowflake/config Changes: ===================================== projects/snowflake/config ===================================== @@ -1,7 +1,9 @@ # vim: filetype=yaml sw=2 version: '[% c("abbrev") %]' git_url: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… -git_hash: b5d702f48315ee7dc718496dc6996f266e0ba047 #v2.6.1 +git_hash: v2.8.1 +gpg_keyring: anti-censorship.gpg +tag_gpg_id: 1 container: use_container: 1 @@ -20,6 +22,6 @@ steps: pkg_type: go_vendor project: snowflake norec: - sha256sum: 47ba1520df228ecffcf48ea4d826a365f39f31d9122200dd993c437cf347dc09 + sha256sum: 6e41846a6d3e94891847d74ac08c6888c1540e0b0680ed3900ca54d7c35e1752 target_replace: '^torbrowser-(?!testbuild).*': 'torbrowser-linux-x86_64' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.5-1] fixup! Bug 40597: Implement TorSettings module
by Pier Angelo Vendrame (＠pierov) 09 Jan '24

09 Jan '24

Pier Angelo Vendrame pushed to branch tor-browser-115.6.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: afe1be79 by Pier Angelo Vendrame at 2024-01-09T17:57:06+01:00 fixup! Bug 40597: Implement TorSettings module Bug 42359: Handle firewall and proxy in setSettings. - - - - - 1 changed file: - toolkit/modules/TorSettings.sys.mjs Changes: ===================================== toolkit/modules/TorSettings.sys.mjs ===================================== @@ -301,8 +301,12 @@ class TorSettingsImpl { return this.#parsePort(val, false) ?? 0; }, }, - username: {}, - password: {}, + username: { + transform: val => val ?? "", + }, + password: { + transform: val => val ?? "", + }, uri: { getter: () => { const { type, address, port, username, password } = this.proxy; @@ -910,7 +914,11 @@ class TorSettingsImpl { } /** - * Set all of our settings at once from a settings object. + * Set blocks of settings at once from an object. + * + * It is possible to set all settings, or only some sections (e.g., only + * bridges), but if a key is present, its settings must make sense (e.g., if + * bridges are enabled, a valid source must be provided). * * @param {object} settings The settings object to set */ @@ -924,35 +932,59 @@ class TorSettingsImpl { // Hold off on lots of notifications until all settings are changed. this.freezeNotifications(); try { - this.bridges.enabled = !!settings.bridges.enabled; - this.bridges.source = settings.bridges.source; - switch (settings.bridges.source) { - case TorBridgeSource.BridgeDB: - case TorBridgeSource.UserProvided: - this.bridges.bridge_strings = settings.bridges.bridge_strings; - break; - case TorBridgeSource.BuiltIn: { - this.bridges.builtin_type = settings.bridges.builtin_type; - if (!this.bridges.bridge_strings.length) { - // No bridges were found when setting the builtin_type. - throw new Error( - `No available builtin bridges of type ${settings.bridges.builtin_type}` - ); - } - break; + if ("bridges" in settings) { + this.bridges.enabled = !!settings.bridges.enabled; + // Currently, disabling bridges in the UI does not remove the lines, + // because we call only the `enabled` setter. + // So, if the bridge source is undefined but bridges are disabled, + // do not force Invalid. Instead, keep the current source. + if (this.bridges.enabled || settings.bridges.source !== undefined) { + this.bridges.source = settings.bridges.source; } - case TorBridgeSource.Invalid: - break; - default: - if (settings.bridges.enabled) { - throw new Error( - `Bridge source '${settings.source}' is not a valid source` - ); + switch (settings.bridges.source) { + case TorBridgeSource.BridgeDB: + case TorBridgeSource.UserProvided: + this.bridges.bridge_strings = settings.bridges.bridge_strings; + break; + case TorBridgeSource.BuiltIn: { + this.bridges.builtin_type = settings.bridges.builtin_type; + if (!this.bridges.bridge_strings.length) { + // No bridges were found when setting the builtin_type. + throw new Error( + `No available builtin bridges of type ${settings.bridges.builtin_type}` + ); + } + break; } - break; + case TorBridgeSource.Invalid: + break; + default: + if (settings.bridges.enabled) { + throw new Error( + `Bridge source '${settings.source}' is not a valid source` + ); + } + break; + } } - // TODO: proxy and firewall + if ("proxy" in settings) { + this.proxy.enabled = !!settings.proxy.enabled; + if (this.proxy.enabled) { + this.proxy.type = settings.proxy.type; + this.proxy.address = settings.proxy.address; + this.proxy.port = settings.proxy.port; + this.proxy.username = settings.proxy.username; + this.proxy.password = settings.proxy.password; + } + } + + if ("firewall" in settings) { + this.firewall.enabled = !!settings.firewall.enabled; + if (this.firewall.enabled) { + this.firewall.allowed_ports = settings.firewall.allowed_ports; + } + } } catch (ex) { // Restore the old settings without any new notifications generated from // the above code. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/afe1be7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/afe1be7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.5-1] fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.
by richard (＠richard) 09 Jan '24

09 Jan '24

richard pushed to branch tor-browser-115.6.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 0ee68de7 by Pier Angelo Vendrame at 2024-01-09T12:39:59+01:00 fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain. Bug 42338: Make TorDomainIsolator.newCircuitForDomain public again - - - - - 1 changed file: - toolkit/components/tor-launcher/TorDomainIsolator.sys.mjs Changes: ===================================== toolkit/components/tor-launcher/TorDomainIsolator.sys.mjs ===================================== @@ -224,7 +224,7 @@ class TorDomainIsolatorImpl { newCircuitForBrowser(globalBrowser) { const browser = globalBrowser.selectedBrowser; const firstPartyDomain = getDomainForBrowser(browser); - this.#newCircuitForDomain(firstPartyDomain); + this.newCircuitForDomain(firstPartyDomain); const { username, password } = this.#getSocksProxyCredentials( firstPartyDomain, browser.contentPrincipal.originAttributes.userContextId @@ -329,7 +329,7 @@ class TorDomainIsolatorImpl { logger.info( "tor catchall circuit has reached its maximum lifetime. Rotating." ); - this.#newCircuitForDomain(CATCHALL_DOMAIN); + this.newCircuitForDomain(CATCHALL_DOMAIN); } } const { username, password } = this.#getSocksProxyCredentials( @@ -437,7 +437,7 @@ class TorDomainIsolatorImpl { * @param {string?} domain The first-party domain to re-create the nonce for. * If empty or null, the catchall domain will be used. */ - #newCircuitForDomain(domain) { + newCircuitForDomain(domain) { if (!domain) { domain = CATCHALL_DOMAIN; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0ee68de… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0ee68de… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] 2 commits: Bug 41016: Switch from bullseye to bookworm on macOS+Windows.
by Pier Angelo Vendrame (＠pierov) 09 Jan '24

09 Jan '24

Pier Angelo Vendrame pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 2dc972fd by Pier Angelo Vendrame at 2024-01-09T14:33:16+01:00 Bug 41016: Switch from bullseye to bookworm on macOS+Windows. Debian bookworm became the new stable in June 2023, so we should update our containers to use it. On macOS the update did not cause any issue, and just updating the suite name worked. On Windows, it caused some problems where we used the strip provided by the OS (only for tor, it seems), because the new version of strip seems to update the timestamps by default. We are delaying the process for Android because there are still a couple of projects that require Java 11, which is not available on bookworm. - - - - - d5376ce1 by Pier Angelo Vendrame at 2024-01-09T14:33:18+01:00 Bug 41015: Enable std::filesystem on libc++ on Windows We need to do some path manipulation in some Firefox code that is run before initializing XPCOM. So, the alternatives are either Path* functions from shlwapi, or std::filesystem, which is disabled in Firefox 115. Mozilla enabled it starting from 116, but we have been told it is okay to enable it also in 115, so we do it with this patch. - - - - - 6 changed files: - projects/manual/config - projects/mingw-w64-clang/build - projects/mmdebstrap-image/config - projects/mmdebstrap/config - projects/tor/build - rbm.conf Changes: ===================================== projects/manual/config ===================================== @@ -13,7 +13,7 @@ compress_tar: 'gz' var: container: - suite: bullseye + suite: bookworm arch: amd64 deps: - python3 ===================================== projects/mingw-w64-clang/build ===================================== @@ -175,7 +175,7 @@ EOF -DLIBCXX_SUPPORTS_STD_EQ_CXX11_FLAG=TRUE \ -DLIBCXX_HAVE_CXX_ATOMICS_WITHOUT_LIB=TRUE \ -DLIBCXX_ENABLE_EXPERIMENTAL_LIBRARY=OFF \ - -DLIBCXX_ENABLE_FILESYSTEM=OFF \ + -DLIBCXX_ENABLE_FILESYSTEM=ON \ -DLIBCXX_ENABLE_STATIC_ABI_LIBRARY=TRUE \ -DLIBCXX_CXX_ABI=libcxxabi \ -DLIBCXX_CXX_ABI_INCLUDE_PATHS=$builddir/clang-source/libcxxabi/include \ ===================================== projects/mmdebstrap-image/config ===================================== @@ -7,7 +7,7 @@ container: use_container: 1 var: - ubuntu_version: 22.04.2 + ubuntu_version: 22.04.3 pre: | #!/bin/sh @@ -50,9 +50,16 @@ targets: suite: bullseye arch: amd64 + bookworm-amd64: + var: + minimal_apt_version: 2.6.1 + container: + suite: bookworm + arch: amd64 + input_files: - project: mmdebstrap name: mmdebstrap - URL: 'https://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz' filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz' - sha256sum: 373f064df30519adc3344a08d774f437caabd1479d846fa2ca6fed727ea7a53d + sha256sum: ad33b7ae47b75c92c2e2fe21fd4612e15357e67679d8751d6ce892a475be24fe ===================================== projects/mmdebstrap/config ===================================== @@ -1,6 +1,6 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-src-[% c("version") %]-[% c("var/build_id") %].tar.gz' -version: 0.8.6 +version: 1.4.0 git_hash: '[% c("version") %]' git_url: https://gitlab.mister-muffin.de/josch/mmdebstrap.git gpg_keyring: mmdebstrap.gpg ===================================== projects/tor/build ===================================== @@ -97,8 +97,9 @@ cp $distdir/share/tor/geoip6 "$TORDATADIR" cd $distdir [% IF c("var/windows") %] - install -s $distdir/bin/tor.exe "$TORBINDIR" - install -s $distdir/bin/tor-gencert.exe "$TORBINDIR" + # With Debian bookworm strip changes the date time, llvm-strip doesn't do it. + install -s --strip-program=llvm-strip $distdir/bin/tor.exe "$TORBINDIR" + install -s --strip-program=llvm-strip $distdir/bin/tor-gencert.exe "$TORBINDIR" [% END %] [% IF c("var/linux") %] ===================================== rbm.conf ===================================== @@ -578,7 +578,7 @@ targets: windows: 1 platform: windows container: - suite: bullseye + suite: bookworm arch: amd64 configure_opt: '--host=[% c("arch") %]-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]" [% c("var/configure_opt_project") %]' CFLAGS: '-fstack-protector-strong -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security [% c("var/flag_mwindows") %]' @@ -661,7 +661,7 @@ targets: platform: macos osname: macos container: - suite: bullseye + suite: bookworm arch: amd64 compiler: 'macosx-toolchain' configure_opt: '--host=[% c("var/build_target") %] CC="[% c("var/build_target") %]-clang [% c("var/FLAGS") %]" CXX="[% c("var/build_target") %]-clang++ [% c("var/FLAGS") %]" [% c("var/configure_opt_project") %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.6.0esr-13.0-1] 2 commits: Bug 1865238 - Use One UI Sans KR VF for Korean sans-serif font on Android r=jfkthame
by Pier Angelo Vendrame (＠pierov) 09 Jan '24

09 Jan '24

Pier Angelo Vendrame pushed to branch mullvad-browser-115.6.0esr-13.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 4f0e3266 by Kagami Sascha Rosylight at 2024-01-09T14:28:40+01:00 Bug 1865238 - Use One UI Sans KR VF for Korean sans-serif font on Android r=jfkthame Per /etc/fonts.xml, there are now only two `<family lang="ko">` nodes there: * OneUISansKRVF series * SECCJK series (but no KR postfix anymore?) This patch uses One UI Sans KR VF as the replacement as this is newer and is a variable font (tested with https://codepen.io/SaschaNaz/pen/ExrdYXJ) Differential Revision: https://phabricator.services.mozilla.com/D195078 - - - - - e99bdee9 by Pier Angelo Vendrame at 2024-01-09T14:28:42+01:00 Bug 1860020 - Remove the assertion on the value of toolkit.telemetry.enabled. r=KrisWright,chutten Bug 1444275 introduced an assertion on the parent process to check that the value of toolkit.telemetry.enabled is the expected one. However, this expected value could be different from the one set and locked e.g. in some forks. Therefore, the assertion prevented debug builds from working in these cases. Differential Revision: https://phabricator.services.mozilla.com/D195080 - - - - - 2 changed files: - modules/libpref/Preferences.cpp - modules/libpref/init/all.js Changes: ===================================== modules/libpref/Preferences.cpp ===================================== @@ -3637,16 +3637,6 @@ void Preferences::SetupTelemetryPref() { Preferences::Lock(kTelemetryPref); } -static void CheckTelemetryPref() { - MOZ_ASSERT(!XRE_IsParentProcess()); - - // Make sure the children got passed the right telemetry pref details. - DebugOnly<bool> value; - MOZ_ASSERT(NS_SUCCEEDED(Preferences::GetBool(kTelemetryPref, &value)) && - value == TelemetryPrefValue()); - MOZ_ASSERT(Preferences::IsLocked(kTelemetryPref)); -} - #endif // MOZ_WIDGET_ANDROID /* static */ @@ -3687,11 +3677,6 @@ already_AddRefed<Preferences> Preferences::GetInstanceForService() { Preferences::SetPreference(gChangedDomPrefs->ElementAt(i)); } gChangedDomPrefs = nullptr; - -#ifndef MOZ_WIDGET_ANDROID - CheckTelemetryPref(); -#endif - } else { // Check if there is a deployment configuration file. If so, set up the // pref config machinery, which will actually read the file. ===================================== modules/libpref/init/all.js ===================================== @@ -3053,7 +3053,7 @@ pref("font.size.monospace.x-math", 13); pref("font.name-list.monospace.ja", "MotoyaLMaru, MotoyaLCedar, Noto Sans Mono CJK JP, SEC Mono CJK JP, Droid Sans Mono"); pref("font.name-list.serif.ko", "Charis SIL Compact, Noto Serif CJK KR, Noto Serif, Droid Serif, HYSerif"); - pref("font.name-list.sans-serif.ko", "Roboto, Google Sans, SmartGothic, NanumGothic, Noto Sans KR, Noto Sans CJK KR, SamsungKorean_v2.0, SEC CJK KR, DroidSansFallback, Droid Sans Fallback"); + pref("font.name-list.sans-serif.ko", "Roboto, Google Sans, SmartGothic, NanumGothic, Noto Sans KR, Noto Sans CJK KR, One UI Sans KR VF, SamsungKorean_v2.0, SEC CJK KR, DroidSansFallback, Droid Sans Fallback"); pref("font.name-list.monospace.ko", "Droid Sans Mono, Noto Sans Mono CJK KR, SEC Mono CJK KR"); pref("font.name-list.serif.th", "Charis SIL Compact, Noto Serif, Noto Serif Thai, Droid Serif"); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/65… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/65… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.0-1] Bug 1860020 - Remove the assertion on the value of toolkit.telemetry.enabled. r=KrisWright, chutten
by Pier Angelo Vendrame (＠pierov) 09 Jan '24

09 Jan '24

Pier Angelo Vendrame pushed to branch tor-browser-115.6.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 4c246c84 by Pier Angelo Vendrame at 2024-01-09T14:27:30+01:00 Bug 1860020 - Remove the assertion on the value of toolkit.telemetry.enabled. r=KrisWright,chutten Bug 1444275 introduced an assertion on the parent process to check that the value of toolkit.telemetry.enabled is the expected one. However, this expected value could be different from the one set and locked e.g. in some forks. Therefore, the assertion prevented debug builds from working in these cases. Differential Revision: https://phabricator.services.mozilla.com/D195080 - - - - - 1 changed file: - modules/libpref/Preferences.cpp Changes: ===================================== modules/libpref/Preferences.cpp ===================================== @@ -3637,16 +3637,6 @@ void Preferences::SetupTelemetryPref() { Preferences::Lock(kTelemetryPref); } -static void CheckTelemetryPref() { - MOZ_ASSERT(!XRE_IsParentProcess()); - - // Make sure the children got passed the right telemetry pref details. - DebugOnly<bool> value; - MOZ_ASSERT(NS_SUCCEEDED(Preferences::GetBool(kTelemetryPref, &value)) && - value == TelemetryPrefValue()); - MOZ_ASSERT(Preferences::IsLocked(kTelemetryPref)); -} - #endif // MOZ_WIDGET_ANDROID /* static */ @@ -3687,11 +3677,6 @@ already_AddRefed<Preferences> Preferences::GetInstanceForService() { Preferences::SetPreference(gChangedDomPrefs->ElementAt(i)); } gChangedDomPrefs = nullptr; - -#ifndef MOZ_WIDGET_ANDROID - CheckTelemetryPref(); -#endif - } else { // Check if there is a deployment configuration file. If so, set up the // pref config machinery, which will actually read the file. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4c246c8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4c246c8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.6.0esr-13.0-1] Bug 1860020 - Remove the assertion on the value of toolkit.telemetry.enabled. r=KrisWright, chutten
by Pier Angelo Vendrame (＠pierov) 09 Jan '24

09 Jan '24

Pier Angelo Vendrame pushed to branch base-browser-115.6.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: ff2a5e97 by Pier Angelo Vendrame at 2024-01-09T14:26:49+01:00 Bug 1860020 - Remove the assertion on the value of toolkit.telemetry.enabled. r=KrisWright,chutten Bug 1444275 introduced an assertion on the parent process to check that the value of toolkit.telemetry.enabled is the expected one. However, this expected value could be different from the one set and locked e.g. in some forks. Therefore, the assertion prevented debug builds from working in these cases. Differential Revision: https://phabricator.services.mozilla.com/D195080 - - - - - 1 changed file: - modules/libpref/Preferences.cpp Changes: ===================================== modules/libpref/Preferences.cpp ===================================== @@ -3637,16 +3637,6 @@ void Preferences::SetupTelemetryPref() { Preferences::Lock(kTelemetryPref); } -static void CheckTelemetryPref() { - MOZ_ASSERT(!XRE_IsParentProcess()); - - // Make sure the children got passed the right telemetry pref details. - DebugOnly<bool> value; - MOZ_ASSERT(NS_SUCCEEDED(Preferences::GetBool(kTelemetryPref, &value)) && - value == TelemetryPrefValue()); - MOZ_ASSERT(Preferences::IsLocked(kTelemetryPref)); -} - #endif // MOZ_WIDGET_ANDROID /* static */ @@ -3687,11 +3677,6 @@ already_AddRefed<Preferences> Preferences::GetInstanceForService() { Preferences::SetPreference(gChangedDomPrefs->ElementAt(i)); } gChangedDomPrefs = nullptr; - -#ifndef MOZ_WIDGET_ANDROID - CheckTelemetryPref(); -#endif - } else { // Check if there is a deployment configuration file. If so, set up the // pref config machinery, which will actually read the file. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ff2a5e9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ff2a5e9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.6.0esr-13.0-1] Bug 1865238 - Use One UI Sans KR VF for Korean sans-serif font on Android r=jfkthame
by Pier Angelo Vendrame (＠pierov) 09 Jan '24

09 Jan '24

Pier Angelo Vendrame pushed to branch base-browser-115.6.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 23604adf by Kagami Sascha Rosylight at 2024-01-09T14:24:52+01:00 Bug 1865238 - Use One UI Sans KR VF for Korean sans-serif font on Android r=jfkthame Per /etc/fonts.xml, there are now only two `<family lang="ko">` nodes there: * OneUISansKRVF series * SECCJK series (but no KR postfix anymore?) This patch uses One UI Sans KR VF as the replacement as this is newer and is a variable font (tested with https://codepen.io/SaschaNaz/pen/ExrdYXJ) Differential Revision: https://phabricator.services.mozilla.com/D195078 - - - - - 1 changed file: - modules/libpref/init/all.js Changes: ===================================== modules/libpref/init/all.js ===================================== @@ -3053,7 +3053,7 @@ pref("font.size.monospace.x-math", 13); pref("font.name-list.monospace.ja", "MotoyaLMaru, MotoyaLCedar, Noto Sans Mono CJK JP, SEC Mono CJK JP, Droid Sans Mono"); pref("font.name-list.serif.ko", "Charis SIL Compact, Noto Serif CJK KR, Noto Serif, Droid Serif, HYSerif"); - pref("font.name-list.sans-serif.ko", "Roboto, Google Sans, SmartGothic, NanumGothic, Noto Sans KR, Noto Sans CJK KR, SamsungKorean_v2.0, SEC CJK KR, DroidSansFallback, Droid Sans Fallback"); + pref("font.name-list.sans-serif.ko", "Roboto, Google Sans, SmartGothic, NanumGothic, Noto Sans KR, Noto Sans CJK KR, One UI Sans KR VF, SamsungKorean_v2.0, SEC CJK KR, DroidSansFallback, Droid Sans Fallback"); pref("font.name-list.monospace.ko", "Droid Sans Mono, Noto Sans Mono CJK KR, SEC Mono CJK KR"); pref("font.name-list.serif.th", "Charis SIL Compact, Noto Serif, Noto Serif Thai, Droid Serif"); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/23604ad… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/23604ad… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.0-1] Bug 1865238 - Use One UI Sans KR VF for Korean sans-serif font on Android r=jfkthame
by Pier Angelo Vendrame (＠pierov) 09 Jan '24

09 Jan '24

Pier Angelo Vendrame pushed to branch tor-browser-115.6.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 15bfca64 by Kagami Sascha Rosylight at 2024-01-09T14:24:03+01:00 Bug 1865238 - Use One UI Sans KR VF for Korean sans-serif font on Android r=jfkthame Per /etc/fonts.xml, there are now only two `<family lang="ko">` nodes there: * OneUISansKRVF series * SECCJK series (but no KR postfix anymore?) This patch uses One UI Sans KR VF as the replacement as this is newer and is a variable font (tested with https://codepen.io/SaschaNaz/pen/ExrdYXJ) Differential Revision: https://phabricator.services.mozilla.com/D195078 - - - - - 1 changed file: - modules/libpref/init/all.js Changes: ===================================== modules/libpref/init/all.js ===================================== @@ -3053,7 +3053,7 @@ pref("font.size.monospace.x-math", 13); pref("font.name-list.monospace.ja", "MotoyaLMaru, MotoyaLCedar, Noto Sans Mono CJK JP, SEC Mono CJK JP, Droid Sans Mono"); pref("font.name-list.serif.ko", "Charis SIL Compact, Noto Serif CJK KR, Noto Serif, Droid Serif, HYSerif"); - pref("font.name-list.sans-serif.ko", "Roboto, Google Sans, SmartGothic, NanumGothic, Noto Sans KR, Noto Sans CJK KR, SamsungKorean_v2.0, SEC CJK KR, DroidSansFallback, Droid Sans Fallback"); + pref("font.name-list.sans-serif.ko", "Roboto, Google Sans, SmartGothic, NanumGothic, Noto Sans KR, Noto Sans CJK KR, One UI Sans KR VF, SamsungKorean_v2.0, SEC CJK KR, DroidSansFallback, Droid Sans Fallback"); pref("font.name-list.monospace.ko", "Droid Sans Mono, Noto Sans Mono CJK KR, SEC Mono CJK KR"); pref("font.name-list.serif.th", "Charis SIL Compact, Noto Serif, Noto Serif Thai, Droid Serif"); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/15bfca6… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/15bfca6… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/firefox-android][firefox-android-115.2.1-13.0-1] fixup! Add Tor integration and UI
by Pier Angelo Vendrame (＠pierov) 09 Jan '24

09 Jan '24

Pier Angelo Vendrame pushed to branch firefox-android-115.2.1-13.0-1 at The Tor Project / Applications / firefox-android Commits: dadeaa78 by Pier Angelo Vendrame at 2024-01-09T14:20:36+01:00 fixup! Add Tor integration and UI Bug 42324: Onion location does not work after a browser restart - - - - - 2 changed files: - android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/GeckoEngine.kt - fenix/app/src/main/java/org/mozilla/fenix/settings/SettingsFragment.kt Changes: ===================================== android-components/components/browser/engine-gecko/src/main/java/mozilla/components/browser/engine/gecko/GeckoEngine.kt ===================================== @@ -798,11 +798,7 @@ class GeckoEngine( } override var prioritizeOnions: Boolean get() = runtime.settings.prioritizeOnions - set(value) { - value.let { - runtime.settings.prioritizeOnions = it - } - } + set(value) { runtime.settings.prioritizeOnions = value } }.apply { defaultSettings?.let { this.javascriptEnabled = it.javascriptEnabled ===================================== fenix/app/src/main/java/org/mozilla/fenix/settings/SettingsFragment.kt ===================================== @@ -485,7 +485,9 @@ class SettingsFragment : PreferenceFragmentCompat() { } preferencePrioritizeOnions?.setOnPreferenceChangeListener<Boolean> { preference, newValue -> - preference.context.components.core.engine.settings.prioritizeOnions = newValue + preference.context.settings().preferences.edit() + .putBoolean(preference.key, newValue).apply() + requireComponents.core.engine.settings.prioritizeOnions = newValue true } View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/commit/dad… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/commit/dad… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.0-1] fixup! Bug 40458: Implement .tor.onion aliases
by ma1 (＠ma1) 08 Jan '24

08 Jan '24

ma1 pushed to branch tor-browser-115.6.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: e4373331 by hackademix at 2024-01-08T20:09:08+01:00 fixup! Bug 40458: Implement .tor.onion aliases Bug 42099: Blind cross-site .onion requests. - - - - - 3 changed files: - browser/components/onionservices/OnionAliasStore.jsm - + browser/components/onionservices/TorRequestWatch.sys.mjs - browser/components/onionservices/moz.build Changes: ===================================== browser/components/onionservices/OnionAliasStore.jsm ===================================== @@ -12,11 +12,10 @@ const { ConsoleAPI } = ChromeUtils.import("resource://gre/modules/Console.jsm"); const lazy = {}; -ChromeUtils.defineModuleGetter( - lazy, - "JSONFile", - "resource://gre/modules/JSONFile.jsm" -); +ChromeUtils.defineESModuleGetters(lazy, { + JSONFile: "resource://gre/modules/JSONFile.sys.mjs", + TorRequestWatch: "resource:///modules/TorRequestWatch.sys.mjs", +}); /* OnionAliasStore observer topics */ const OnionAliasStoreTopics = Object.freeze({ @@ -281,6 +280,7 @@ class _OnionAliasStore { } async init() { + lazy.TorRequestWatch.start(); await this._loadSettings(); if (this.enabled) { await this._startUpdates(); @@ -295,6 +295,7 @@ class _OnionAliasStore { } this._rulesetTimeout = null; Services.prefs.removeObserver(kPrefOnionAliasEnabled, this); + lazy.TorRequestWatch.stop(); } async getChannels() { ===================================== browser/components/onionservices/TorRequestWatch.sys.mjs ===================================== @@ -0,0 +1,124 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * This module implements Tor-specific Web Request policies, such as + * preventing observable cross-site requests to .tor.onion and .bit.onion sites. + */ + +import { ConsoleAPI } from "resource://gre/modules/Console.sys.mjs"; + +const log = new ConsoleAPI({ + maxLogLevel: "warn", + maxLogLevelPref: "browser.torRequestWatch.log_level", + prefix: "TorRequestWatch", +}); + +class RequestObserver { + static #topics = [ + "http-on-modify-request", + "http-on-examine-response", + "http-on-examine-cached-response", + "http-on-examine-merged-response", + ]; + #asObserver(addOrRemove) { + const action = Services.obs[`${addOrRemove}Observer`].bind(Services.obs); + for (const topic of RequestObserver.#topics) { + action(this, topic); + } + } + + start() { + this.#asObserver("add"); + log.debug("Started"); + } + stop() { + this.#asObserver("remove"); + log.debug("Stopped"); + } + + // nsIObserver implementation + observe(subject, topic, data) { + try { + let channel = ChannelWrapper.get( + subject.QueryInterface(Ci.nsIHttpChannel) + ); + switch (topic) { + case "http-on-modify-request": + this.onRequest(channel); + break; + case "http-on-examine-cached-response": + case "http-on-examine-merged-response": + channel.isCached = true; + // falls through + case "http-on-examine-response": + this.onResponse(channel); + break; + } + } catch (e) { + log.error(e); + } + } + + onRequest(channel) { + if (this.shouldBlind(channel, channel.documentURL)) { + log.warn(`Blocking cross-site ${channel.finalURL} ${channel.type} load.`); + channel.cancel(Cr.NS_ERROR_ABORT); + } + } + onResponse(channel) { + if (!channel.documentURL && this.shouldBlind(channel, channel.originURL)) { + const COOP = "cross-origin-opener-policy"; + // we break window.opener references if needed to mitigate XS-Leaks + for (let h of channel.getResponseHeaders()) { + if (h.name.toLowerCase() === COOP && h.value === "same-origin") { + log.debug(`${COOP} is already same-origin, nothing to do.`); + return; + } + } + log.warn(`Blinding cross-site ${channel.finalURL} load.`); + channel.setResponseHeader(COOP, "same-origin-allow-popups"); + } + } + + isCrossOrigin(url1, url2) { + return new URL(url1).origin !== new URL(url2).origin; + } + shouldBlindCrossOrigin(uri) { + try { + let { host } = uri; + if (host.endsWith(".onion")) { + const previousPart = host.slice(-10, -6); + return ( + previousPart && (previousPart === ".tor" || previousPart === ".bit") + ); + } + } catch (e) { + // no host + } + return false; + } + shouldBlind(channel, sourceURL) { + return ( + sourceURL && + this.shouldBlindCrossOrigin(channel.finalURI) && + this.isCrossOrigin(channel.finalURL, sourceURL) + ); + } +} + +let observer; +export const TorRequestWatch = { + start() { + if (!observer) { + (observer = new RequestObserver()).start(); + } + }, + stop() { + if (observer) { + observer.stop(); + observer = null; + } + }, +}; ===================================== browser/components/onionservices/moz.build ===================================== @@ -4,4 +4,5 @@ EXTRA_JS_MODULES += [ "OnionAliasStore.jsm", "OnionLocationChild.jsm", "OnionLocationParent.jsm", + "TorRequestWatch.sys.mjs", ] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e437333… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e437333… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/firefox-android][firefox-android-115.2.1-13.0-1] fixup! Modify add-on support
by ma1 (＠ma1) 08 Jan '24

08 Jan '24

ma1 pushed to branch firefox-android-115.2.1-13.0-1 at The Tor Project / Applications / firefox-android Commits: cb98e7b2 by hackademix at 2024-01-08T19:54:56+01:00 fixup! Modify add-on support Bug 42353: Fix NoScript automatic updates. - - - - - 1 changed file: - fenix/app/src/main/java/org/mozilla/fenix/components/TorBrowserFeatures.kt Changes: ===================================== fenix/app/src/main/java/org/mozilla/fenix/components/TorBrowserFeatures.kt ===================================== @@ -136,37 +136,37 @@ object TorBrowserFeatures { } /** - * If we have not done it yet, enable automatic updates for NoScript and force a + * Enable automatic updates for NoScript and, if we've not done it yet, force a * one-time immediate update check, in order to upgrade old profiles and ensure we've got * the latest stable AMO version available on first startup. * We will do it as soon as the Tor is connected, to prevent early addonUpdater activation * causing automatic update checks failures (components.addonUpdater being a lazy prop). * The extension, from then on, should behave as if the user had installed it manually. */ - if (settings.noscriptUpdated == 0) { - context.components.torController.registerTorListener(object : TorEvents { - override fun onTorConnected() { - context.components.torController.unregisterTorListener(this) - // Enable automatic updates - context.components.addonUpdater.registerForFutureUpdates(NOSCRIPT_ID) - // Force an immediate update check + context.components.torController.registerTorListener(object : TorEvents { + override fun onTorConnected() { + context.components.torController.unregisterTorListener(this) + // Enable automatic updates. This must be done on every startup (tor-browser#42353) + context.components.addonUpdater.registerForFutureUpdates(NOSCRIPT_ID) + // Force a one-time immediate update check for older installations + if (settings.noscriptUpdated < 2) { context.components.addonUpdater.update(NOSCRIPT_ID) - settings.noscriptUpdated = 1 + settings.noscriptUpdated = 2 } + } - @SuppressWarnings("EmptyFunctionBlock") - override fun onTorConnecting() { - } + @SuppressWarnings("EmptyFunctionBlock") + override fun onTorConnecting() { + } - @SuppressWarnings("EmptyFunctionBlock") - override fun onTorStopped() { - } + @SuppressWarnings("EmptyFunctionBlock") + override fun onTorStopped() { + } - @SuppressWarnings("EmptyFunctionBlock") - override fun onTorStatusUpdate(entry: String?, status: String?) { - } - }) - } + @SuppressWarnings("EmptyFunctionBlock") + override fun onTorStatusUpdate(entry: String?, status: String?) { + } + }) } View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/commit/cb9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/commit/cb9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 42343 (TB): Pass pt_config.json to the browser
by Pier Angelo Vendrame (＠pierov) 08 Jan '24

08 Jan '24

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 1c1deba7 by Pier Angelo Vendrame at 2024-01-08T14:42:54+01:00 Bug 42343 (TB): Pass pt_config.json to the browser We modified TorSettings to handle pt_config.json, so we do not need to convert it to pref lines anymore, but we need to inject the updated file to omni.ja. - - - - - 2 changed files: - projects/browser/build - projects/browser/build.android Changes: ===================================== projects/browser/build ===================================== @@ -257,26 +257,6 @@ done echo "${line/\$\{pt_path\}/${PT_PATH}}" >> "$TORRC_DEFAULTS" done done - - # Write Default Bridge Prefs - echo "# Tor Launcher preferences (default bridges):" >> "$GENERATEDPREFSPATH" - RECOMMMENDED_DEFAULT=$(jq -r .recommendedDefault "${PT_CONFIG}") - echo "pref(\"extensions.torlauncher.default_bridge_recommended_type\", \"${RECOMMMENDED_DEFAULT}\");" >> "$GENERATEDPREFSPATH" - - # Writes bridge-line prefs for a given bridge type - function bridges_conf { - local bridge_type="$1" - local i=1 - jq -r ".bridges.\"$bridge_type\" | .[]" "${PT_CONFIG}" | while read -r line; do - echo "pref(\"extensions.torlauncher.default_bridge.$bridge_type.$i\", \"$line\");" >> "$GENERATEDPREFSPATH" - i=$((i + 1)) - done - } - - # Iterate over our bridge types and write default bridgelines for each - for bridge_type in $(jq -r ".bridges | keys[]" "${PT_CONFIG}"); do - bridges_conf $bridge_type - done [% END -%] [% IF c("var/linux") && c("var/tor-browser") %] @@ -293,8 +273,17 @@ PKG_DIR='[% c("var/project-name") %]' for tbdir in "${TBDIRS[@]}" do - tbdir="$tbdir[% IF c('var/macos') %]/Contents/Resources[% END %]/browser/" - pushd "$tbdir" + tbdir="$tbdir[% IF c('var/macos') %]/Contents/Resources[% END %]/" + [% IF c("var/tor-browser") -%] + pushd "$rootdir" + pt_config_dir=chrome/toolkit/content/global + mkdir -p "$pt_config_dir" + cp "pt_config.json" "$pt_config_dir/" + zip -Xm "$tbdir/omni.ja" "$pt_config_dir/pt_config.json" + rm -rf chrome + popd + [% END -%] + pushd "$tbdir/browser" unzip omni.ja defaults/preferences/[% c("var/prefs_file") %] || [ $? -lt 3 ] # Append our built extension-overrides.js to the preferences file cat "$GENERATEDPREFSPATH" >> defaults/preferences/[% c("var/prefs_file") %] ===================================== projects/browser/build.android ===================================== @@ -14,7 +14,7 @@ sorted_baseline_apk=$(basename $apk .apk)_sorted_baseline.apk $rootdir/sort-baseline.py --apk $apk $sorted_baseline_apk mv $sorted_baseline_apk $apk -# Bundle our extensioni(s). +# Bundle our extension(s). # NoScript will be copied over to the profile folder # as a "regular" browser extension receiving regular AMO updates. noscript_path="$ext_dir/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi" @@ -23,6 +23,21 @@ mkdir -p /var/tmp/build/$ext_dir [% dest_dir _ '/' _ c('filename') %] cd /var/tmp/build mv $rootdir/[% c('input_files_by_name/noscript') %] "$noscript_path" +[%IF c("var/tor-browser") -%] + unzip -j "$apk" assets/omni.ja + tar -xaf "$rootdir/[% c("input_files_by_name/tor-expert-bundle") %]" tor/pluggable_transports/pt_config.json + mkdir omni + pushd omni + unzip ../omni.ja + cp ../tor/pluggable_transports/pt_config.json chrome/toolkit/content/global/pt_config.json + [% c('zip', { + zip_src => [ '.' ], + zip_args => '../assets/omni.ja', + }) %] + popd +[% END -%] + + [% IF c("var/verify_allowed_addons") %] # Check that allowed_addons.json contains the right versions of our bundled extension(s). # If so, replace the default allowed_addons.json by ours in the apk assets folder. @@ -32,9 +47,9 @@ mv $rootdir/[% c('input_files_by_name/noscript') %] "$noscript_path" mv $rootdir/allowed_addons.json $assets_dir/allowed_addons.json [% c('zip', { - zip_src => [ '$assets_dir' ], - zip_args => '$apk', - }) %] + zip_src => [ '$assets_dir' ], + zip_args => '$apk', + }) %] aligned_apk=$(basename $apk .apk)_aligned.apk zipalign -vp 4 $apk $aligned_apk View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.5-1] 8 commits: fixup! Bug 40597: Implement TorSettings module
by Pier Angelo Vendrame (＠pierov) 08 Jan '24

08 Jan '24

Pier Angelo Vendrame pushed to branch tor-browser-115.6.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: be025b30 by Pier Angelo Vendrame at 2024-01-08T14:38:58+01:00 fixup! Bug 40597: Implement TorSettings module Convert TorSettings to an ES class. - - - - - 440a0aae by Pier Angelo Vendrame at 2024-01-08T14:39:01+01:00 fixup! Bug 40597: Implement TorSettings module Replace _ with # for private stuff in TorSettings. - - - - - 08bc6b26 by Pier Angelo Vendrame at 2024-01-08T14:39:01+01:00 fixup! Bug 40597: Implement TorSettings module Bug 42343: Read built-in bridges from pt_config.json instead of preferences. - - - - - 28351513 by Pier Angelo Vendrame at 2024-01-08T14:39:02+01:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 42343: Read built-in bridges from pt_config.json instead of preferences. Update the way in which we query the PTs we have bundled bridge lines for. - - - - - 6e7488b0 by Pier Angelo Vendrame at 2024-01-08T14:39:02+01:00 fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js Bug 42343: Read built-in bridges from pt_config.json instead of preferences. Remove some preferences we do not use anymore and their documentation. - - - - - 8da34d3a by Pier Angelo Vendrame at 2024-01-08T14:39:02+01:00 fixup! Bug 41089: Add tor-browser build scripts + Makefile to tor-browser Bug 42343: Read built-in bridges from pt_config.json instead of preferences. Do not copy the bridges anymore when doing the deploy. - - - - - 51e8c714 by Pier Angelo Vendrame at 2024-01-08T14:39:03+01:00 fixup! Bug 40597: Implement TorSettings module Added checks on TorSettings.initialized, and some documentation improvements. - - - - - 7272b554 by Pier Angelo Vendrame at 2024-01-08T14:39:03+01:00 fixup! Bug 40597: Implement TorSettings module Batch of changes requested in the MR. - - - - - 9 changed files: - browser/app/profile/000-tor-browser.js - browser/components/torpreferences/content/builtinBridgeDialog.mjs - browser/components/torpreferences/content/connectionPane.js - toolkit/content/jar.mn - + toolkit/content/pt_config.json - toolkit/modules/TorConnect.sys.mjs - toolkit/modules/TorSettings.sys.mjs - − tools/torbrowser/bridges.js - tools/torbrowser/deploy.sh Changes: ===================================== browser/app/profile/000-tor-browser.js ===================================== @@ -69,7 +69,6 @@ pref("extensions.torbutton.pref_fixup_version", 0); pref("extensions.torlauncher.start_tor", true); pref("extensions.torlauncher.prompt_at_startup", true); -pref("extensions.torlauncher.quickstart", false); pref("extensions.torlauncher.max_tor_log_entries", 1000); @@ -113,11 +112,3 @@ pref("extensions.torlauncher.tordatadir_path", ""); pref("extensions.torlauncher.bridgedb_front", "foursquare.com"); pref("extensions.torlauncher.bridgedb_reflector", "https://moat.torproject.org.global.prod.fastly.net/"); pref("extensions.torlauncher.moat_service", "https://bridges.torproject.org/moat"); -pref("extensions.torlauncher.bridgedb_bridge_type", "obfs4"); - -// Recommended default bridge type. -// pref("extensions.torlauncher.default_bridge_recommended_type", "obfs3"); - -// Default bridges. -// pref("extensions.torlauncher.default_bridge.TYPE.1", "TYPE x.x.x.x:yy"); -// pref("extensions.torlauncher.default_bridge.TYPE.2", "TYPE x.x.x.x:yy"); ===================================== browser/components/torpreferences/content/builtinBridgeDialog.mjs ===================================== @@ -3,7 +3,6 @@ import { TorStrings } from "resource://gre/modules/TorStrings.sys.mjs"; import { TorSettings, TorBridgeSource, - TorBuiltinBridgeTypes, } from "resource://gre/modules/TorSettings.sys.mjs"; import { @@ -62,7 +61,7 @@ export class BuiltinBridgeDialog { )) { const radio = optionEl.querySelector("radio"); const type = radio.value; - optionEl.hidden = !TorBuiltinBridgeTypes.includes(type); + optionEl.hidden = !TorSettings.builtinBridgeTypes.includes(type); radio.label = typeStrings[type].label; optionEl.querySelector( ".builtin-bridges-option-description" ===================================== browser/components/torpreferences/content/connectionPane.js ===================================== @@ -867,7 +867,7 @@ const gConnectionPane = (function () { }, init() { - this._populateXUL(); + TorSettings.initializedPromise.then(() => this._populateXUL()); const onUnload = () => { window.removeEventListener("unload", onUnload); ===================================== toolkit/content/jar.mn ===================================== @@ -137,3 +137,5 @@ toolkit.jar: # Third party files content/global/third_party/d3/d3.js (/third_party/js/d3/d3.js) content/global/third_party/cfworker/json-schema.js (/third_party/js/cfworker/json-schema.js) + + content/global/pt_config.json (pt_config.json) ===================================== toolkit/content/pt_config.json ===================================== @@ -0,0 +1,32 @@ +{ + "_comment": "Used for dev build, replaced for release builds in tor-browser-build. This file is copied from tor-browser-build cb513eec:tor-expert-bundle/pt_config.json", + "recommendedDefault" : "obfs4", + "pluggableTransports" : { + "lyrebird" : "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${pt_path}lyrebird${pt_extension}", + "snowflake" : "ClientTransportPlugin snowflake exec ${pt_path}snowflake-client${pt_extension}", + "webtunnel" : "ClientTransportPlugin webtunnel exec ${pt_path}webtunnel-client${pt_extension}", + "conjure" : "ClientTransportPlugin conjure exec ${pt_path}conjure-client${pt_extension} -registerURL https://registration.refraction.network/api" + }, + "bridges" : { + "meek-azure" : [ + "meek_lite 192.0.2.18:80 BE776A53492E1E044A26F17306E1BC46A55A1625 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com" + ], + "obfs4" : [ + "obfs4 192.95.36.142:443 CDF2E852BF539B82BD10E27E9115A31734E378C2 cert=qUVQ0srL1JI/vO6V6m/24anYXiJD3QP2HgzUKQtQ7GRqqUvs7P+tG43RtAqdhLOALP7DJQ iat-mode=1", + "obfs4 37.218.245.14:38224 D9A82D2F9C2F65A18407B1D2B764F130847F8B5D cert=bjRaMrr1BRiAW8IE9U5z27fQaYgOhX1UCmOpg2pFpoMvo6ZgQMzLsaTzzQNTlm7hNcb+Sg iat-mode=0", + "obfs4 85.31.186.98:443 011F2599C0E9B27EE74B353155E244813763C3E5 cert=ayq0XzCwhpdysn5o0EyDUbmSOx3X/oTEbzDMvczHOdBJKlvIdHHLJGkZARtT4dcBFArPPg iat-mode=0", + "obfs4 85.31.186.26:443 91A6354697E6B02A386312F68D82CF86824D3606 cert=PBwr+S8JTVZo6MPdHnkTwXJPILWADLqfMGoVvhZClMq/Urndyd42BwX9YFJHZnBB3H0XCw iat-mode=0", + "obfs4 193.11.166.194:27015 2D82C2E354D531A68469ADF7F878FA6060C6BACA cert=4TLQPJrTSaDffMK7Nbao6LC7G9OW/NHkUwIdjLSS3KYf0Nv4/nQiiI8dY2TcsQx01NniOg iat-mode=0", + "obfs4 193.11.166.194:27020 86AC7B8D430DAC4117E9F42C9EAED18133863AAF cert=0LDeJH4JzMDtkJJrFphJCiPqKx7loozKN7VNfuukMGfHO0Z8OGdzHVkhVAOfo1mUdv9cMg iat-mode=0", + "obfs4 193.11.166.194:27025 1AE2C08904527FEA90C4C4F8C1083EA59FBC6FAF cert=ItvYZzW5tn6v3G4UnQa6Qz04Npro6e81AP70YujmK/KXwDFPTs3aHXcHp4n8Vt6w/bv8cA iat-mode=0", + "obfs4 209.148.46.65:443 74FAD13168806246602538555B5521A0383A1875 cert=ssH+9rP8dG2NLDN2XuFw63hIO/9MNNinLmxQDpVa+7kTOa9/m+tGWT1SmSYpQ9uTBGa6Hw iat-mode=0", + "obfs4 146.57.248.225:22 10A6CD36A537FCE513A322361547444B393989F0 cert=K1gDtDAIcUfeLqbstggjIw2rtgIKqdIhUlHp82XRqNSq/mtAjp1BIC9vHKJ2FAEpGssTPw iat-mode=0", + "obfs4 45.145.95.6:27015 C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C cert=TD7PbUO0/0k6xYHMPW3vJxICfkMZNdkRrb63Zhl5j9dW3iRGiCx0A7mPhe5T2EDzQ35+Zw iat-mode=0", + "obfs4 51.222.13.177:80 5EDAC3B810E12B01F6FD8050D2FD3E277B289A08 cert=2uplIpLQ0q9+0qMFrK5pkaYRDOe460LL9WHBvatgkuRr/SL31wBOEupaMMJ6koRE6Ld0ew iat-mode=0" + ], + "snowflake" : [ + "snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=foursquare.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn", + "snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=foursquare.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn" + ] + } +} ===================================== toolkit/modules/TorConnect.sys.mjs ===================================== @@ -23,7 +23,6 @@ import { TorLauncherUtil } from "resource://gre/modules/TorLauncherUtil.sys.mjs" import { TorSettings, TorSettingsTopics, - TorBuiltinBridgeTypes, } from "resource://gre/modules/TorSettings.sys.mjs"; import { TorStrings } from "resource://gre/modules/TorStrings.sys.mjs"; @@ -609,7 +608,7 @@ export const TorConnect = (() => { } const settings = await this.mrpc.circumvention_settings( - [...TorBuiltinBridgeTypes, "vanilla"], + [...TorSettings.builtinBridgeTypes, "vanilla"], countryCode ); @@ -625,7 +624,7 @@ export const TorConnect = (() => { } else { try { this.settings = await this.mrpc.circumvention_defaults([ - ...TorBuiltinBridgeTypes, + ...TorSettings.builtinBridgeTypes, "vanilla", ]); } catch (err) { ===================================== toolkit/modules/TorSettings.sys.mjs ===================================== @@ -67,16 +67,6 @@ const TorSettingsPrefs = Object.freeze({ }, }); -/* Legacy tor-launcher prefs and pref branches*/ -const TorLauncherPrefs = Object.freeze({ - quickstart: "extensions.torlauncher.quickstart", - default_bridge_type: "extensions.torlauncher.default_bridge_type", - default_bridge: "extensions.torlauncher.default_bridge.", - default_bridge_recommended_type: - "extensions.torlauncher.default_bridge_recommended_type", - bridgedb_bridge: "extensions.torlauncher.bridgedb_bridge.", -}); - /* Config Keys used to configure tor daemon */ const TorConfigKeys = Object.freeze({ useBridges: "UseBridges", @@ -105,101 +95,41 @@ export const TorProxyType = Object.freeze({ HTTPS: 2, }); -export const TorBuiltinBridgeTypes = Object.freeze( - (() => { - const bridgeListBranch = Services.prefs.getBranch( - TorLauncherPrefs.default_bridge - ); - const bridgePrefs = bridgeListBranch.getChildList(""); - - // an unordered set for shoving bridge types into - const bridgeTypes = new Set(); - // look for keys ending in ".N" and treat string before that as the bridge type - const pattern = /\.[0-9]+$/; - for (const key of bridgePrefs) { - const offset = key.search(pattern); - if (offset != -1) { - const bt = key.substring(0, offset); - bridgeTypes.add(bt); - } - } - - // recommended bridge type goes first in the list - const recommendedBridgeType = Services.prefs.getCharPref( - TorLauncherPrefs.default_bridge_recommended_type, - null - ); - - const retval = []; - if (recommendedBridgeType && bridgeTypes.has(recommendedBridgeType)) { - retval.push(recommendedBridgeType); - } - - for (const bridgeType of bridgeTypes.values()) { - if (bridgeType != recommendedBridgeType) { - retval.push(bridgeType); - } - } - return retval; - })() -); - -/* Parsing Methods */ - -// expects a '\n' or '\r\n' delimited bridge string, which we split and trim -// each bridge string can also optionally have 'bridge' at the beginning ie: -// bridge $(type) $(address):$(port) $(certificate) -// we strip out the 'bridge' prefix here -const parseBridgeStrings = function (aBridgeStrings) { +/** + * Split a blob of bridge lines into an array with single lines. + * Lines are delimited by \r\n or \n and each bridge string can also optionally + * have 'bridge' at the beginning. + * We split the text by \r\n, we trim the lines, remove the bridge prefix and + * filter out any remaiing empty item. + * + * @param {string} aBridgeStrings The text with the lines + * @returns {string[]} An array where each bridge line is an item + */ +function parseBridgeStrings(aBridgeStrings) { // replace carriage returns ('\r') with new lines ('\n') aBridgeStrings = aBridgeStrings.replace(/\r/g, "\n"); // then replace contiguous new lines ('\n') with a single one aBridgeStrings = aBridgeStrings.replace(/[\n]+/g, "\n"); - // split on the newline and for each bridge string: trim, remove starting 'bridge' string - // finally discard entries that are empty strings; empty strings could occur if we receive - // a new line containing only whitespace + // Split on the newline and for each bridge string: trim, remove starting + // 'bridge' string. + // Finally, discard entries that are empty strings; empty strings could occur + // if we receive a new line containing only whitespace. const splitStrings = aBridgeStrings.split("\n"); return splitStrings .map(val => val.trim().replace(/^bridge\s+/i, "")) - .filter(bridgeString => bridgeString != ""); -}; - -const getBuiltinBridgeStrings = function (builtinType) { - if (!builtinType) { - return []; - } - - const bridgeBranch = Services.prefs.getBranch( - TorLauncherPrefs.default_bridge - ); - const bridgeBranchPrefs = bridgeBranch.getChildList(""); - const retval = []; - - // regex matches against strings ending in ".N" where N is a positive integer - const pattern = /\.[0-9]+$/; - for (const key of bridgeBranchPrefs) { - // verify the location of the match is the correct offset required for aBridgeType - // to fit, and that the string begins with aBridgeType - if ( - key.search(pattern) == builtinType.length && - key.startsWith(builtinType) - ) { - const bridgeStr = bridgeBranch.getCharPref(key); - retval.push(bridgeStr); - } - } - - // shuffle so that Tor Browser users don't all try the built-in bridges in the same order - arrayShuffle(retval); - - return retval; -}; - -/* Helper methods */ - -const arrayShuffle = function (array) { - // fisher-yates shuffle + .filter(bridgeString => bridgeString !== ""); +} + +/** + * Return a shuffled (Fisher-Yates) copy of an array. + * + * @template T + * @param {T[]} array + * @returns {T[]} + */ +function arrayShuffle(array) { + array = [...array]; for (let i = array.length - 1; i > 0; --i) { // number n such that 0.0 <= n < 1.0 const n = Math.random(); @@ -211,17 +141,18 @@ const arrayShuffle = function (array) { array[i] = array[j]; array[j] = tmp; } -}; + return array; +} /* TorSettings module */ -export const TorSettings = { +class TorSettingsImpl { /** * The underlying settings values. * * @type {object} */ - _settings: { + #settings = { quickstart: { enabled: false, }, @@ -243,34 +174,207 @@ export const TorSettings = { enabled: false, allowed_ports: [], }, - }, + }; + + /** + * The recommended pluggable transport. + * + * @type {string} + */ + #recommendedPT = ""; + + /** + * The bridge lines for built-in bridges. + * Keys are pluggable transports, and values are arrays of bridge lines. + * + * @type {Object.<string, string[]>} + */ + #builtinBridges = {}; + + /** + * Resolve callback of the initializedPromise. + */ + #initComplete; + /** + * Reject callback of the initializedPromise. + */ + #initFailed; + /** + * Tell whether the initializedPromise has been resolved. + * We keep this additional member to avoid making everything async. + * + * @type {boolean} + */ + #initialized = false; + /** + * During some phases of the initialization, allow calling setters and + * getters without throwing errors. + * + * @type {boolean} + */ + #allowUninitialized = false; + + constructor() { + this.initializedPromise = new Promise((resolve, reject) => { + this.#initComplete = resolve; + this.#initFailed = reject; + }); + + this.#addProperties("quickstart", { + enabled: {}, + }); + this.#addProperties("bridges", { + enabled: {}, + source: { + transform: val => { + if (Object.values(TorBridgeSource).includes(val)) { + return val; + } + lazy.logger.error(`Not a valid bridge source: "${val}"`); + return TorBridgeSource.Invalid; + }, + }, + bridge_strings: { + transform: val => { + if (Array.isArray(val)) { + return [...val]; + } + return parseBridgeStrings(val); + }, + copy: val => [...val], + equal: (val1, val2) => this.#arrayEqual(val1, val2), + }, + builtin_type: { + callback: val => { + if (!val) { + // Make sure that the source is not BuiltIn + if (this.bridges.source === TorBridgeSource.BuiltIn) { + this.bridges.source = TorBridgeSource.Invalid; + } + return; + } + const bridgeStrings = this.#getBuiltinBridges(val); + if (bridgeStrings.length) { + this.bridges.bridge_strings = bridgeStrings; + return; + } + lazy.logger.error(`No built-in ${val} bridges found`); + // Change to be empty, this will trigger this callback again, + // but with val as "". + this.bridges.builtin_type == ""; + }, + }, + }); + this.#addProperties("proxy", { + enabled: { + callback: val => { + if (val) { + return; + } + // Reset proxy settings. + this.proxy.type = TorProxyType.Invalid; + this.proxy.address = ""; + this.proxy.port = 0; + this.proxy.username = ""; + this.proxy.password = ""; + }, + }, + type: { + transform: val => { + if (Object.values(TorProxyType).includes(val)) { + return val; + } + lazy.logger.error(`Not a valid proxy type: "${val}"`); + return TorProxyType.Invalid; + }, + }, + address: {}, + port: { + transform: val => { + if (val === 0) { + // This is a valid value that "unsets" the port. + // Keep this value without giving a warning. + // NOTE: In contrast, "0" is not valid. + return 0; + } + // Unset to 0 if invalid null is returned. + return this.#parsePort(val, false) ?? 0; + }, + }, + username: {}, + password: {}, + uri: { + getter: () => { + const { type, address, port, username, password } = this.proxy; + switch (type) { + case TorProxyType.Socks4: + return `socks4a://${address}:${port}`; + case TorProxyType.Socks5: + if (username) { + return `socks5://${username}:${password}@${address}:${port}`; + } + return `socks5://${address}:${port}`; + case TorProxyType.HTTPS: + if (username) { + return `http://${username}:${password}@${address}:${port}`; + } + return `http://${address}:${port}`; + } + return null; + }, + }, + }); + this.#addProperties("firewall", { + enabled: { + callback: val => { + if (!val) { + this.firewall.allowed_ports = ""; + } + }, + }, + allowed_ports: { + transform: val => { + if (!Array.isArray(val)) { + val = val === "" ? [] : val.split(","); + } + // parse and remove duplicates + const portSet = new Set(val.map(p => this.#parsePort(p, true))); + // parsePort returns null for failed parses, so remove it. + portSet.delete(null); + return [...portSet]; + }, + copy: val => [...val], + equal: (val1, val2) => this.#arrayEqual(val1, val2), + }, + }); + } /** * The current number of freezes applied to the notifications. * * @type {integer} */ - _freezeNotificationsCount: 0, + #freezeNotificationsCount = 0; /** * The queue for settings that have changed. To be broadcast in the * notification when not frozen. * * @type {Set<string>} */ - _notificationQueue: new Set(), + #notificationQueue = new Set(); /** * Send a notification if we have any queued and we are not frozen. */ - _tryNotification() { - if (this._freezeNotificationsCount || !this._notificationQueue.size) { + #tryNotification() { + if (this.#freezeNotificationsCount || !this.#notificationQueue.size) { return; } Services.obs.notifyObservers( - { changes: [...this._notificationQueue] }, + { changes: [...this.#notificationQueue] }, TorSettingsTopics.SettingsChanged ); - this._notificationQueue.clear(); - }, + this.#notificationQueue.clear(); + } /** * Pause notifications for changes in setting values. This is useful if you * need to make batch changes to settings. @@ -281,8 +385,8 @@ export const TorSettings = { * `finally` block. */ freezeNotifications() { - this._freezeNotificationsCount++; - }, + this.#freezeNotificationsCount++; + } /** * Release the hold on notifications so they may be sent out. * @@ -290,9 +394,9 @@ export const TorSettings = { * only release them once it has also called this method. */ thawNotifications() { - this._freezeNotificationsCount--; - this._tryNotification(); - }, + this.#freezeNotificationsCount--; + this.#tryNotification(); + } /** * @typedef {object} TorSettingProperty * @@ -316,22 +420,32 @@ export const TorSettings = { * @param {string} groupname - The name of the setting group. The given * settings will be accessible from the TorSettings property of the same * name. - * @param {object<string, TorSettingProperty>} propParams - An object that + * @param {object.<string, TorSettingProperty>} propParams - An object that * defines the settings to add to this group. The object property names * will be mapped to properties of TorSettings under the given groupname * property. Details about the setting should be described in the * TorSettingProperty property value. */ - _addProperties(groupname, propParams) { + #addProperties(groupname, propParams) { // Create a new object to hold all these settings. const group = {}; for (const name in propParams) { const { getter, transform, callback, copy, equal } = propParams[name]; Object.defineProperty(group, name, { get: getter - ? getter + ? () => { + // Allow getting in loadFromPrefs before we are initialized. + if (!this.#allowUninitialized) { + this.#checkIfInitialized(); + } + return getter(); + } : () => { - let val = this._settings[groupname][name]; + // Allow getting in loadFromPrefs before we are initialized. + if (!this.#allowUninitialized) { + this.#checkIfInitialized(); + } + let val = this.#settings[groupname][name]; if (copy) { val = copy(val); } @@ -341,7 +455,11 @@ export const TorSettings = { set: getter ? undefined : val => { - const prevVal = this._settings[groupname][name]; + // Allow setting in loadFromPrefs before we are initialized. + if (!this.#allowUninitialized) { + this.#checkIfInitialized(); + } + const prevVal = this.#settings[groupname][name]; this.freezeNotifications(); try { if (transform) { @@ -352,8 +470,8 @@ export const TorSettings = { if (callback) { callback(val); } - this._settings[groupname][name] = val; - this._notificationQueue.add(`${groupname}.${name}`); + this.#settings[groupname][name] = val; + this.#notificationQueue.add(`${groupname}.${name}`); } } finally { this.thawNotifications(); @@ -367,14 +485,14 @@ export const TorSettings = { writable: false, value: group, }); - }, + } /** * Regular expression for a decimal non-negative integer. * * @type {RegExp} */ - _portRegex: /^[0-9]+$/, + #portRegex = /^[0-9]+$/; /** * Parse a string as a port number. * @@ -385,13 +503,13 @@ export const TorSettings = { * @return {integer?} - The port number, or null if the given value was not * valid. */ - _parsePort(val, trim) { + #parsePort(val, trim) { if (typeof val === "string") { if (trim) { val = val.trim(); } // ensure port string is a valid positive integer - if (this._portRegex.test(val)) { + if (this.#portRegex.test(val)) { val = Number.parseInt(val, 10); } else { lazy.logger.error(`Invalid port string "${val}"`); @@ -403,7 +521,7 @@ export const TorSettings = { return null; } return val; - }, + } /** * Test whether two arrays have equal members and order. * @@ -412,142 +530,57 @@ export const TorSettings = { * * @return {boolean} - Whether the two arrays are equal. */ - _arrayEqual(val1, val2) { + #arrayEqual(val1, val2) { if (val1.length !== val2.length) { return false; } return val1.every((v, i) => v === val2[i]); - }, + } + + /** + * Return the bridge lines associated to a certain pluggable transport. + * + * @param {string} pt The pluggable transport to return the lines for + * @returns {string[]} The bridge lines in random order + */ + #getBuiltinBridges(pt) { + // Shuffle so that Tor Browser users do not all try the built-in bridges in + // the same order. + return arrayShuffle(this.#builtinBridges[pt] ?? []); + } - /* load or init our settings, and register observers */ + /** + * Load or init our settings, and register observers. + */ async init() { - this._addProperties("quickstart", { - enabled: {}, - }); - this._addProperties("bridges", { - enabled: {}, - source: { - transform: val => { - if (Object.values(TorBridgeSource).includes(val)) { - return val; - } - lazy.logger.error(`Not a valid bridge source: "${val}"`); - return TorBridgeSource.Invalid; - }, - }, - bridge_strings: { - transform: val => { - if (Array.isArray(val)) { - return [...val]; - } - return parseBridgeStrings(val); - }, - copy: val => [...val], - equal: (val1, val2) => this._arrayEqual(val1, val2), - }, - builtin_type: { - callback: val => { - if (!val) { - // Make sure that the source is not BuiltIn - if (this.bridges.source === TorBridgeSource.BuiltIn) { - this.bridges.source = TorBridgeSource.Invalid; - } - return; - } - const bridgeStrings = getBuiltinBridgeStrings(val); - if (bridgeStrings.length) { - this.bridges.bridge_strings = bridgeStrings; - return; - } - lazy.logger.error(`No built-in ${val} bridges found`); - // Change to be empty, this will trigger this callback again, - // but with val as "". - this.bridges.builtin_type == ""; - }, - }, - }); - this._addProperties("proxy", { - enabled: { - callback: val => { - if (val) { - return; - } - // Reset proxy settings. - this.proxy.type = TorProxyType.Invalid; - this.proxy.address = ""; - this.proxy.port = 0; - this.proxy.username = ""; - this.proxy.password = ""; - }, - }, - type: { - transform: val => { - if (Object.values(TorProxyType).includes(val)) { - return val; - } - lazy.logger.error(`Not a valid proxy type: "${val}"`); - return TorProxyType.Invalid; - }, - }, - address: {}, - port: { - transform: val => { - if (val === 0) { - // This is a valid value that "unsets" the port. - // Keep this value without giving a warning. - // NOTE: In contrast, "0" is not valid. - return 0; - } - // Unset to 0 if invalid null is returned. - return this._parsePort(val, false) ?? 0; - }, - }, - username: {}, - password: {}, - uri: { - getter: () => { - const { type, address, port, username, password } = this.proxy; - switch (type) { - case TorProxyType.Socks4: - return `socks4a://${address}:${port}`; - case TorProxyType.Socks5: - if (username) { - return `socks5://${username}:${password}@${address}:${port}`; - } - return `socks5://${address}:${port}`; - case TorProxyType.HTTPS: - if (username) { - return `http://${username}:${password}@${address}:${port}`; - } - return `http://${address}:${port}`; - } - return null; - }, - }, - }); - this._addProperties("firewall", { - enabled: { - callback: val => { - if (!val) { - this.firewall.allowed_ports = ""; - } - }, - }, - allowed_ports: { - transform: val => { - if (!Array.isArray(val)) { - val = val === "" ? [] : val.split(","); - } - // parse and remove duplicates - const portSet = new Set(val.map(p => this._parsePort(p, true))); - // parsePort returns null for failed parses, so remove it. - portSet.delete(null); - return [...portSet]; - }, - copy: val => [...val], - equal: (val1, val2) => this._arrayEqual(val1, val2), - }, - }); + if (this.#initialized) { + lazy.logger.warn("Called init twice."); + return; + } + try { + await this.#initInternal(); + this.#initialized = true; + this.#initComplete(); + } catch (e) { + this.#initFailed(e); + throw e; + } + } + + /** + * The actual implementation of the initialization, which is wrapped to make + * it easier to update initializatedPromise. + */ + async #initInternal() { + try { + const req = await fetch("chrome://global/content/pt_config.json"); + const config = await req.json(); + lazy.logger.debug("Loaded pt_config.json", config); + this.#recommendedPT = config.recommendedDefault; + this.#builtinBridges = config.bridges; + } catch (e) { + lazy.logger.error("Could not load the built-in PT config.", e); + } // TODO: We could use a shared promise, and wait for it to be fullfilled // instead of Service.obs. @@ -557,16 +590,18 @@ export const TorSettings = { // Do not want notifications for initially loaded prefs. this.freezeNotifications(); try { - this.loadFromPrefs(); + this.#allowUninitialized = true; + this.#loadFromPrefs(); } finally { - this._notificationQueue.clear(); + this.#allowUninitialized = false; + this.#notificationQueue.clear(); this.thawNotifications(); } } try { const provider = await lazy.TorProviderBuilder.build(); if (provider.isRunning) { - this.handleProcessReady(); + this.#handleProcessReady(); // No need to add an observer to call this again. return; } @@ -574,9 +609,33 @@ export const TorSettings = { Services.obs.addObserver(this, lazy.TorProviderTopics.ProcessIsReady); } - }, + } + + /** + * Check whether the object has been successfully initialized, and throw if + * it has not. + */ + #checkIfInitialized() { + if (!this.#initialized) { + lazy.logger.trace("Not initialized code path."); + throw new Error( + "TorSettings has not been initialized yet, or its initialization failed" + ); + } + } + + /** + * Tell whether TorSettings has been successfully initialized. + * + * @returns {boolean} + */ + get initialized() { + return this.#initialized; + } - /* wait for relevant life-cycle events to apply saved settings */ + /** + * Wait for relevant life-cycle events to apply saved settings. + */ async observe(subject, topic, data) { lazy.logger.debug(`Observed ${topic}`); @@ -586,21 +645,26 @@ export const TorSettings = { this, lazy.TorProviderTopics.ProcessIsReady ); - await this.handleProcessReady(); + await this.#handleProcessReady(); break; } - }, + } - // once the tor daemon is ready, we need to apply our settings - async handleProcessReady() { + /** + * Apply the settings once the tor provider is ready and notify any observer + * that the settings can be used. + */ + async #handleProcessReady() { // push down settings to tor - await this.applySettings(); + await this.#applySettings(true); lazy.logger.info("Ready"); Services.obs.notifyObservers(null, TorSettingsTopics.Ready); - }, + } - // load our settings from prefs - loadFromPrefs() { + /** + * Load our settings from prefs. + */ + #loadFromPrefs() { lazy.logger.debug("loadFromPrefs()"); /* Quickstart */ @@ -671,12 +735,16 @@ export const TorSettings = { "" ); } - }, + } - // save our settings to prefs + /** + * Save our settings to prefs. + */ saveToPrefs() { lazy.logger.debug("saveToPrefs()"); + this.#checkIfInitialized(); + /* Quickstart */ Services.prefs.setBoolPref( TorSettingsPrefs.quickstart.enabled, @@ -758,77 +826,100 @@ export const TorSettings = { Services.prefs.setBoolPref(TorSettingsPrefs.enabled, true); return this; - }, + } - // push our settings down to the tor daemon + /** + * Push our settings down to the tor provider. + */ async applySettings() { - lazy.logger.debug("applySettings()"); + this.#checkIfInitialized(); + return this.#applySettings(false); + } + + /** + * Internal implementation of applySettings that does not check if we are + * initialized. + */ + async #applySettings(allowUninitialized) { + lazy.logger.debug("#applySettings()"); + const settingsMap = new Map(); - /* Bridges */ - const haveBridges = - this.bridges.enabled && !!this.bridges.bridge_strings.length; - settingsMap.set(TorConfigKeys.useBridges, haveBridges); - if (haveBridges) { - settingsMap.set(TorConfigKeys.bridgeList, this.bridges.bridge_strings); - } else { - settingsMap.set(TorConfigKeys.bridgeList, null); - } + // #applySettings can be called only when #allowUninitialized is false + this.#allowUninitialized = allowUninitialized; - /* Proxy */ - settingsMap.set(TorConfigKeys.socks4Proxy, null); - settingsMap.set(TorConfigKeys.socks5Proxy, null); - settingsMap.set(TorConfigKeys.socks5ProxyUsername, null); - settingsMap.set(TorConfigKeys.socks5ProxyPassword, null); - settingsMap.set(TorConfigKeys.httpsProxy, null); - settingsMap.set(TorConfigKeys.httpsProxyAuthenticator, null); - if (this.proxy.enabled) { - const address = this.proxy.address; - const port = this.proxy.port; - const username = this.proxy.username; - const password = this.proxy.password; - - switch (this.proxy.type) { - case TorProxyType.Socks4: - settingsMap.set(TorConfigKeys.socks4Proxy, `${address}:${port}`); - break; - case TorProxyType.Socks5: - settingsMap.set(TorConfigKeys.socks5Proxy, `${address}:${port}`); - settingsMap.set(TorConfigKeys.socks5ProxyUsername, username); - settingsMap.set(TorConfigKeys.socks5ProxyPassword, password); - break; - case TorProxyType.HTTPS: - settingsMap.set(TorConfigKeys.httpsProxy, `${address}:${port}`); - settingsMap.set( - TorConfigKeys.httpsProxyAuthenticator, - `${username}:${password}` - ); - break; + try { + /* Bridges */ + const haveBridges = + this.bridges.enabled && !!this.bridges.bridge_strings.length; + settingsMap.set(TorConfigKeys.useBridges, haveBridges); + if (haveBridges) { + settingsMap.set(TorConfigKeys.bridgeList, this.bridges.bridge_strings); + } else { + settingsMap.set(TorConfigKeys.bridgeList, null); } - } - /* Firewall */ - if (this.firewall.enabled) { - const reachableAddresses = this.firewall.allowed_ports - .map(port => `*:${port}`) - .join(","); - settingsMap.set(TorConfigKeys.reachableAddresses, reachableAddresses); - } else { - settingsMap.set(TorConfigKeys.reachableAddresses, null); + /* Proxy */ + settingsMap.set(TorConfigKeys.socks4Proxy, null); + settingsMap.set(TorConfigKeys.socks5Proxy, null); + settingsMap.set(TorConfigKeys.socks5ProxyUsername, null); + settingsMap.set(TorConfigKeys.socks5ProxyPassword, null); + settingsMap.set(TorConfigKeys.httpsProxy, null); + settingsMap.set(TorConfigKeys.httpsProxyAuthenticator, null); + if (this.proxy.enabled) { + const address = this.proxy.address; + const port = this.proxy.port; + const username = this.proxy.username; + const password = this.proxy.password; + + switch (this.proxy.type) { + case TorProxyType.Socks4: + settingsMap.set(TorConfigKeys.socks4Proxy, `${address}:${port}`); + break; + case TorProxyType.Socks5: + settingsMap.set(TorConfigKeys.socks5Proxy, `${address}:${port}`); + settingsMap.set(TorConfigKeys.socks5ProxyUsername, username); + settingsMap.set(TorConfigKeys.socks5ProxyPassword, password); + break; + case TorProxyType.HTTPS: + settingsMap.set(TorConfigKeys.httpsProxy, `${address}:${port}`); + settingsMap.set( + TorConfigKeys.httpsProxyAuthenticator, + `${username}:${password}` + ); + break; + } + } + + /* Firewall */ + if (this.firewall.enabled) { + const reachableAddresses = this.firewall.allowed_ports + .map(port => `*:${port}`) + .join(","); + settingsMap.set(TorConfigKeys.reachableAddresses, reachableAddresses); + } else { + settingsMap.set(TorConfigKeys.reachableAddresses, null); + } + } finally { + this.#allowUninitialized = false; } /* Push to Tor */ const provider = await lazy.TorProviderBuilder.build(); await provider.writeSettings(settingsMap); + } - return this; - }, - - // set all of our settings at once from a settings object + /** + * Set all of our settings at once from a settings object. + * + * @param {object} settings The settings object to set + */ setSettings(settings) { lazy.logger.debug("setSettings()"); + this.#checkIfInitialized(); + const backup = this.getSettings(); - const backup_notifications = [...this._notificationQueue]; + const backupNotifications = [...this.#notificationQueue]; // Hold off on lots of notifications until all settings are changed. this.freezeNotifications(); @@ -869,10 +960,10 @@ export const TorSettings = { // some other call to TorSettings to change anything whilst we are // in this context (other than lower down in this call stack), so it is // safe to discard all changes to settings and notifications. - this._settings = backup; - this._notificationQueue.clear(); - for (const notification of backup_notifications) { - this._notificationQueue.add(notification); + this.#settings = backup; + this.#notificationQueue.clear(); + for (const notification of backupNotifications) { + this.#notificationQueue.add(notification); } lazy.logger.error("setSettings failed", ex); @@ -880,12 +971,36 @@ export const TorSettings = { this.thawNotifications(); } - lazy.logger.debug("setSettings result", this._settings); - }, + lazy.logger.debug("setSettings result", this.#settings); + } - // get a copy of all our settings + /** + * Get a copy of all our settings. + * + * @returns {object} A copy of the settings object + */ getSettings() { lazy.logger.debug("getSettings()"); - return structuredClone(this._settings); - }, -}; + this.#checkIfInitialized(); + return structuredClone(this.#settings); + } + + /** + * Return an array with the pluggable transports for which we have at least a + * built-in bridge line. + * + * @returns {string[]} An array with PT identifiers + */ + get builtinBridgeTypes() { + this.#checkIfInitialized(); + const types = Object.keys(this.#builtinBridges); + const recommendedIndex = types.indexOf(this.#recommendedPT); + if (recommendedIndex > 0) { + types.splice(recommendedIndex, 1); + types.unshift(this.#recommendedPT); + } + return types; + } +} + +export const TorSettings = new TorSettingsImpl(); ===================================== tools/torbrowser/bridges.js deleted ===================================== @@ -1,62 +0,0 @@ -pref("extensions.torlauncher.default_bridge_recommended_type", "obfs4"); - -// Default bridges. -pref( - "extensions.torlauncher.default_bridge.obfs4.1", - "obfs4 192.95.36.142:443 CDF2E852BF539B82BD10E27E9115A31734E378C2 cert=qUVQ0srL1JI/vO6V6m/24anYXiJD3QP2HgzUKQtQ7GRqqUvs7P+tG43RtAqdhLOALP7DJQ iat-mode=1" -); -pref( - "extensions.torlauncher.default_bridge.obfs4.2", - "obfs4 37.218.245.14:38224 D9A82D2F9C2F65A18407B1D2B764F130847F8B5D cert=bjRaMrr1BRiAW8IE9U5z27fQaYgOhX1UCmOpg2pFpoMvo6ZgQMzLsaTzzQNTlm7hNcb+Sg iat-mode=0" -); -pref( - "extensions.torlauncher.default_bridge.obfs4.3", - "obfs4 85.31.186.98:443 011F2599C0E9B27EE74B353155E244813763C3E5 cert=ayq0XzCwhpdysn5o0EyDUbmSOx3X/oTEbzDMvczHOdBJKlvIdHHLJGkZARtT4dcBFArPPg iat-mode=0" -); -pref( - "extensions.torlauncher.default_bridge.obfs4.4", - "obfs4 85.31.186.26:443 91A6354697E6B02A386312F68D82CF86824D3606 cert=PBwr+S8JTVZo6MPdHnkTwXJPILWADLqfMGoVvhZClMq/Urndyd42BwX9YFJHZnBB3H0XCw iat-mode=0" -); -pref( - "extensions.torlauncher.default_bridge.obfs4.5", - "obfs4 193.11.166.194:27015 2D82C2E354D531A68469ADF7F878FA6060C6BACA cert=4TLQPJrTSaDffMK7Nbao6LC7G9OW/NHkUwIdjLSS3KYf0Nv4/nQiiI8dY2TcsQx01NniOg iat-mode=0" -); -pref( - "extensions.torlauncher.default_bridge.obfs4.6", - "obfs4 193.11.166.194:27020 86AC7B8D430DAC4117E9F42C9EAED18133863AAF cert=0LDeJH4JzMDtkJJrFphJCiPqKx7loozKN7VNfuukMGfHO0Z8OGdzHVkhVAOfo1mUdv9cMg iat-mode=0" -); -pref( - "extensions.torlauncher.default_bridge.obfs4.7", - "obfs4 193.11.166.194:27025 1AE2C08904527FEA90C4C4F8C1083EA59FBC6FAF cert=ItvYZzW5tn6v3G4UnQa6Qz04Npro6e81AP70YujmK/KXwDFPTs3aHXcHp4n8Vt6w/bv8cA iat-mode=0" -); -pref( - "extensions.torlauncher.default_bridge.obfs4.8", - "obfs4 209.148.46.65:443 74FAD13168806246602538555B5521A0383A1875 cert=ssH+9rP8dG2NLDN2XuFw63hIO/9MNNinLmxQDpVa+7kTOa9/m+tGWT1SmSYpQ9uTBGa6Hw iat-mode=0" -); -pref( - "extensions.torlauncher.default_bridge.obfs4.9", - "obfs4 146.57.248.225:22 10A6CD36A537FCE513A322361547444B393989F0 cert=K1gDtDAIcUfeLqbstggjIw2rtgIKqdIhUlHp82XRqNSq/mtAjp1BIC9vHKJ2FAEpGssTPw iat-mode=0" -); -pref( - "extensions.torlauncher.default_bridge.obfs4.10", - "obfs4 45.145.95.6:27015 C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C cert=TD7PbUO0/0k6xYHMPW3vJxICfkMZNdkRrb63Zhl5j9dW3iRGiCx0A7mPhe5T2EDzQ35+Zw iat-mode=0" -); -pref( - "extensions.torlauncher.default_bridge.obfs4.11", - "obfs4 51.222.13.177:80 5EDAC3B810E12B01F6FD8050D2FD3E277B289A08 cert=2uplIpLQ0q9+0qMFrK5pkaYRDOe460LL9WHBvatgkuRr/SL31wBOEupaMMJ6koRE6Ld0ew iat-mode=0" -); - -pref( - "extensions.torlauncher.default_bridge.meek-azure.1", - "meek_lite 192.0.2.18:80 BE776A53492E1E044A26F17306E1BC46A55A1625 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com" -); - -pref( - "extensions.torlauncher.default_bridge.snowflake.1", - "snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn" -); - -pref( - "extensions.torlauncher.default_bridge.snowflake.2", - "snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn" -); ===================================== tools/torbrowser/deploy.sh ===================================== @@ -6,17 +6,10 @@ BUILD_OUTPUT="$2" SCRIPT_DIR="$(realpath "$(dirname "$0")")" RESDIR="$BUILD_OUTPUT/dist/firefox" -if [ "$(uname)" = "Darwin" ]; then +if [ "$(uname)" = "Darwin" ]; then RESDIR="$RESDIR/Tor Browser.app/Contents/Resources" fi -# Add built-in bridges -mkdir -p "$BUILD_OUTPUT/_omni/defaults/preferences" -cat "$BUILD_OUTPUT/dist/bin/browser/defaults/preferences/000-tor-browser.js" "$SCRIPT_DIR/bridges.js" >> "$BUILD_OUTPUT/_omni/defaults/preferences/000-tor-browser.js" -cd "$BUILD_OUTPUT/_omni" -zip -Xmr "$RESDIR/browser/omni.ja" "defaults/preferences/000-tor-browser.js" -rm -rf "$BUILD_OUTPUT/_omni" - # Repackage the manual # rm -rf $BUILD_OUTPUT/_omni # mkdir $BUILD_OUTPUT/_omni @@ -34,12 +27,12 @@ if [ "$(uname)" = "Darwin" ]; then cd "$BINARIES/Tor Browser.app/Contents/MacOS" "$SCRIPT_DIR/browser-self-sign-macos.sh" - else +else # backup the startup script mv "$BINARIES/dev/Browser/firefox" "$BINARIES/dev/Browser/firefox.bak" - - # copy binaries + + # copy binaries cp -r "$RESDIR/"* "$BINARIES/dev/Browser" rm -rf "$BINARIES/dev/Browser/TorBrowser/Data/Browser/profile.default/startupCache" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/0d07d3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/0d07d3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher][main] Update share/torbrowser-launcher/tor-browser-developers.asc (#10)
by boklm (＠boklm) 08 Jan '24

08 Jan '24

boklm pushed to branch main at The Tor Project / Applications / torbrowser-launcher Commits: 9140e6a4 by Nicolas Vigier at 2024-01-08T13:54:51+01:00 Update share/torbrowser-launcher/tor-browser-developers.asc (#10) Update Tor Browser gpg key, with new expiration date on the current subkey. - - - - - 1 changed file: - share/torbrowser-launcher/tor-browser-developers.asc Changes: ===================================== share/torbrowser-launcher/tor-browser-developers.asc ===================================== @@ -70,40 +70,40 @@ df1B0nicivxYAGb0Nc8ICl89WMfKp+/LMzD08Alzz26Mfmglv6zJx2J0b8puMEtT iM4ESrDVrMxewibZ4cI9e1g86WXGPlIZ0ApicFlr69bTIPzIYNmYwWqab2tqm0MQ VRpNDWMIkWJ/r3TTmNN+Fqv827Fo7qR8zjPVi8DyoKmFzfgya2ZoE7od5bGg7lcM 7UhzEPfwZUMqKaawlrnzqy1sGLJi0QZErUhHo3tU9sHYqAtUENvs4LC7dEG5Ag0E -WwnQdAEQAK8MRUxjsvvZFGt3dScnI20cvlL4LM3ReesedqrFEOcZP8q5kVxiu3n1 -zT64BXRza2EiYPttymbh56ynLk/SxxcM1qdGhn1qwdCEav//TYJK4eE0ZRPbdOL6 -YY9hkfBPZUONBD+YYnohsOUnAYRNaRsSjlAwsaoDauJMSOGl7Fam0E2GDvzAYeCE -jE9SYFwW1jGGmvEKjAV9zqjeMwH0A7NWYuTo9VXmCyxRPPhAKw/3XsMuJ1WOnL9r -Pz4yo2ZQlyLf342IFKpvQLw+H3NqRYpJa8P5bi1cKYGHP97UZFHLOu5rzvoyFmTU -82H0oc2BQDIacZzwmVVwyM0wOg4evdRXmv/2KvtuwxosF58kXZTtCQ7miWRWUPGM -X4PR71I70KBBDcLWZMptmW8Ey+oE7DjOUMv77sGeBZdF/pBW0Oy4qgNF/tX//Nko -I2dKBBuEQMikQLgfuEoGF/5zueWJdLjEDESeZB9nXgWEaADwiH+nzcuUYivCYR2y -szRpRTv2GwcUoYbT1Cb8L3Qy77xq21BiOxs5OWylfUS0yLZN9XOP/qwa5MDPmpS1 -kAw3IcBf9MA825PFxXQY/mv9rvd5gmip+vfwBT8F3ZvXzQHAWBF0bXTONmp/Cxuj -jE1PkJBQ+mOg5x/wyYEVw+HkfZgSIwfVFFJ+MXkKYeXXVHg5+lubABEBAAGJBHIE -GAEKACYCGwIWIQTvbiht2oXqKkun3mhOLG6HkymCkAUCYL9srAUJBsp3OAJACRBO -LG6HkymCkMF0IAQZAQoAHRYhBBEHdbXRAfs2vGyRG+t3RJHZ/wbiBQJbCdB0AAoJ -EOt3RJHZ/wbi170P/0Rvg0uBdrHsnKOjfqwPZ6k4I1Wwx2tpkrsb4wKVVxoRTZFO -iF1DE33gZ1Dkf1jczfwdpBZQbC70gkaLz2WpbbBRtg6RIZQO53psM+wmYRO1C4P+ -ByMJ9bf8V28pzKTsBV3jU3ACp2uNWft7wIzUq/6AHHf6RgVvikglC+RcUxLbOHdX -zLpgM8ItzotD3UBq+g67um3VG1HC3/1RaA+tqvrg/uehEjhiC753XYgz2VkHlRVV -oM74KoXC3HKxChwArpT5lAfqwUwvcvvOiPL4ZsBivl452tQOPfef9XBgV7LSQnS1 -Wy8x0L+ncClP8OiEdC3DpZSgZKeFJ1V+xsis9V0Bzs/Pv4VH+s7spvm1Al7BwkNX -Qkxn2csaws1lIuS7cfB6sbdkNNGxAeQSOfCLOCWJU01niy/NVRQiEEjbhCSMHwj1 -AEf6B+sGghmj5BEfCdfB27o4eCrv/xQCJri7g0FlYFypnaxc/lHojNQZZCAHA3Av -/RCcbEoBQ1JBdR2f9oUQ86ZJtHVbUKU4k39jSA/b8eqSQQB6y/2dkNdW2VnXiM/A -i8aj1FJQTX4K+j5pCGy/+AR241qfeImr3JtMav2SrkfuD72dUPbKowFeKq3M0p39 -12peoH82PVnLgsD7uhRTYbhLUOefYG8JvoovnhQH6X9RvMEQ3aZyvRfgkNyR8MoP -/ifP1xddz4quT5XNyrg8z1rwVVDogGigFm2IumnGh/UFNB/dL0JlXV4tmYNeLaKy -/7YSmNMP1MnMWR+FbY8VWFreFZqWMcsk4AaN+fQXzMFJjZ9hbSyBSOpL1TZ20nnI -w0Ant8cuH2LSFPJnlE+KZfzneN6n1o9Wo0lvFwswPxYpHJOkrDyDMeLrkDf6/Kfj -Kq5QujlVJpfOOYgINXUDnvOTotHbOpqRULU6elaKGJbdRByB2cN0lbPJjcOx6GXs -UNqAGO0VcS7CVn6KByxI0MFPbwmK8sZ/MUiJZnnUuB9x3X+Rf2UPRdOyIl3/jc/s -8AAQcvWm7fuxcCOgqK6BPP4S7tpiuYaeI44MhW2H6ndwO49KI7jaoIf0Vk2c2OCy -MsGf5G3djcDnZ70hEEQdr+2h2yaOPkr5j3oAxugA3pRG0rnX7SPol3xnsahkbexW -VltWIA/ZR6RoZpYDT2nAh4vfTzDGCe7SeNMzhuZhvPvJS62XLQcz4zCBbz9LZgtq -nRxpaYjCyY7RQXngVHzy98ImiNmdgfxw1FD+qW2FyC5cN2fgLU8X8hpql9/P68eu -AIA7U6w7fVji3F3Uul0FuqERX6p9ZObfot2LsFZIUoYqUemNt2gqHuzKKZyIjt6Q -3dAx5AUwZE27KZWfpfNbww/HaNtTPqD6ULtvRdQiXheV -=GYln +YUSBvAEQALxuQqEliMOMGpoVXWK7uIPHXmV8U/kUuAtda3Mfo7vySXUgqv3Cgia+ +pszIXa5BYx3GCCx2W+H+EYzyB80Nw/Qz2kAX03+wJ/gaioQfRkNEcZi8cvWS08px +TVpKkaPMRuhSk0eCXAXmikDOUvzxqeB7U/IPBdsZJJoQk5vfOJX1vA0ZvdHwW+uZ +C69rJctAqZ+qaEtOO94i9o+MfUq+ovHPflYM5o27w8oC9LKmTJVa6vMg88dLRkJp +nXHe0Xr8Xq6seJZIfixu1RvFA5OLvxJvEySKwI2HJ+Fn56AnPZKb64YA67PLe/j+ +201w+svGh71FFbjxyrxOTGDdeZ9AMHJ6IRvdhtgvh6ZxceWHKSqDxkZo5BgfKmkK +Y9V+PNmpa/h7jEA+531L67j1o0B1dgmnvHobiixTiTMI7tPTAs9fsXg2RWs+L+nP +VHQLTHqOMRRsD0sv/W2cCrydNN3w7e1Fbv1Ka55AAu1uslO+XJehkbqb5GojaAGM +4DowintgyfEYP4BKl299lD5/w4e1NsO8o7xkU9oswzNT57jocla0P3jFVSdvg75+ +H9qUnp52k0BZO4ynQLreaUpUxax4H9L38iE5ClgX5vJ+4fCEyqyIhAVEhFGpjDJ+ +TG1EB2ljE7PjCKUg+OK+Xf42F5BrZmji1fpAsKiOhSwHs7lj8gcVABEBAAGJBHIE +GAEKACYCGwIWIQTvbiht2oXqKkun3mhOLG6HkymCkAUCZZmnzAUJBYRfEAJACRBO +LG6HkymCkMF0IAQZAQoAHRYhBGExiPxb4hduPtVJAeU9mJqeLUe/BQJhRIG8AAoJ +EOU9mJqeLUe/vKEP/2+AD/ZAqQQRSGbvkh0TIMjLkBpS5lyVA1rHtTOzhAmtCnoi +0x0Dd6w8d81yjNuvfGhijdxPOjUicA+9tEWHKb3AszV8JL72vC2OJl3Qod+C9N55 +907r+EL41A4Ew7bLYz5DifQBoVt/qzTjUIZdpNbz/oDHr75R3bm8QwKSVrj0mia/ +l1rCCLBVAFAaF59VIS/KjyRo5wPqUaUkxU5A1MH/FXcRXaukO4ontNqaZpV+P1c9 ++duQnAI1dXEDpIgCya+4kJDazBKLn3HtPYf758qNj0qAMl+Z3zeGPmdFx5dIV5IQ +wxjQopnjHg6rBTLqGGQvD9OLpCXsCrahEF0BXrVRHVBL5yJih+XO12eIoMX/PnDT +Sd3SodO0W3Pfp6MHMx6QSox8r5OJdi+WrrSwZBBg3UQL82+SBdJMDhxFutyGQ6rj +Wt1EdOOfOLlH97dl2z4jCmstXAc7pPC7XNOFz3zZbJmjBV++Ax9T0Bh5zLfvvzHx +s0j05wlQTiVJZBlGLAecMosdWzf1J6xqaQY2fOn/psF110iWLQMhrsiIXcjeUrFa +g17DCVuB5v6lHxYpcy9KnYQQs7AHrSQHbd22Tw7I+bwdtsKNVLgrg+qGxitbW/kc +/tM17NAHcVrXohP/NUx3QbJ6Ild14EjuFSWlU1Z9TU7PmIzP8TPyiruxv8IqpB0Q +AIFc7W4zMoYaonNZ10tVLhyjwOUAlDwf2B0Iwy15ctr07Kn6bMeMZULFpXhExCw7 +2mtnAK4jHRphR5m7t7mSYxMwSP5HAffFZpkx8YQHYq2ZSe+yIxXeRwraMdO7POJg +tPt730xoBB7Cra2t1yQj9KuIewuy1qZhjn+upabH4x6OVox1gZcoj+cxZ5mSV+9C +Hkypgl9VQZWAjG36Y8rJ//3KFAizJLwGP3XAtUx9cId75mWCz8SJwroadoVrk1dR +IQ2HPZEjmbhWKXR5InJNg0BgHh3qT1bW1tu8xKHqauukrzgAmDcBjOT50lpuGBzW +9hU/MuyaqpPLwWH5NFkpgBwvIGwQbW4aq59M4HZhYeTas0YqQL6ju70c6w0ZmCis +0mn4IaPJCO55HTZvtXxEp4iyyepDoSFbAeOnActKWrOueNlsDshGzfqCbFgCsj+f +vNetkQSX4CBM4r96RydMaSGm1FX+bAu5RoyxIAxIrotHbGY0x1speXawuJx1H9RH +vVoQA/PdUZ+06g8vAjBSxKb+gSEhC6iWJ9shPcGg4FV+E7GTD0x1b61jsiM1FX/T +pIFuTj268C5hCVECxJ8ctClfBdS0if2IDFtJ90NjXijAB6/bPj316h6TKlBBfjjs +5L6tvQRifoG5c3gJ2H++8Gk7ue5jyE9BwJfsySOgBMDQ +=pesg -----END PGP PUBLIC KEY BLOCK----- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher][main] Update self.min_version to 13.0 (#9)
by boklm (＠boklm) 08 Jan '24

08 Jan '24

boklm pushed to branch main at The Tor Project / Applications / torbrowser-launcher Commits: 7b9b5b9c by Nicolas Vigier at 2024-01-08T13:53:33+01:00 Update self.min_version to 13.0 (#9) - - - - - 1 changed file: - torbrowser_launcher/launcher.py Changes: ===================================== torbrowser_launcher/launcher.py ===================================== @@ -72,7 +72,7 @@ class Launcher(QtWidgets.QMainWindow): self.force_redownload = False # This is the current version of Tor Browser, which should get updated with every release - self.min_version = "12.0" + self.min_version = "13.0" # Init launcher self.set_state(None, "", []) View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… You're receiving this email because of your account on gitlab.torproject.org.

1 0