- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build][main] Bug 40991: Fix creation of downloads-windows-x86_64.json and downloads-linux-x86_64.json
by richard (＠richard) 23 Oct '23

23 Oct '23

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 7105556c by Nicolas Vigier at 2023-10-23T15:11:48+02:00 Bug 40991: Fix creation of downloads-windows-x86_64.json and downloads-linux-x86_64.json Due to a typo, downloads-windows-x86_64.json and downloads-linux-x86_64.json were not created. - - - - - 1 changed file: - tools/update-responses/update_responses Changes: ===================================== tools/update-responses/update_responses ===================================== @@ -165,9 +165,9 @@ sub get_perplatform_downloads { my $os; if ($file =~ m/^$config->{appname_bundle}-macos-$version.dmg$/) { $os = 'macos'; - } elsif ($file =~ m/^$config->{appname_bundle}-(linux-i686|linux-86_64)-${version}.tar.xz$/) { + } elsif ($file =~ m/^$config->{appname_bundle}-(linux-i686|linux-x86_64)-${version}.tar.xz$/) { $os = $1; - } elsif ($file =~ m/^$config->{appname_bundle}-(windows-i686|windows-86_64)-portable-${version}.exe$/) { + } elsif ($file =~ m/^$config->{appname_bundle}-(windows-i686|windows-x86_64)-portable-${version}.exe$/) { $os = $1; } elsif ($file =~ m/^$config->{appname_bundle}-(android-armv7|android-x86|android-x86_64|android-aarch64)-${version}.apk$/) { $os = $1; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-13.0.1-build1
by richard (＠richard) 23 Oct '23

23 Oct '23

richard pushed new tag tbb-13.0.1-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 40977&40980: Tor Browser and Mullvad Browser 13.0.1.
by Pier Angelo Vendrame (＠pierov) 23 Oct '23

23 Oct '23

Pier Angelo Vendrame pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: f6a7fbed by Pier Angelo Vendrame at 2023-10-23T14:22:20+02:00 Bug 40977&40980: Tor Browser and Mullvad Browser 13.0.1. - - - - - 9 changed files: - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/allowed_addons.json - projects/firefox/config - projects/geckoview/config - projects/go/config - projects/manual/config - projects/translation/config - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -1,3 +1,13 @@ +Mullvad Browser 13.0.1 - October 24 2023 + * All Platforms + * Updated Firefox to 115.4.0esr + * Bug 42182: Default Search Engine Does Not Persist Through Shift to New Identity [tor-browser] + * Bug 42185: Rebase stable browsers on top of 115.4.0esr [tor-browser] + * Bug 42191: Backport security fixes (Android & wontfix) from Firefox 119 to 115.4 - based Tor Browser [tor-browser] + * Build System + * Windows + * Bug 40984: The PDBs for .exe are not included [tor-browser-build] + Mullvad Browser 13.0 - October 12 2023 * All Platforms * Updated Firefox to 115.3.1esr ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,23 @@ +Tor Browser 13.0.1 - October 24 2023 + * All Platforms + * Bug 42185: Rebase stable browsers on top of 115.4.0esr [tor-browser] + * Bug 42191: Backport security fixes (Android & wontfix) from Firefox 119 to 115.4 - based Tor Browser [tor-browser] + * Bug 40975: libstdc++.so.6 is included twice in tor-browser [tor-browser-build] + * Windows + macOS + Linux + * Updated Firefox to 115.4.0esr + * Bug 42182: Default Search Engine Does Not Persist Through Shift to New Identity [tor-browser] + * Android + * Updated GeckoView to 115.4.0esr + * Build System + * All Platforms + * Updated Go to 1.21.3 + * Bug 40976: Update download-unsigned-sha256sums-gpg-signatures-from-people-tpo to fetch from tb-build-02 and tb-build-03 [tor-browser-build] + * Bug 40062: Copy input directories to containers recursively [rbm] + * Windows + * Bug 40984: The PDBs for .exe are not included [tor-browser-build] + * Linux + * Bug 40979: Add redirects from old Linux bundle filename to the new one [tor-browser-build] + Tor Browser 13.0 - October 12 2023 * All Platforms * Updated tor to 0.4.8.7 ===================================== projects/browser/allowed_addons.json ===================================== @@ -17,7 +17,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/34/9734/13299734/13299734.pn…" } ], - "average_daily_users": 1023781, + "average_daily_users": 1045779, "categories": { "android": [ "experimental", @@ -221,10 +221,10 @@ "category": "recommended" }, "ratings": { - "average": 4.5548, - "bayesian_average": 4.553650148808013, - "count": 5182, - "text_count": 1630 + "average": 4.556, + "bayesian_average": 4.554850109055476, + "count": 5200, + "text_count": 1632 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/reviews/", "requires_payment": false, @@ -321,7 +321,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/versions/", - "weekly_downloads": 26757 + "weekly_downloads": 30788 }, "notes": null }, @@ -337,7 +337,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/56/7656/6937656/6937656.png?…" } ], - "average_daily_users": 257919, + "average_daily_users": 260965, "categories": { "android": [ "security-privacy" @@ -346,7 +346,7 @@ "privacy-security" ] }, - "contributions_url": "", + "contributions_url": "https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=decentraleyes…", "created": "2014-06-10T05:46:02Z", "current_version": { "id": 5613891, @@ -553,10 +553,10 @@ "category": "recommended" }, "ratings": { - "average": 4.8201, - "bayesian_average": 4.815424717092739, - "count": 1362, - "text_count": 239 + "average": 4.8133, + "bayesian_average": 4.80862905917694, + "count": 1366, + "text_count": 241 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/reviews/", "requires_payment": false, @@ -641,7 +641,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/versions/", - "weekly_downloads": 3661 + "weekly_downloads": 4245 }, "notes": null }, @@ -657,7 +657,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/73/4073/5474073/5474073.png?…" } ], - "average_daily_users": 1125441, + "average_daily_users": 1155791, "categories": { "android": [ "security-privacy" @@ -1181,10 +1181,10 @@ "category": "recommended" }, "ratings": { - "average": 4.7962, - "bayesian_average": 4.793440331700814, - "count": 2296, - "text_count": 438 + "average": 4.7969, + "bayesian_average": 4.794146592865077, + "count": 2309, + "text_count": 440 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/reviews/", "requires_payment": false, @@ -1208,7 +1208,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/versions/", - "weekly_downloads": 18664 + "weekly_downloads": 27720 }, "notes": null }, @@ -1224,7 +1224,7 @@ "picture_url": null } ], - "average_daily_users": 6647234, + "average_daily_users": 6840315, "categories": { "android": [ "security-privacy" @@ -1389,7 +1389,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-10-07T16:35:31Z", + "last_updated": "2023-10-22T22:40:35Z", "name": { "ar": "uBlock Origin", "bg": "uBlock Origin", @@ -1534,10 +1534,10 @@ "category": "recommended" }, "ratings": { - "average": 4.783, - "bayesian_average": 4.782608236958109, - "count": 16130, - "text_count": 4186 + "average": 4.7828, + "bayesian_average": 4.7824108134916, + "count": 16288, + "text_count": 4231 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/reviews/", "requires_payment": false, @@ -1599,7 +1599,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/versions/", - "weekly_downloads": 157230 + "weekly_downloads": 284546 }, "notes": null }, @@ -1615,7 +1615,7 @@ "picture_url": null } ], - "average_daily_users": 171186, + "average_daily_users": 171634, "categories": { "android": [ "photos-media" @@ -1714,10 +1714,10 @@ "category": "recommended" }, "ratings": { - "average": 4.4899, - "bayesian_average": 4.484788501655236, + "average": 4.4908, + "bayesian_average": 4.485671359198481, "count": 1143, - "text_count": 426 + "text_count": 427 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/re…", "requires_payment": false, @@ -1739,7 +1739,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/ve…", - "weekly_downloads": 440 + "weekly_downloads": 393 }, "notes": null }, @@ -1755,7 +1755,7 @@ "picture_url": null } ], - "average_daily_users": 88145, + "average_daily_users": 88504, "categories": { "android": [ "experimental", @@ -1893,7 +1893,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/versions/", - "weekly_downloads": 1873 + "weekly_downloads": 2256 }, "notes": null }, @@ -1909,7 +1909,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/64/9064/12929064/12929064.pn…" } ], - "average_daily_users": 270436, + "average_daily_users": 276219, "categories": { "android": [ "photos-media", @@ -1923,18 +1923,18 @@ "contributions_url": "https://www.paypal.com/donate?hosted_button_id=GLL4UNSNU6SQN&utm_content=pr…", "created": "2017-06-17T15:23:33Z", "current_version": { - "id": 5588477, + "id": 5634958, "compatibility": { "firefox": { "min": "91.0", "max": "*" }, "android": { - "min": "91.0", + "min": "113.0", "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/search_by_image/versions/…", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/search_by_image/versions/…", "is_strict_compatibility_enabled": false, "license": { "id": 6, @@ -1947,20 +1947,20 @@ "release_notes": { "en-US": "Learn more about this release from the <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/d50855f24f77fa6f2614b9…" rel=\"nofollow\">changelog</a>." }, - "reviewed": "2023-07-06T11:07:12Z", - "version": "5.7.0", + "reviewed": "2023-10-11T19:12:27Z", + "version": "5.8.1", "files": [ { - "id": 4132819, - "created": "2023-07-02T12:35:20Z", - "hash": "sha256:9149335f16762c6d4f33ce39f036db763b8c4a3250f5e04e915b827da22a0eb1", + "id": 4179298, + "created": "2023-10-10T10:43:18Z", + "hash": "sha256:ce8b510ba1df4bb941a5a82001ec85e92b6a265701ae141a7e9c63df0155e7db", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 1198456, + "size": 1205732, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4132819/search_by_image-5…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4179298/search_by_image-5…", "permissions": [ "alarms", "clipboardRead", @@ -2002,7 +2002,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-07-06T11:07:12Z", + "last_updated": "2023-10-11T19:12:27Z", "name": { "en-US": "Search by Image" }, @@ -2128,10 +2128,10 @@ "category": "recommended" }, "ratings": { - "average": 4.6538, - "bayesian_average": 4.6491824699299755, - "count": 1323, - "text_count": 255 + "average": 4.6509, + "bayesian_average": 4.646312748713676, + "count": 1335, + "text_count": 256 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/reviews/", "requires_payment": false, @@ -2152,7 +2152,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/versions/", - "weekly_downloads": 4914 + "weekly_downloads": 5690 }, "notes": null }, @@ -2175,7 +2175,7 @@ "picture_url": null } ], - "average_daily_users": 113212, + "average_daily_users": 113785, "categories": { "android": [ "other" @@ -2458,10 +2458,10 @@ "category": "recommended" }, "ratings": { - "average": 4.3708, - "bayesian_average": 4.3663229339814045, - "count": 1265, - "text_count": 354 + "average": 4.3672, + "bayesian_average": 4.3627273427174105, + "count": 1269, + "text_count": 356 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/reviews/", "requires_payment": false, @@ -2481,7 +2481,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/versions/", - "weekly_downloads": 60 + "weekly_downloads": 36 }, "notes": null }, @@ -2497,7 +2497,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/43/0143/143/143.png?modified…" } ], - "average_daily_users": 306753, + "average_daily_users": 311914, "categories": { "android": [ "performance", @@ -2615,7 +2615,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-10-10T11:09:38Z", + "last_updated": "2023-10-19T21:15:36Z", "name": { "de": "NoScript", "el": "NoScript", @@ -2687,10 +2687,10 @@ "category": "recommended" }, "ratings": { - "average": 4.3987, - "bayesian_average": 4.396010323665619, - "count": 2122, - "text_count": 820 + "average": 4.3995, + "bayesian_average": 4.3968053215576, + "count": 2125, + "text_count": 821 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/reviews/", "requires_payment": false, @@ -2734,7 +2734,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/", - "weekly_downloads": 7538 + "weekly_downloads": 9346 }, "notes": null }, @@ -2750,7 +2750,7 @@ "picture_url": null } ], - "average_daily_users": 153782, + "average_daily_users": 154597, "categories": { "android": [ "performance", @@ -2862,10 +2862,10 @@ "category": "recommended" }, "ratings": { - "average": 3.8752, - "bayesian_average": 3.871054464622849, - "count": 1178, - "text_count": 426 + "average": 3.8689, + "bayesian_average": 3.8647664217835884, + "count": 1182, + "text_count": 428 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/revi…", "requires_payment": false, @@ -2884,7 +2884,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/vers…", - "weekly_downloads": 2142 + "weekly_downloads": 2037 }, "notes": null } ===================================== projects/firefox/config ===================================== @@ -14,7 +14,7 @@ container: use_container: 1 var: - firefox_platform_version: 115.3.1 + firefox_platform_version: 115.4.0 firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '13.0' browser_branch: '[% c("var/browser_series") %]-1' @@ -86,7 +86,7 @@ targets: mullvadbrowser: git_url: https://gitlab.torproject.org/tpo/applications/mullvad-browser.git var: - browser_build: 3 + browser_build: 2 branding_directory_prefix: 'mb' gitlab_project: https://gitlab.torproject.org/tpo/applications/mullvad-browser updater_url: 'https://cdn.mullvad.net/browser/update_responses/update_1/' ===================================== projects/geckoview/config ===================================== @@ -14,7 +14,7 @@ container: use_container: 1 var: - geckoview_version: 115.3.1esr + geckoview_version: 115.4.0esr browser_branch: 13.0-1 browser_build: 2 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' ===================================== projects/go/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 1.21.1 +version: 1.21.3 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -119,7 +119,7 @@ input_files: enable: '[% ! c("var/linux") %]' - URL: 'https://golang.org/dl/go[% c("version") %].src.tar.gz' name: go - sha256sum: bfa36bf75e9a1e9cbbdb9abcf9d1707e479bd3a07880a8ae3564caee5711cb99 + sha256sum: 186f2b6f8c8b704e696821b09ab2041a5c1ee13dcbc3156a13adcf75931ee488 - project: go-bootstrap name: go-bootstrap target_replace: ===================================== projects/manual/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 # To update, see doc/how-to-update-the-manual.txt # Remember to update also the package's hash, with the version! -version: 108500 +version: 112141 filename: 'manual-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -23,6 +23,6 @@ input_files: - project: container-image - URL: 'https://build-sources.tbb.torproject.org/manual_[% c("version") %].zip' name: manual - sha256sum: f9fab9f904f0b584156ca7e3f5b4652f3dc9c849d52ab5923ca9d8e7ba2f6640 + sha256sum: f767bc5f655f1263623b7af588cfb045d3e41ee019dc7ecd713decc5c1a0ea9b - filename: packagemanual.py name: package_script ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: 0b4625699b9e1d2a75e581a7424b126120c1c818 + git_hash: 3faf7dcd545109f7bbd8a6374838e139ca422d6c targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: d404df763e6d3fbda42865b03733ccf2f89fe165 + git_hash: 51bc08246d73990d461f747fb3c8cc7b6f66c1f4 targets: nightly: git_hash: 'tor-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: 445042b596cad163f25342d17bc672a7ed5158d6 + git_hash: 06de167467ab1d64448c430d4bd66f3256ca7d47 compress_tar: 'zst' targets: nightly: ===================================== rbm.conf ===================================== @@ -81,12 +81,12 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '13.0' + torbrowser_version: '13.0.1' torbrowser_build: 'build1' torbrowser_incremental_from: + - '13.0' - '12.5.6' - '12.5.5' - - '12.5.4' updater_enabled: 1 build_mar: 1 mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] Add release/download-linux-x86_64.json and release/download-windows-x86_64.json
by boklm (＠boklm) 23 Oct '23

23 Oct '23

boklm pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: 2b5dd5b4 by Nicolas Vigier at 2023-10-23T15:28:07+02:00 Add release/download-linux-x86_64.json and release/download-windows-x86_64.json tor-browser-build#40991 - - - - - 2 changed files: - + update_3/release/download-linux-x86_64.json - + update_3/release/download-windows-x86_64.json Changes: ===================================== update_3/release/download-linux-x86_64.json ===================================== @@ -0,0 +1 @@ +{"binary":"https://dist.torproject.org/torbrowser/13.0/tor-browser-linux-x86_64-13.0.t…","git_tag":"tbb-13.0-build1","sig":"https://dist.torproject.org/torbrowser/13.0/tor-browser-linux-x86_64-13.0.t…","version":"13.0"} \ No newline at end of file ===================================== update_3/release/download-windows-x86_64.json ===================================== @@ -0,0 +1 @@ +{"binary":"https://dist.torproject.org/torbrowser/13.0/tor-browser-windows-x86_64-port…","git_tag":"tbb-13.0-build1","sig":"https://dist.torproject.org/torbrowser/13.0/tor-browser-windows-x86_64-port…","version":"13.0"} \ No newline at end of file View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-115.4.0esr-13.0-1-build2
by ma1 (＠ma1) 23 Oct '23

23 Oct '23

ma1 pushed new tag mullvad-browser-115.4.0esr-13.0-1-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-115.4.0esr-13.0-1-build2
by ma1 (＠ma1) 23 Oct '23

23 Oct '23

ma1 pushed new tag base-browser-115.4.0esr-13.0-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.4.0esr-13.0-1-build2
by ma1 (＠ma1) 23 Oct '23

23 Oct '23

ma1 pushed new tag tor-browser-115.4.0esr-13.0-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.4.0esr-13.5-1] 7 commits: Bug 1738426 - Ignoring status 206 and vary header checking for opaque response...
by richard (＠richard) 23 Oct '23

23 Oct '23

richard pushed to branch mullvad-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 985138e0 by Eden Chuang at 2023-10-23T12:36:44+00:00 Bug 1738426 - Ignoring status 206 and vary header checking for opaque response in Cache API. r=asuth Differential Revision: https://phabricator.services.mozilla.com/D186431 - - - - - 8cb3e494 by edgul at 2023-10-23T12:36:44+00:00 Bug 1802057 - Block the following characters from use in the cookie name in the cookie string: 0x3B (semi-colon), 0x3D (equals), and 0x7F (del) r=dveditz,cookie-reviewers Differential Revision: https://phabricator.services.mozilla.com/D182373 - - - - - e116477a by Kelsey Gilbert at 2023-10-23T12:36:44+00:00 Bug 1819497 - Don't race on static bool for initialization. r=gfx-reviewers,aosmond We could do non-racy static init here (e.g. with a static initializer self-calling-closure), but there doesn't seem to be a strong reason for this. Let's just use a switch and get robustness from -Werror=switch. Differential Revision: https://phabricator.services.mozilla.com/D188054 - - - - - 97184c52 by Mark Banner at 2023-10-23T12:36:45+00:00 Bug 1845752. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D186676 - - - - - e4ad60d6 by Bob Owen at 2023-10-23T12:36:45+00:00 Bug 1850072: Initialize RecordedDrawTargetCreation::mHasExistingData. r=jrmuizel This also specializes ElementStreamFormat for bool. Differential Revision: https://phabricator.services.mozilla.com/D187794 - - - - - bc7d6958 by Malte Juergens at 2023-10-23T12:36:46+00:00 Bug 1850200 - Add delay to HTTPS-Only "Continue to HTTPS Site" button r=freddyb Differential Revision: https://phabricator.services.mozilla.com/D187887 - - - - - 32638567 by Andreas Pehrson at 2023-10-23T12:36:46+00:00 Bug 1851803 - Introduce SourceMediaTrack::mDirectDisabledMode. r=karlt Similar to MediaTrack::mDisabledMode, but this is for uses on the SourceMediaTrack producer thread. It is still signaled via a control message from the control thread to maintain order of operations, and is protected by the SourceMediaTrack mutex. Differential Revision: https://phabricator.services.mozilla.com/D187554 - - - - - 18 changed files: - dom/cache/TypeUtils.cpp - dom/canvas/WebGLContextExtensions.cpp - dom/media/MediaTrackGraph.cpp - dom/media/MediaTrackGraph.h - gfx/2d/RecordedEventImpl.h - gfx/2d/RecordingTypes.h - netwerk/cookie/CookieCommons.cpp - testing/web-platform/meta/cookies/name/name-ctl.html.ini - − testing/web-platform/meta/service-workers/cache-storage/cache-put.https.any.js.ini - toolkit/components/httpsonlyerror/content/errorpage.html - toolkit/components/httpsonlyerror/content/errorpage.js - toolkit/components/search/OpenSearchEngine.sys.mjs - toolkit/components/search/SearchEngine.sys.mjs - toolkit/components/search/SearchUtils.sys.mjs - toolkit/components/search/tests/xpcshell/data/iconsRedirect.sjs - toolkit/components/search/tests/xpcshell/test_opensearch_icons_invalid.js - toolkit/components/search/tests/xpcshell/test_webextensions_install.js - toolkit/modules/RemotePageAccessManager.sys.mjs Changes: ===================================== dom/cache/TypeUtils.cpp ===================================== @@ -184,7 +184,7 @@ void TypeUtils::ToCacheResponseWithoutBody(CacheResponse& aOut, aOut.statusText() = aIn.GetUnfilteredStatusText(); RefPtr<InternalHeaders> headers = aIn.UnfilteredHeaders(); MOZ_DIAGNOSTIC_ASSERT(headers); - if (HasVaryStar(headers)) { + if (aIn.Type() != ResponseType::Opaque && HasVaryStar(headers)) { aRv.ThrowTypeError("Invalid Response object with a 'Vary: *' header."); return; } ===================================== dom/canvas/WebGLContextExtensions.cpp ===================================== @@ -17,15 +17,10 @@ namespace mozilla { const char* GetExtensionName(const WebGLExtensionID ext) { - static EnumeratedArray<WebGLExtensionID, WebGLExtensionID::Max, const char*> - sExtensionNamesEnumeratedArray; - static bool initialized = false; - - if (!initialized) { - initialized = true; - + switch (ext) { #define WEBGL_EXTENSION_IDENTIFIER(x) \ - sExtensionNamesEnumeratedArray[WebGLExtensionID::x] = #x; + case WebGLExtensionID::x: \ + return #x; WEBGL_EXTENSION_IDENTIFIER(ANGLE_instanced_arrays) WEBGL_EXTENSION_IDENTIFIER(EXT_blend_minmax) @@ -67,9 +62,11 @@ const char* GetExtensionName(const WebGLExtensionID ext) { WEBGL_EXTENSION_IDENTIFIER(WEBGL_provoking_vertex) #undef WEBGL_EXTENSION_IDENTIFIER - } - return sExtensionNamesEnumeratedArray[ext]; + case WebGLExtensionID::Max: + break; + } + MOZ_CRASH("bad WebGLExtensionID"); } // ---------------------------- ===================================== dom/media/MediaTrackGraph.cpp ===================================== @@ -145,6 +145,27 @@ class GraphKey final { nsTHashMap<nsGenericHashKey<GraphKey>, MediaTrackGraphImpl*> gGraphs; } // anonymous namespace +static void ApplyTrackDisabling(DisabledTrackMode aDisabledMode, + MediaSegment* aSegment, + MediaSegment* aRawSegment) { + if (aDisabledMode == DisabledTrackMode::ENABLED) { + return; + } + if (aDisabledMode == DisabledTrackMode::SILENCE_BLACK) { + aSegment->ReplaceWithDisabled(); + if (aRawSegment) { + aRawSegment->ReplaceWithDisabled(); + } + } else if (aDisabledMode == DisabledTrackMode::SILENCE_FREEZE) { + aSegment->ReplaceWithNull(); + if (aRawSegment) { + aRawSegment->ReplaceWithNull(); + } + } else { + MOZ_CRASH("Unsupported mode"); + } +} + MediaTrackGraphImpl::~MediaTrackGraphImpl() { MOZ_ASSERT(mTracks.IsEmpty() && mSuspendedTracks.IsEmpty(), "All tracks should have been destroyed by messages from the main " @@ -2421,6 +2442,7 @@ RefPtr<GenericPromise> MediaTrack::RemoveListener( void MediaTrack::AddDirectListenerImpl( already_AddRefed<DirectMediaTrackListener> aListener) { + MOZ_ASSERT(mGraph->OnGraphThread()); // Base implementation, for tracks that don't support direct track listeners. RefPtr<DirectMediaTrackListener> listener = aListener; listener->NotifyDirectListenerInstalled( @@ -2503,6 +2525,7 @@ void MediaTrack::RunAfterPendingUpdates( } void MediaTrack::SetDisabledTrackModeImpl(DisabledTrackMode aMode) { + MOZ_ASSERT(mGraph->OnGraphThread()); MOZ_DIAGNOSTIC_ASSERT( aMode == DisabledTrackMode::ENABLED || mDisabledMode == DisabledTrackMode::ENABLED, @@ -2531,22 +2554,8 @@ void MediaTrack::SetDisabledTrackMode(DisabledTrackMode aMode) { void MediaTrack::ApplyTrackDisabling(MediaSegment* aSegment, MediaSegment* aRawSegment) { - if (mDisabledMode == DisabledTrackMode::ENABLED) { - return; - } - if (mDisabledMode == DisabledTrackMode::SILENCE_BLACK) { - aSegment->ReplaceWithDisabled(); - if (aRawSegment) { - aRawSegment->ReplaceWithDisabled(); - } - } else if (mDisabledMode == DisabledTrackMode::SILENCE_FREEZE) { - aSegment->ReplaceWithNull(); - if (aRawSegment) { - aRawSegment->ReplaceWithNull(); - } - } else { - MOZ_CRASH("Unsupported mode"); - } + MOZ_ASSERT(mGraph->OnGraphThread()); + mozilla::ApplyTrackDisabling(mDisabledMode, aSegment, aRawSegment); } void MediaTrack::AddMainThreadListener( @@ -2866,7 +2875,7 @@ TrackTime SourceMediaTrack::AppendData(MediaSegment* aSegment, // Apply track disabling before notifying any consumers directly // or inserting into the graph - ApplyTrackDisabling(aSegment, aRawSegment); + mozilla::ApplyTrackDisabling(mDirectDisabledMode, aSegment, aRawSegment); ResampleAudioToGraphSampleRate(aSegment); @@ -2910,6 +2919,7 @@ void SourceMediaTrack::NotifyDirectConsumers(MediaSegment* aSegment) { void SourceMediaTrack::AddDirectListenerImpl( already_AddRefed<DirectMediaTrackListener> aListener) { + MOZ_ASSERT(mGraph->OnGraphThread()); MutexAutoLock lock(mMutex); RefPtr<DirectMediaTrackListener> listener = aListener; @@ -2979,6 +2989,7 @@ void SourceMediaTrack::AddDirectListenerImpl( void SourceMediaTrack::RemoveDirectListenerImpl( DirectMediaTrackListener* aListener) { + mGraph->AssertOnGraphThreadOrNotRunning(); MutexAutoLock lock(mMutex); for (int32_t i = mDirectTrackListeners.Length() - 1; i >= 0; --i) { const RefPtr<DirectMediaTrackListener>& l = mDirectTrackListeners[i]; @@ -3008,17 +3019,20 @@ void SourceMediaTrack::End() { } void SourceMediaTrack::SetDisabledTrackModeImpl(DisabledTrackMode aMode) { + MOZ_ASSERT(mGraph->OnGraphThread()); { MutexAutoLock lock(mMutex); + const DisabledTrackMode oldMode = mDirectDisabledMode; + const bool oldEnabled = oldMode == DisabledTrackMode::ENABLED; + const bool enabled = aMode == DisabledTrackMode::ENABLED; + mDirectDisabledMode = aMode; for (const auto& l : mDirectTrackListeners) { - DisabledTrackMode oldMode = mDisabledMode; - bool oldEnabled = oldMode == DisabledTrackMode::ENABLED; - if (!oldEnabled && aMode == DisabledTrackMode::ENABLED) { + if (!oldEnabled && enabled) { LOG(LogLevel::Debug, ("%p: SourceMediaTrack %p setting " "direct listener enabled", GraphImpl(), this)); l->DecreaseDisabled(oldMode); - } else if (oldEnabled && aMode != DisabledTrackMode::ENABLED) { + } else if (oldEnabled && !enabled) { LOG(LogLevel::Debug, ("%p: SourceMediaTrack %p setting " "direct listener disabled", GraphImpl(), this)); ===================================== dom/media/MediaTrackGraph.h ===================================== @@ -652,18 +652,8 @@ class SourceMediaTrack : public MediaTrack { */ void End(); - // Overriding allows us to hold the mMutex lock while changing the track - // enable status void SetDisabledTrackModeImpl(DisabledTrackMode aMode) override; - // Overriding allows us to ensure mMutex is locked while changing the track - // enable status - void ApplyTrackDisabling(MediaSegment* aSegment, - MediaSegment* aRawSegment = nullptr) override { - mMutex.AssertCurrentThreadOwns(); - MediaTrack::ApplyTrackDisabling(aSegment, aRawSegment); - } - uint32_t NumberOfChannels() const override; void RemoveAllDirectListenersImpl() override; @@ -742,6 +732,11 @@ class SourceMediaTrack : public MediaTrack { // protected by mMutex float mVolume MOZ_GUARDED_BY(mMutex) = 1.0; UniquePtr<TrackData> mUpdateTrack MOZ_GUARDED_BY(mMutex); + // This track's associated disabled mode for uses on the producing thread. + // It can either by disabled by frames being replaced by black, or by + // retaining the previous frame. + DisabledTrackMode mDirectDisabledMode MOZ_GUARDED_BY(mMutex) = + DisabledTrackMode::ENABLED; nsTArray<RefPtr<DirectMediaTrackListener>> mDirectTrackListeners MOZ_GUARDED_BY(mMutex); }; ===================================== gfx/2d/RecordedEventImpl.h ===================================== @@ -65,7 +65,7 @@ class RecordedDrawTargetCreation BackendType mBackendType; IntRect mRect; SurfaceFormat mFormat; - bool mHasExistingData; + bool mHasExistingData = false; RefPtr<SourceSurface> mExistingData; private: ===================================== gfx/2d/RecordingTypes.h ===================================== @@ -24,6 +24,28 @@ struct ElementStreamFormat { aStream.read(reinterpret_cast<char*>(&aElement), sizeof(T)); } }; +template <class S> +struct ElementStreamFormat<S, bool> { + static void Write(S& aStream, const bool& aElement) { + char boolChar = aElement ? '\x01' : '\x00'; + aStream.write(&boolChar, sizeof(boolChar)); + } + static void Read(S& aStream, bool& aElement) { + char boolChar; + aStream.read(&boolChar, sizeof(boolChar)); + switch (boolChar) { + case '\x00': + aElement = false; + break; + case '\x01': + aElement = true; + break; + default: + aStream.SetIsBad(); + break; + } + } +}; template <class S, class T> void WriteElement(S& aStream, const T& aElement) { ===================================== netwerk/cookie/CookieCommons.cpp ===================================== @@ -200,9 +200,9 @@ bool CookieCommons::CheckNameAndValueSize(const CookieStruct& aCookieData) { bool CookieCommons::CheckName(const CookieStruct& aCookieData) { const char illegalNameCharacters[] = { - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, - 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x00}; + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x3B, 0x3D, 0x7F, 0x00}; const auto* start = aCookieData.name().BeginReading(); const auto* end = aCookieData.name().EndReading(); ===================================== testing/web-platform/meta/cookies/name/name-ctl.html.ini ===================================== @@ -11,36 +11,6 @@ [Cookie with %xd in name is rejected (DOM).] expected: FAIL - [Cookie with %x7f in name is rejected (DOM).] - expected: FAIL - - [Cookie with %x0 in name is rejected or modified (HTTP).] - expected: FAIL - - [Cookie with %x1 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x2 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x3 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x4 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x5 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x6 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x7 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x8 in name is rejected (HTTP).] - expected: FAIL - [Cookie with %x9 in name is accepted (HTTP).] expected: FAIL ===================================== testing/web-platform/meta/service-workers/cache-storage/cache-put.https.any.js.ini deleted ===================================== @@ -1,26 +0,0 @@ -[cache-put.https.any.serviceworker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.sharedworker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.worker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL ===================================== toolkit/components/httpsonlyerror/content/errorpage.html ===================================== @@ -67,6 +67,7 @@ <button id="openInsecure" data-l10n-id="about-httpsonly-button-continue-to-site" + inert ></button> </div> <div class="suggestion-box" hidden> ===================================== toolkit/components/httpsonlyerror/content/errorpage.js ===================================== @@ -34,6 +34,11 @@ function initPage() { .getElementById("openInsecure") .addEventListener("click", onOpenInsecureButtonClick); + const delay = RPMGetIntPref("security.dialog_enable_delay", 1000); + setTimeout(() => { + document.getElementById("openInsecure").removeAttribute("inert"); + }, delay); + if (window.top == window) { document .getElementById("goBack") ===================================== toolkit/components/search/OpenSearchEngine.sys.mjs ===================================== @@ -144,7 +144,12 @@ export class OpenSearchEngine extends SearchEngine { lazy.logConsole.debug("_install: Downloading engine from:", loadURI.spec); - var chan = lazy.SearchUtils.makeChannel(loadURI); + var chan = lazy.SearchUtils.makeChannel( + loadURI, + // OpenSearchEngine is loading a definition file for a search engine, + // TYPE_DOCUMENT captures that load best + Ci.nsIContentPolicy.TYPE_DOCUMENT + ); if (this._engineToUpdate && chan instanceof Ci.nsIHttpChannel) { var lastModified = this._engineToUpdate.getAttr("updatelastmodified"); ===================================== toolkit/components/search/SearchEngine.sys.mjs ===================================== @@ -821,7 +821,10 @@ export class SearchEngine { this._hasPreferredIcon = isPreferred; }; - let chan = lazy.SearchUtils.makeChannel(uri); + let chan = lazy.SearchUtils.makeChannel( + uri, + Ci.nsIContentPolicy.TYPE_IMAGE + ); let listener = new lazy.SearchUtils.LoadListener( chan, /^image\//, ===================================== toolkit/components/search/SearchUtils.sys.mjs ===================================== @@ -248,19 +248,24 @@ export var SearchUtils = { * * @param {string|nsIURI} url * The URL string from which to create an nsIChannel. + * @param {nsIContentPolicy} contentPolicyType + * The type of document being loaded. * @returns {nsIChannel} * an nsIChannel object, or null if the url is invalid. */ - makeChannel(url) { + makeChannel(url, contentPolicyType) { + if (!contentPolicyType) { + throw new Error("makeChannel called with invalid content policy type"); + } try { let uri = typeof url == "string" ? Services.io.newURI(url) : url; return Services.io.newChannelFromURI( uri, null /* loadingNode */, - Services.scriptSecurityManager.getSystemPrincipal(), + Services.scriptSecurityManager.createNullPrincipal({}), null /* triggeringPrincipal */, Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, - Ci.nsIContentPolicy.TYPE_OTHER + contentPolicyType ); } catch (ex) {} ===================================== toolkit/components/search/tests/xpcshell/data/iconsRedirect.sjs ===================================== @@ -10,7 +10,7 @@ function handleRequest(request, response) { response.setStatusLine("1.1", 302, "Moved"); if (request.queryString == "type=invalid") { response.setHeader("Content-Type", "image/png", false); - response.setHeader("Location", "engine.xml", false); + response.setHeader("Location", "/head_search.js", false); } else { response.setHeader("Content-Type", "text/html", false); response.setHeader("Location", "remoteIcon.ico", false); ===================================== toolkit/components/search/tests/xpcshell/test_opensearch_icons_invalid.js ===================================== @@ -12,9 +12,11 @@ add_task(async function setup() { }); add_task(async function test_installedresourceicon() { + // Attempts to load a resource:// url as an icon. let engine1 = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}opensearch/resourceicon.xml`, }); + // Attempts to load a chrome:// url as an icon. let engine2 = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}opensearch/chromeicon.xml`, }); @@ -32,12 +34,13 @@ add_task(async function test_installedhttpplace() { // The easiest way to test adding the icon is via a generated xml, otherwise // we have to somehow insert the address of the server into it. + // Attempts to load a non-image page into an image icon. let engine = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}data/engineMaker.sjs?` + JSON.stringify({ baseURL: gDataUrl, - image: "opensearch/resourceicon.xml", + image: "head_search.js", name: "invalidicon", method: "GET", }), ===================================== toolkit/components/search/tests/xpcshell/test_webextensions_install.js ===================================== @@ -5,6 +5,8 @@ const { promiseShutdownManager, promiseStartupManager } = AddonTestUtils; +let gBaseUrl; + async function getEngineNames() { let engines = await Services.search.getEngines(); return engines.map(engine => engine._name); @@ -13,6 +15,8 @@ async function getEngineNames() { add_task(async function setup() { let server = useHttpServer(); server.registerContentType("sjs", "sjs"); + gBaseUrl = `http://localhost:${server.identity.primaryPort}/`; + await SearchTestUtils.useTestEngines("test-extensions"); await promiseStartupManager(); @@ -132,7 +136,7 @@ add_task(async function test_load_favicon_invalid() { // User installs a new search engine let extension = await SearchTestUtils.installSearchExtension( { - favicon_url: `${gDataUrl}engine.xml`, + favicon_url: `${gBaseUrl}/head_search.js`, }, { skipUnload: true } ); ===================================== toolkit/modules/RemotePageAccessManager.sys.mjs ===================================== @@ -66,6 +66,7 @@ export let RemotePageAccessManager = { }, "about:httpsonlyerror": { RPMGetFormatURLPref: ["app.support.baseURL"], + RPMGetIntPref: ["security.dialog_enable_delay"], RPMSendAsyncMessage: ["goBack", "openInsecure"], RPMAddMessageListener: ["WWWReachable"], RPMTryPingSecureWWWLink: ["*"], View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/68… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/68… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.4.0esr-13.5-1] 7 commits: Bug 1738426 - Ignoring status 206 and vary header checking for opaque response...
by richard (＠richard) 23 Oct '23

23 Oct '23

richard pushed to branch base-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: b019f751 by Eden Chuang at 2023-10-23T12:34:34+00:00 Bug 1738426 - Ignoring status 206 and vary header checking for opaque response in Cache API. r=asuth Differential Revision: https://phabricator.services.mozilla.com/D186431 - - - - - 15e6ab9a by edgul at 2023-10-23T12:34:34+00:00 Bug 1802057 - Block the following characters from use in the cookie name in the cookie string: 0x3B (semi-colon), 0x3D (equals), and 0x7F (del) r=dveditz,cookie-reviewers Differential Revision: https://phabricator.services.mozilla.com/D182373 - - - - - 198e936f by Kelsey Gilbert at 2023-10-23T12:34:35+00:00 Bug 1819497 - Don't race on static bool for initialization. r=gfx-reviewers,aosmond We could do non-racy static init here (e.g. with a static initializer self-calling-closure), but there doesn't seem to be a strong reason for this. Let's just use a switch and get robustness from -Werror=switch. Differential Revision: https://phabricator.services.mozilla.com/D188054 - - - - - da8da0e5 by Mark Banner at 2023-10-23T12:34:35+00:00 Bug 1845752. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D186676 - - - - - 1665929f by Bob Owen at 2023-10-23T12:34:35+00:00 Bug 1850072: Initialize RecordedDrawTargetCreation::mHasExistingData. r=jrmuizel This also specializes ElementStreamFormat for bool. Differential Revision: https://phabricator.services.mozilla.com/D187794 - - - - - 4528a947 by Malte Juergens at 2023-10-23T12:34:36+00:00 Bug 1850200 - Add delay to HTTPS-Only "Continue to HTTPS Site" button r=freddyb Differential Revision: https://phabricator.services.mozilla.com/D187887 - - - - - 251143c1 by Andreas Pehrson at 2023-10-23T12:34:36+00:00 Bug 1851803 - Introduce SourceMediaTrack::mDirectDisabledMode. r=karlt Similar to MediaTrack::mDisabledMode, but this is for uses on the SourceMediaTrack producer thread. It is still signaled via a control message from the control thread to maintain order of operations, and is protected by the SourceMediaTrack mutex. Differential Revision: https://phabricator.services.mozilla.com/D187554 - - - - - 18 changed files: - dom/cache/TypeUtils.cpp - dom/canvas/WebGLContextExtensions.cpp - dom/media/MediaTrackGraph.cpp - dom/media/MediaTrackGraph.h - gfx/2d/RecordedEventImpl.h - gfx/2d/RecordingTypes.h - netwerk/cookie/CookieCommons.cpp - testing/web-platform/meta/cookies/name/name-ctl.html.ini - − testing/web-platform/meta/service-workers/cache-storage/cache-put.https.any.js.ini - toolkit/components/httpsonlyerror/content/errorpage.html - toolkit/components/httpsonlyerror/content/errorpage.js - toolkit/components/search/OpenSearchEngine.sys.mjs - toolkit/components/search/SearchEngine.sys.mjs - toolkit/components/search/SearchUtils.sys.mjs - toolkit/components/search/tests/xpcshell/data/iconsRedirect.sjs - toolkit/components/search/tests/xpcshell/test_opensearch_icons_invalid.js - toolkit/components/search/tests/xpcshell/test_webextensions_install.js - toolkit/modules/RemotePageAccessManager.sys.mjs Changes: ===================================== dom/cache/TypeUtils.cpp ===================================== @@ -184,7 +184,7 @@ void TypeUtils::ToCacheResponseWithoutBody(CacheResponse& aOut, aOut.statusText() = aIn.GetUnfilteredStatusText(); RefPtr<InternalHeaders> headers = aIn.UnfilteredHeaders(); MOZ_DIAGNOSTIC_ASSERT(headers); - if (HasVaryStar(headers)) { + if (aIn.Type() != ResponseType::Opaque && HasVaryStar(headers)) { aRv.ThrowTypeError("Invalid Response object with a 'Vary: *' header."); return; } ===================================== dom/canvas/WebGLContextExtensions.cpp ===================================== @@ -17,15 +17,10 @@ namespace mozilla { const char* GetExtensionName(const WebGLExtensionID ext) { - static EnumeratedArray<WebGLExtensionID, WebGLExtensionID::Max, const char*> - sExtensionNamesEnumeratedArray; - static bool initialized = false; - - if (!initialized) { - initialized = true; - + switch (ext) { #define WEBGL_EXTENSION_IDENTIFIER(x) \ - sExtensionNamesEnumeratedArray[WebGLExtensionID::x] = #x; + case WebGLExtensionID::x: \ + return #x; WEBGL_EXTENSION_IDENTIFIER(ANGLE_instanced_arrays) WEBGL_EXTENSION_IDENTIFIER(EXT_blend_minmax) @@ -67,9 +62,11 @@ const char* GetExtensionName(const WebGLExtensionID ext) { WEBGL_EXTENSION_IDENTIFIER(WEBGL_provoking_vertex) #undef WEBGL_EXTENSION_IDENTIFIER - } - return sExtensionNamesEnumeratedArray[ext]; + case WebGLExtensionID::Max: + break; + } + MOZ_CRASH("bad WebGLExtensionID"); } // ---------------------------- ===================================== dom/media/MediaTrackGraph.cpp ===================================== @@ -145,6 +145,27 @@ class GraphKey final { nsTHashMap<nsGenericHashKey<GraphKey>, MediaTrackGraphImpl*> gGraphs; } // anonymous namespace +static void ApplyTrackDisabling(DisabledTrackMode aDisabledMode, + MediaSegment* aSegment, + MediaSegment* aRawSegment) { + if (aDisabledMode == DisabledTrackMode::ENABLED) { + return; + } + if (aDisabledMode == DisabledTrackMode::SILENCE_BLACK) { + aSegment->ReplaceWithDisabled(); + if (aRawSegment) { + aRawSegment->ReplaceWithDisabled(); + } + } else if (aDisabledMode == DisabledTrackMode::SILENCE_FREEZE) { + aSegment->ReplaceWithNull(); + if (aRawSegment) { + aRawSegment->ReplaceWithNull(); + } + } else { + MOZ_CRASH("Unsupported mode"); + } +} + MediaTrackGraphImpl::~MediaTrackGraphImpl() { MOZ_ASSERT(mTracks.IsEmpty() && mSuspendedTracks.IsEmpty(), "All tracks should have been destroyed by messages from the main " @@ -2421,6 +2442,7 @@ RefPtr<GenericPromise> MediaTrack::RemoveListener( void MediaTrack::AddDirectListenerImpl( already_AddRefed<DirectMediaTrackListener> aListener) { + MOZ_ASSERT(mGraph->OnGraphThread()); // Base implementation, for tracks that don't support direct track listeners. RefPtr<DirectMediaTrackListener> listener = aListener; listener->NotifyDirectListenerInstalled( @@ -2503,6 +2525,7 @@ void MediaTrack::RunAfterPendingUpdates( } void MediaTrack::SetDisabledTrackModeImpl(DisabledTrackMode aMode) { + MOZ_ASSERT(mGraph->OnGraphThread()); MOZ_DIAGNOSTIC_ASSERT( aMode == DisabledTrackMode::ENABLED || mDisabledMode == DisabledTrackMode::ENABLED, @@ -2531,22 +2554,8 @@ void MediaTrack::SetDisabledTrackMode(DisabledTrackMode aMode) { void MediaTrack::ApplyTrackDisabling(MediaSegment* aSegment, MediaSegment* aRawSegment) { - if (mDisabledMode == DisabledTrackMode::ENABLED) { - return; - } - if (mDisabledMode == DisabledTrackMode::SILENCE_BLACK) { - aSegment->ReplaceWithDisabled(); - if (aRawSegment) { - aRawSegment->ReplaceWithDisabled(); - } - } else if (mDisabledMode == DisabledTrackMode::SILENCE_FREEZE) { - aSegment->ReplaceWithNull(); - if (aRawSegment) { - aRawSegment->ReplaceWithNull(); - } - } else { - MOZ_CRASH("Unsupported mode"); - } + MOZ_ASSERT(mGraph->OnGraphThread()); + mozilla::ApplyTrackDisabling(mDisabledMode, aSegment, aRawSegment); } void MediaTrack::AddMainThreadListener( @@ -2866,7 +2875,7 @@ TrackTime SourceMediaTrack::AppendData(MediaSegment* aSegment, // Apply track disabling before notifying any consumers directly // or inserting into the graph - ApplyTrackDisabling(aSegment, aRawSegment); + mozilla::ApplyTrackDisabling(mDirectDisabledMode, aSegment, aRawSegment); ResampleAudioToGraphSampleRate(aSegment); @@ -2910,6 +2919,7 @@ void SourceMediaTrack::NotifyDirectConsumers(MediaSegment* aSegment) { void SourceMediaTrack::AddDirectListenerImpl( already_AddRefed<DirectMediaTrackListener> aListener) { + MOZ_ASSERT(mGraph->OnGraphThread()); MutexAutoLock lock(mMutex); RefPtr<DirectMediaTrackListener> listener = aListener; @@ -2979,6 +2989,7 @@ void SourceMediaTrack::AddDirectListenerImpl( void SourceMediaTrack::RemoveDirectListenerImpl( DirectMediaTrackListener* aListener) { + mGraph->AssertOnGraphThreadOrNotRunning(); MutexAutoLock lock(mMutex); for (int32_t i = mDirectTrackListeners.Length() - 1; i >= 0; --i) { const RefPtr<DirectMediaTrackListener>& l = mDirectTrackListeners[i]; @@ -3008,17 +3019,20 @@ void SourceMediaTrack::End() { } void SourceMediaTrack::SetDisabledTrackModeImpl(DisabledTrackMode aMode) { + MOZ_ASSERT(mGraph->OnGraphThread()); { MutexAutoLock lock(mMutex); + const DisabledTrackMode oldMode = mDirectDisabledMode; + const bool oldEnabled = oldMode == DisabledTrackMode::ENABLED; + const bool enabled = aMode == DisabledTrackMode::ENABLED; + mDirectDisabledMode = aMode; for (const auto& l : mDirectTrackListeners) { - DisabledTrackMode oldMode = mDisabledMode; - bool oldEnabled = oldMode == DisabledTrackMode::ENABLED; - if (!oldEnabled && aMode == DisabledTrackMode::ENABLED) { + if (!oldEnabled && enabled) { LOG(LogLevel::Debug, ("%p: SourceMediaTrack %p setting " "direct listener enabled", GraphImpl(), this)); l->DecreaseDisabled(oldMode); - } else if (oldEnabled && aMode != DisabledTrackMode::ENABLED) { + } else if (oldEnabled && !enabled) { LOG(LogLevel::Debug, ("%p: SourceMediaTrack %p setting " "direct listener disabled", GraphImpl(), this)); ===================================== dom/media/MediaTrackGraph.h ===================================== @@ -652,18 +652,8 @@ class SourceMediaTrack : public MediaTrack { */ void End(); - // Overriding allows us to hold the mMutex lock while changing the track - // enable status void SetDisabledTrackModeImpl(DisabledTrackMode aMode) override; - // Overriding allows us to ensure mMutex is locked while changing the track - // enable status - void ApplyTrackDisabling(MediaSegment* aSegment, - MediaSegment* aRawSegment = nullptr) override { - mMutex.AssertCurrentThreadOwns(); - MediaTrack::ApplyTrackDisabling(aSegment, aRawSegment); - } - uint32_t NumberOfChannels() const override; void RemoveAllDirectListenersImpl() override; @@ -742,6 +732,11 @@ class SourceMediaTrack : public MediaTrack { // protected by mMutex float mVolume MOZ_GUARDED_BY(mMutex) = 1.0; UniquePtr<TrackData> mUpdateTrack MOZ_GUARDED_BY(mMutex); + // This track's associated disabled mode for uses on the producing thread. + // It can either by disabled by frames being replaced by black, or by + // retaining the previous frame. + DisabledTrackMode mDirectDisabledMode MOZ_GUARDED_BY(mMutex) = + DisabledTrackMode::ENABLED; nsTArray<RefPtr<DirectMediaTrackListener>> mDirectTrackListeners MOZ_GUARDED_BY(mMutex); }; ===================================== gfx/2d/RecordedEventImpl.h ===================================== @@ -65,7 +65,7 @@ class RecordedDrawTargetCreation BackendType mBackendType; IntRect mRect; SurfaceFormat mFormat; - bool mHasExistingData; + bool mHasExistingData = false; RefPtr<SourceSurface> mExistingData; private: ===================================== gfx/2d/RecordingTypes.h ===================================== @@ -24,6 +24,28 @@ struct ElementStreamFormat { aStream.read(reinterpret_cast<char*>(&aElement), sizeof(T)); } }; +template <class S> +struct ElementStreamFormat<S, bool> { + static void Write(S& aStream, const bool& aElement) { + char boolChar = aElement ? '\x01' : '\x00'; + aStream.write(&boolChar, sizeof(boolChar)); + } + static void Read(S& aStream, bool& aElement) { + char boolChar; + aStream.read(&boolChar, sizeof(boolChar)); + switch (boolChar) { + case '\x00': + aElement = false; + break; + case '\x01': + aElement = true; + break; + default: + aStream.SetIsBad(); + break; + } + } +}; template <class S, class T> void WriteElement(S& aStream, const T& aElement) { ===================================== netwerk/cookie/CookieCommons.cpp ===================================== @@ -200,9 +200,9 @@ bool CookieCommons::CheckNameAndValueSize(const CookieStruct& aCookieData) { bool CookieCommons::CheckName(const CookieStruct& aCookieData) { const char illegalNameCharacters[] = { - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, - 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x00}; + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x3B, 0x3D, 0x7F, 0x00}; const auto* start = aCookieData.name().BeginReading(); const auto* end = aCookieData.name().EndReading(); ===================================== testing/web-platform/meta/cookies/name/name-ctl.html.ini ===================================== @@ -11,36 +11,6 @@ [Cookie with %xd in name is rejected (DOM).] expected: FAIL - [Cookie with %x7f in name is rejected (DOM).] - expected: FAIL - - [Cookie with %x0 in name is rejected or modified (HTTP).] - expected: FAIL - - [Cookie with %x1 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x2 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x3 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x4 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x5 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x6 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x7 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x8 in name is rejected (HTTP).] - expected: FAIL - [Cookie with %x9 in name is accepted (HTTP).] expected: FAIL ===================================== testing/web-platform/meta/service-workers/cache-storage/cache-put.https.any.js.ini deleted ===================================== @@ -1,26 +0,0 @@ -[cache-put.https.any.serviceworker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.sharedworker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.worker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL ===================================== toolkit/components/httpsonlyerror/content/errorpage.html ===================================== @@ -67,6 +67,7 @@ <button id="openInsecure" data-l10n-id="about-httpsonly-button-continue-to-site" + inert ></button> </div> <div class="suggestion-box" hidden> ===================================== toolkit/components/httpsonlyerror/content/errorpage.js ===================================== @@ -34,6 +34,11 @@ function initPage() { .getElementById("openInsecure") .addEventListener("click", onOpenInsecureButtonClick); + const delay = RPMGetIntPref("security.dialog_enable_delay", 1000); + setTimeout(() => { + document.getElementById("openInsecure").removeAttribute("inert"); + }, delay); + if (window.top == window) { document .getElementById("goBack") ===================================== toolkit/components/search/OpenSearchEngine.sys.mjs ===================================== @@ -144,7 +144,12 @@ export class OpenSearchEngine extends SearchEngine { lazy.logConsole.debug("_install: Downloading engine from:", loadURI.spec); - var chan = lazy.SearchUtils.makeChannel(loadURI); + var chan = lazy.SearchUtils.makeChannel( + loadURI, + // OpenSearchEngine is loading a definition file for a search engine, + // TYPE_DOCUMENT captures that load best + Ci.nsIContentPolicy.TYPE_DOCUMENT + ); if (this._engineToUpdate && chan instanceof Ci.nsIHttpChannel) { var lastModified = this._engineToUpdate.getAttr("updatelastmodified"); ===================================== toolkit/components/search/SearchEngine.sys.mjs ===================================== @@ -821,7 +821,10 @@ export class SearchEngine { this._hasPreferredIcon = isPreferred; }; - let chan = lazy.SearchUtils.makeChannel(uri); + let chan = lazy.SearchUtils.makeChannel( + uri, + Ci.nsIContentPolicy.TYPE_IMAGE + ); let listener = new lazy.SearchUtils.LoadListener( chan, /^image\//, ===================================== toolkit/components/search/SearchUtils.sys.mjs ===================================== @@ -248,19 +248,24 @@ export var SearchUtils = { * * @param {string|nsIURI} url * The URL string from which to create an nsIChannel. + * @param {nsIContentPolicy} contentPolicyType + * The type of document being loaded. * @returns {nsIChannel} * an nsIChannel object, or null if the url is invalid. */ - makeChannel(url) { + makeChannel(url, contentPolicyType) { + if (!contentPolicyType) { + throw new Error("makeChannel called with invalid content policy type"); + } try { let uri = typeof url == "string" ? Services.io.newURI(url) : url; return Services.io.newChannelFromURI( uri, null /* loadingNode */, - Services.scriptSecurityManager.getSystemPrincipal(), + Services.scriptSecurityManager.createNullPrincipal({}), null /* triggeringPrincipal */, Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, - Ci.nsIContentPolicy.TYPE_OTHER + contentPolicyType ); } catch (ex) {} ===================================== toolkit/components/search/tests/xpcshell/data/iconsRedirect.sjs ===================================== @@ -10,7 +10,7 @@ function handleRequest(request, response) { response.setStatusLine("1.1", 302, "Moved"); if (request.queryString == "type=invalid") { response.setHeader("Content-Type", "image/png", false); - response.setHeader("Location", "engine.xml", false); + response.setHeader("Location", "/head_search.js", false); } else { response.setHeader("Content-Type", "text/html", false); response.setHeader("Location", "remoteIcon.ico", false); ===================================== toolkit/components/search/tests/xpcshell/test_opensearch_icons_invalid.js ===================================== @@ -12,9 +12,11 @@ add_task(async function setup() { }); add_task(async function test_installedresourceicon() { + // Attempts to load a resource:// url as an icon. let engine1 = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}opensearch/resourceicon.xml`, }); + // Attempts to load a chrome:// url as an icon. let engine2 = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}opensearch/chromeicon.xml`, }); @@ -32,12 +34,13 @@ add_task(async function test_installedhttpplace() { // The easiest way to test adding the icon is via a generated xml, otherwise // we have to somehow insert the address of the server into it. + // Attempts to load a non-image page into an image icon. let engine = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}data/engineMaker.sjs?` + JSON.stringify({ baseURL: gDataUrl, - image: "opensearch/resourceicon.xml", + image: "head_search.js", name: "invalidicon", method: "GET", }), ===================================== toolkit/components/search/tests/xpcshell/test_webextensions_install.js ===================================== @@ -5,6 +5,8 @@ const { promiseShutdownManager, promiseStartupManager } = AddonTestUtils; +let gBaseUrl; + async function getEngineNames() { let engines = await Services.search.getEngines(); return engines.map(engine => engine._name); @@ -13,6 +15,8 @@ async function getEngineNames() { add_task(async function setup() { let server = useHttpServer(); server.registerContentType("sjs", "sjs"); + gBaseUrl = `http://localhost:${server.identity.primaryPort}/`; + await SearchTestUtils.useTestEngines("test-extensions"); await promiseStartupManager(); @@ -132,7 +136,7 @@ add_task(async function test_load_favicon_invalid() { // User installs a new search engine let extension = await SearchTestUtils.installSearchExtension( { - favicon_url: `${gDataUrl}engine.xml`, + favicon_url: `${gBaseUrl}/head_search.js`, }, { skipUnload: true } ); ===================================== toolkit/modules/RemotePageAccessManager.sys.mjs ===================================== @@ -66,6 +66,7 @@ export let RemotePageAccessManager = { }, "about:httpsonlyerror": { RPMGetFormatURLPref: ["app.support.baseURL"], + RPMGetIntPref: ["security.dialog_enable_delay"], RPMSendAsyncMessage: ["goBack", "openInsecure"], RPMAddMessageListener: ["WWWReachable"], RPMTryPingSecureWWWLink: ["*"], View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/f3701b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/f3701b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.5-1] 7 commits: Bug 1738426 - Ignoring status 206 and vary header checking for opaque response...
by richard (＠richard) 23 Oct '23

23 Oct '23

richard pushed to branch tor-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: b4ecf06a by Eden Chuang at 2023-10-23T12:29:13+00:00 Bug 1738426 - Ignoring status 206 and vary header checking for opaque response in Cache API. r=asuth Differential Revision: https://phabricator.services.mozilla.com/D186431 - - - - - 64bd0c0d by edgul at 2023-10-23T12:29:13+00:00 Bug 1802057 - Block the following characters from use in the cookie name in the cookie string: 0x3B (semi-colon), 0x3D (equals), and 0x7F (del) r=dveditz,cookie-reviewers Differential Revision: https://phabricator.services.mozilla.com/D182373 - - - - - 4ead76f7 by Kelsey Gilbert at 2023-10-23T12:29:14+00:00 Bug 1819497 - Don't race on static bool for initialization. r=gfx-reviewers,aosmond We could do non-racy static init here (e.g. with a static initializer self-calling-closure), but there doesn't seem to be a strong reason for this. Let's just use a switch and get robustness from -Werror=switch. Differential Revision: https://phabricator.services.mozilla.com/D188054 - - - - - ce34aa4f by Mark Banner at 2023-10-23T12:29:14+00:00 Bug 1845752. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D186676 - - - - - 24a2f717 by Bob Owen at 2023-10-23T12:29:15+00:00 Bug 1850072: Initialize RecordedDrawTargetCreation::mHasExistingData. r=jrmuizel This also specializes ElementStreamFormat for bool. Differential Revision: https://phabricator.services.mozilla.com/D187794 - - - - - b41e1ac5 by Malte Juergens at 2023-10-23T12:29:15+00:00 Bug 1850200 - Add delay to HTTPS-Only "Continue to HTTPS Site" button r=freddyb Differential Revision: https://phabricator.services.mozilla.com/D187887 - - - - - 5d1936d6 by Andreas Pehrson at 2023-10-23T12:29:15+00:00 Bug 1851803 - Introduce SourceMediaTrack::mDirectDisabledMode. r=karlt Similar to MediaTrack::mDisabledMode, but this is for uses on the SourceMediaTrack producer thread. It is still signaled via a control message from the control thread to maintain order of operations, and is protected by the SourceMediaTrack mutex. Differential Revision: https://phabricator.services.mozilla.com/D187554 - - - - - 18 changed files: - dom/cache/TypeUtils.cpp - dom/canvas/WebGLContextExtensions.cpp - dom/media/MediaTrackGraph.cpp - dom/media/MediaTrackGraph.h - gfx/2d/RecordedEventImpl.h - gfx/2d/RecordingTypes.h - netwerk/cookie/CookieCommons.cpp - testing/web-platform/meta/cookies/name/name-ctl.html.ini - − testing/web-platform/meta/service-workers/cache-storage/cache-put.https.any.js.ini - toolkit/components/httpsonlyerror/content/errorpage.html - toolkit/components/httpsonlyerror/content/errorpage.js - toolkit/components/search/OpenSearchEngine.sys.mjs - toolkit/components/search/SearchEngine.sys.mjs - toolkit/components/search/SearchUtils.sys.mjs - toolkit/components/search/tests/xpcshell/data/iconsRedirect.sjs - toolkit/components/search/tests/xpcshell/test_opensearch_icons_invalid.js - toolkit/components/search/tests/xpcshell/test_webextensions_install.js - toolkit/modules/RemotePageAccessManager.sys.mjs Changes: ===================================== dom/cache/TypeUtils.cpp ===================================== @@ -184,7 +184,7 @@ void TypeUtils::ToCacheResponseWithoutBody(CacheResponse& aOut, aOut.statusText() = aIn.GetUnfilteredStatusText(); RefPtr<InternalHeaders> headers = aIn.UnfilteredHeaders(); MOZ_DIAGNOSTIC_ASSERT(headers); - if (HasVaryStar(headers)) { + if (aIn.Type() != ResponseType::Opaque && HasVaryStar(headers)) { aRv.ThrowTypeError("Invalid Response object with a 'Vary: *' header."); return; } ===================================== dom/canvas/WebGLContextExtensions.cpp ===================================== @@ -17,15 +17,10 @@ namespace mozilla { const char* GetExtensionName(const WebGLExtensionID ext) { - static EnumeratedArray<WebGLExtensionID, WebGLExtensionID::Max, const char*> - sExtensionNamesEnumeratedArray; - static bool initialized = false; - - if (!initialized) { - initialized = true; - + switch (ext) { #define WEBGL_EXTENSION_IDENTIFIER(x) \ - sExtensionNamesEnumeratedArray[WebGLExtensionID::x] = #x; + case WebGLExtensionID::x: \ + return #x; WEBGL_EXTENSION_IDENTIFIER(ANGLE_instanced_arrays) WEBGL_EXTENSION_IDENTIFIER(EXT_blend_minmax) @@ -67,9 +62,11 @@ const char* GetExtensionName(const WebGLExtensionID ext) { WEBGL_EXTENSION_IDENTIFIER(WEBGL_provoking_vertex) #undef WEBGL_EXTENSION_IDENTIFIER - } - return sExtensionNamesEnumeratedArray[ext]; + case WebGLExtensionID::Max: + break; + } + MOZ_CRASH("bad WebGLExtensionID"); } // ---------------------------- ===================================== dom/media/MediaTrackGraph.cpp ===================================== @@ -145,6 +145,27 @@ class GraphKey final { nsTHashMap<nsGenericHashKey<GraphKey>, MediaTrackGraphImpl*> gGraphs; } // anonymous namespace +static void ApplyTrackDisabling(DisabledTrackMode aDisabledMode, + MediaSegment* aSegment, + MediaSegment* aRawSegment) { + if (aDisabledMode == DisabledTrackMode::ENABLED) { + return; + } + if (aDisabledMode == DisabledTrackMode::SILENCE_BLACK) { + aSegment->ReplaceWithDisabled(); + if (aRawSegment) { + aRawSegment->ReplaceWithDisabled(); + } + } else if (aDisabledMode == DisabledTrackMode::SILENCE_FREEZE) { + aSegment->ReplaceWithNull(); + if (aRawSegment) { + aRawSegment->ReplaceWithNull(); + } + } else { + MOZ_CRASH("Unsupported mode"); + } +} + MediaTrackGraphImpl::~MediaTrackGraphImpl() { MOZ_ASSERT(mTracks.IsEmpty() && mSuspendedTracks.IsEmpty(), "All tracks should have been destroyed by messages from the main " @@ -2421,6 +2442,7 @@ RefPtr<GenericPromise> MediaTrack::RemoveListener( void MediaTrack::AddDirectListenerImpl( already_AddRefed<DirectMediaTrackListener> aListener) { + MOZ_ASSERT(mGraph->OnGraphThread()); // Base implementation, for tracks that don't support direct track listeners. RefPtr<DirectMediaTrackListener> listener = aListener; listener->NotifyDirectListenerInstalled( @@ -2503,6 +2525,7 @@ void MediaTrack::RunAfterPendingUpdates( } void MediaTrack::SetDisabledTrackModeImpl(DisabledTrackMode aMode) { + MOZ_ASSERT(mGraph->OnGraphThread()); MOZ_DIAGNOSTIC_ASSERT( aMode == DisabledTrackMode::ENABLED || mDisabledMode == DisabledTrackMode::ENABLED, @@ -2531,22 +2554,8 @@ void MediaTrack::SetDisabledTrackMode(DisabledTrackMode aMode) { void MediaTrack::ApplyTrackDisabling(MediaSegment* aSegment, MediaSegment* aRawSegment) { - if (mDisabledMode == DisabledTrackMode::ENABLED) { - return; - } - if (mDisabledMode == DisabledTrackMode::SILENCE_BLACK) { - aSegment->ReplaceWithDisabled(); - if (aRawSegment) { - aRawSegment->ReplaceWithDisabled(); - } - } else if (mDisabledMode == DisabledTrackMode::SILENCE_FREEZE) { - aSegment->ReplaceWithNull(); - if (aRawSegment) { - aRawSegment->ReplaceWithNull(); - } - } else { - MOZ_CRASH("Unsupported mode"); - } + MOZ_ASSERT(mGraph->OnGraphThread()); + mozilla::ApplyTrackDisabling(mDisabledMode, aSegment, aRawSegment); } void MediaTrack::AddMainThreadListener( @@ -2866,7 +2875,7 @@ TrackTime SourceMediaTrack::AppendData(MediaSegment* aSegment, // Apply track disabling before notifying any consumers directly // or inserting into the graph - ApplyTrackDisabling(aSegment, aRawSegment); + mozilla::ApplyTrackDisabling(mDirectDisabledMode, aSegment, aRawSegment); ResampleAudioToGraphSampleRate(aSegment); @@ -2910,6 +2919,7 @@ void SourceMediaTrack::NotifyDirectConsumers(MediaSegment* aSegment) { void SourceMediaTrack::AddDirectListenerImpl( already_AddRefed<DirectMediaTrackListener> aListener) { + MOZ_ASSERT(mGraph->OnGraphThread()); MutexAutoLock lock(mMutex); RefPtr<DirectMediaTrackListener> listener = aListener; @@ -2979,6 +2989,7 @@ void SourceMediaTrack::AddDirectListenerImpl( void SourceMediaTrack::RemoveDirectListenerImpl( DirectMediaTrackListener* aListener) { + mGraph->AssertOnGraphThreadOrNotRunning(); MutexAutoLock lock(mMutex); for (int32_t i = mDirectTrackListeners.Length() - 1; i >= 0; --i) { const RefPtr<DirectMediaTrackListener>& l = mDirectTrackListeners[i]; @@ -3008,17 +3019,20 @@ void SourceMediaTrack::End() { } void SourceMediaTrack::SetDisabledTrackModeImpl(DisabledTrackMode aMode) { + MOZ_ASSERT(mGraph->OnGraphThread()); { MutexAutoLock lock(mMutex); + const DisabledTrackMode oldMode = mDirectDisabledMode; + const bool oldEnabled = oldMode == DisabledTrackMode::ENABLED; + const bool enabled = aMode == DisabledTrackMode::ENABLED; + mDirectDisabledMode = aMode; for (const auto& l : mDirectTrackListeners) { - DisabledTrackMode oldMode = mDisabledMode; - bool oldEnabled = oldMode == DisabledTrackMode::ENABLED; - if (!oldEnabled && aMode == DisabledTrackMode::ENABLED) { + if (!oldEnabled && enabled) { LOG(LogLevel::Debug, ("%p: SourceMediaTrack %p setting " "direct listener enabled", GraphImpl(), this)); l->DecreaseDisabled(oldMode); - } else if (oldEnabled && aMode != DisabledTrackMode::ENABLED) { + } else if (oldEnabled && !enabled) { LOG(LogLevel::Debug, ("%p: SourceMediaTrack %p setting " "direct listener disabled", GraphImpl(), this)); ===================================== dom/media/MediaTrackGraph.h ===================================== @@ -652,18 +652,8 @@ class SourceMediaTrack : public MediaTrack { */ void End(); - // Overriding allows us to hold the mMutex lock while changing the track - // enable status void SetDisabledTrackModeImpl(DisabledTrackMode aMode) override; - // Overriding allows us to ensure mMutex is locked while changing the track - // enable status - void ApplyTrackDisabling(MediaSegment* aSegment, - MediaSegment* aRawSegment = nullptr) override { - mMutex.AssertCurrentThreadOwns(); - MediaTrack::ApplyTrackDisabling(aSegment, aRawSegment); - } - uint32_t NumberOfChannels() const override; void RemoveAllDirectListenersImpl() override; @@ -742,6 +732,11 @@ class SourceMediaTrack : public MediaTrack { // protected by mMutex float mVolume MOZ_GUARDED_BY(mMutex) = 1.0; UniquePtr<TrackData> mUpdateTrack MOZ_GUARDED_BY(mMutex); + // This track's associated disabled mode for uses on the producing thread. + // It can either by disabled by frames being replaced by black, or by + // retaining the previous frame. + DisabledTrackMode mDirectDisabledMode MOZ_GUARDED_BY(mMutex) = + DisabledTrackMode::ENABLED; nsTArray<RefPtr<DirectMediaTrackListener>> mDirectTrackListeners MOZ_GUARDED_BY(mMutex); }; ===================================== gfx/2d/RecordedEventImpl.h ===================================== @@ -65,7 +65,7 @@ class RecordedDrawTargetCreation BackendType mBackendType; IntRect mRect; SurfaceFormat mFormat; - bool mHasExistingData; + bool mHasExistingData = false; RefPtr<SourceSurface> mExistingData; private: ===================================== gfx/2d/RecordingTypes.h ===================================== @@ -24,6 +24,28 @@ struct ElementStreamFormat { aStream.read(reinterpret_cast<char*>(&aElement), sizeof(T)); } }; +template <class S> +struct ElementStreamFormat<S, bool> { + static void Write(S& aStream, const bool& aElement) { + char boolChar = aElement ? '\x01' : '\x00'; + aStream.write(&boolChar, sizeof(boolChar)); + } + static void Read(S& aStream, bool& aElement) { + char boolChar; + aStream.read(&boolChar, sizeof(boolChar)); + switch (boolChar) { + case '\x00': + aElement = false; + break; + case '\x01': + aElement = true; + break; + default: + aStream.SetIsBad(); + break; + } + } +}; template <class S, class T> void WriteElement(S& aStream, const T& aElement) { ===================================== netwerk/cookie/CookieCommons.cpp ===================================== @@ -200,9 +200,9 @@ bool CookieCommons::CheckNameAndValueSize(const CookieStruct& aCookieData) { bool CookieCommons::CheckName(const CookieStruct& aCookieData) { const char illegalNameCharacters[] = { - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, - 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x00}; + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x3B, 0x3D, 0x7F, 0x00}; const auto* start = aCookieData.name().BeginReading(); const auto* end = aCookieData.name().EndReading(); ===================================== testing/web-platform/meta/cookies/name/name-ctl.html.ini ===================================== @@ -11,36 +11,6 @@ [Cookie with %xd in name is rejected (DOM).] expected: FAIL - [Cookie with %x7f in name is rejected (DOM).] - expected: FAIL - - [Cookie with %x0 in name is rejected or modified (HTTP).] - expected: FAIL - - [Cookie with %x1 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x2 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x3 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x4 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x5 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x6 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x7 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x8 in name is rejected (HTTP).] - expected: FAIL - [Cookie with %x9 in name is accepted (HTTP).] expected: FAIL ===================================== testing/web-platform/meta/service-workers/cache-storage/cache-put.https.any.js.ini deleted ===================================== @@ -1,26 +0,0 @@ -[cache-put.https.any.serviceworker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.sharedworker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.worker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL ===================================== toolkit/components/httpsonlyerror/content/errorpage.html ===================================== @@ -67,6 +67,7 @@ <button id="openInsecure" data-l10n-id="about-httpsonly-button-continue-to-site" + inert ></button> </div> <div class="suggestion-box" hidden> ===================================== toolkit/components/httpsonlyerror/content/errorpage.js ===================================== @@ -34,6 +34,11 @@ function initPage() { .getElementById("openInsecure") .addEventListener("click", onOpenInsecureButtonClick); + const delay = RPMGetIntPref("security.dialog_enable_delay", 1000); + setTimeout(() => { + document.getElementById("openInsecure").removeAttribute("inert"); + }, delay); + if (window.top == window) { document .getElementById("goBack") ===================================== toolkit/components/search/OpenSearchEngine.sys.mjs ===================================== @@ -144,7 +144,12 @@ export class OpenSearchEngine extends SearchEngine { lazy.logConsole.debug("_install: Downloading engine from:", loadURI.spec); - var chan = lazy.SearchUtils.makeChannel(loadURI); + var chan = lazy.SearchUtils.makeChannel( + loadURI, + // OpenSearchEngine is loading a definition file for a search engine, + // TYPE_DOCUMENT captures that load best + Ci.nsIContentPolicy.TYPE_DOCUMENT + ); if (this._engineToUpdate && chan instanceof Ci.nsIHttpChannel) { var lastModified = this._engineToUpdate.getAttr("updatelastmodified"); ===================================== toolkit/components/search/SearchEngine.sys.mjs ===================================== @@ -821,7 +821,10 @@ export class SearchEngine { this._hasPreferredIcon = isPreferred; }; - let chan = lazy.SearchUtils.makeChannel(uri); + let chan = lazy.SearchUtils.makeChannel( + uri, + Ci.nsIContentPolicy.TYPE_IMAGE + ); let listener = new lazy.SearchUtils.LoadListener( chan, /^image\//, ===================================== toolkit/components/search/SearchUtils.sys.mjs ===================================== @@ -248,19 +248,24 @@ export var SearchUtils = { * * @param {string|nsIURI} url * The URL string from which to create an nsIChannel. + * @param {nsIContentPolicy} contentPolicyType + * The type of document being loaded. * @returns {nsIChannel} * an nsIChannel object, or null if the url is invalid. */ - makeChannel(url) { + makeChannel(url, contentPolicyType) { + if (!contentPolicyType) { + throw new Error("makeChannel called with invalid content policy type"); + } try { let uri = typeof url == "string" ? Services.io.newURI(url) : url; return Services.io.newChannelFromURI( uri, null /* loadingNode */, - Services.scriptSecurityManager.getSystemPrincipal(), + Services.scriptSecurityManager.createNullPrincipal({}), null /* triggeringPrincipal */, Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, - Ci.nsIContentPolicy.TYPE_OTHER + contentPolicyType ); } catch (ex) {} ===================================== toolkit/components/search/tests/xpcshell/data/iconsRedirect.sjs ===================================== @@ -10,7 +10,7 @@ function handleRequest(request, response) { response.setStatusLine("1.1", 302, "Moved"); if (request.queryString == "type=invalid") { response.setHeader("Content-Type", "image/png", false); - response.setHeader("Location", "engine.xml", false); + response.setHeader("Location", "/head_search.js", false); } else { response.setHeader("Content-Type", "text/html", false); response.setHeader("Location", "remoteIcon.ico", false); ===================================== toolkit/components/search/tests/xpcshell/test_opensearch_icons_invalid.js ===================================== @@ -12,9 +12,11 @@ add_task(async function setup() { }); add_task(async function test_installedresourceicon() { + // Attempts to load a resource:// url as an icon. let engine1 = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}opensearch/resourceicon.xml`, }); + // Attempts to load a chrome:// url as an icon. let engine2 = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}opensearch/chromeicon.xml`, }); @@ -32,12 +34,13 @@ add_task(async function test_installedhttpplace() { // The easiest way to test adding the icon is via a generated xml, otherwise // we have to somehow insert the address of the server into it. + // Attempts to load a non-image page into an image icon. let engine = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}data/engineMaker.sjs?` + JSON.stringify({ baseURL: gDataUrl, - image: "opensearch/resourceicon.xml", + image: "head_search.js", name: "invalidicon", method: "GET", }), ===================================== toolkit/components/search/tests/xpcshell/test_webextensions_install.js ===================================== @@ -5,6 +5,8 @@ const { promiseShutdownManager, promiseStartupManager } = AddonTestUtils; +let gBaseUrl; + async function getEngineNames() { let engines = await Services.search.getEngines(); return engines.map(engine => engine._name); @@ -13,6 +15,8 @@ async function getEngineNames() { add_task(async function setup() { let server = useHttpServer(); server.registerContentType("sjs", "sjs"); + gBaseUrl = `http://localhost:${server.identity.primaryPort}/`; + await SearchTestUtils.useTestEngines("test-extensions"); await promiseStartupManager(); @@ -132,7 +136,7 @@ add_task(async function test_load_favicon_invalid() { // User installs a new search engine let extension = await SearchTestUtils.installSearchExtension( { - favicon_url: `${gDataUrl}engine.xml`, + favicon_url: `${gBaseUrl}/head_search.js`, }, { skipUnload: true } ); ===================================== toolkit/modules/RemotePageAccessManager.sys.mjs ===================================== @@ -66,6 +66,7 @@ export let RemotePageAccessManager = { }, "about:httpsonlyerror": { RPMGetFormatURLPref: ["app.support.baseURL"], + RPMGetIntPref: ["security.dialog_enable_delay"], RPMSendAsyncMessage: ["goBack", "openInsecure"], RPMAddMessageListener: ["WWWReachable"], RPMTryPingSecureWWWLink: ["*"], View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/8982a3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/8982a3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.4.0esr-13.0-1] 7 commits: Bug 1738426 - Ignoring status 206 and vary header checking for opaque response...
by richard (＠richard) 23 Oct '23

23 Oct '23

richard pushed to branch mullvad-browser-115.4.0esr-13.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 00e0b1d4 by Eden Chuang at 2023-10-23T12:18:47+00:00 Bug 1738426 - Ignoring status 206 and vary header checking for opaque response in Cache API. r=asuth Differential Revision: https://phabricator.services.mozilla.com/D186431 - - - - - 19e02723 by edgul at 2023-10-23T12:18:48+00:00 Bug 1802057 - Block the following characters from use in the cookie name in the cookie string: 0x3B (semi-colon), 0x3D (equals), and 0x7F (del) r=dveditz,cookie-reviewers Differential Revision: https://phabricator.services.mozilla.com/D182373 - - - - - 18e737f2 by Kelsey Gilbert at 2023-10-23T12:18:48+00:00 Bug 1819497 - Don't race on static bool for initialization. r=gfx-reviewers,aosmond We could do non-racy static init here (e.g. with a static initializer self-calling-closure), but there doesn't seem to be a strong reason for this. Let's just use a switch and get robustness from -Werror=switch. Differential Revision: https://phabricator.services.mozilla.com/D188054 - - - - - 57c1d25a by Mark Banner at 2023-10-23T12:18:48+00:00 Bug 1845752. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D186676 - - - - - cc34ac65 by Bob Owen at 2023-10-23T12:18:49+00:00 Bug 1850072: Initialize RecordedDrawTargetCreation::mHasExistingData. r=jrmuizel This also specializes ElementStreamFormat for bool. Differential Revision: https://phabricator.services.mozilla.com/D187794 - - - - - 75377f78 by Malte Juergens at 2023-10-23T12:18:49+00:00 Bug 1850200 - Add delay to HTTPS-Only "Continue to HTTPS Site" button r=freddyb Differential Revision: https://phabricator.services.mozilla.com/D187887 - - - - - d366918b by Andreas Pehrson at 2023-10-23T12:18:49+00:00 Bug 1851803 - Introduce SourceMediaTrack::mDirectDisabledMode. r=karlt Similar to MediaTrack::mDisabledMode, but this is for uses on the SourceMediaTrack producer thread. It is still signaled via a control message from the control thread to maintain order of operations, and is protected by the SourceMediaTrack mutex. Differential Revision: https://phabricator.services.mozilla.com/D187554 - - - - - 18 changed files: - dom/cache/TypeUtils.cpp - dom/canvas/WebGLContextExtensions.cpp - dom/media/MediaTrackGraph.cpp - dom/media/MediaTrackGraph.h - gfx/2d/RecordedEventImpl.h - gfx/2d/RecordingTypes.h - netwerk/cookie/CookieCommons.cpp - testing/web-platform/meta/cookies/name/name-ctl.html.ini - − testing/web-platform/meta/service-workers/cache-storage/cache-put.https.any.js.ini - toolkit/components/httpsonlyerror/content/errorpage.html - toolkit/components/httpsonlyerror/content/errorpage.js - toolkit/components/search/OpenSearchEngine.sys.mjs - toolkit/components/search/SearchEngine.sys.mjs - toolkit/components/search/SearchUtils.sys.mjs - toolkit/components/search/tests/xpcshell/data/iconsRedirect.sjs - toolkit/components/search/tests/xpcshell/test_opensearch_icons_invalid.js - toolkit/components/search/tests/xpcshell/test_webextensions_install.js - toolkit/modules/RemotePageAccessManager.sys.mjs Changes: ===================================== dom/cache/TypeUtils.cpp ===================================== @@ -184,7 +184,7 @@ void TypeUtils::ToCacheResponseWithoutBody(CacheResponse& aOut, aOut.statusText() = aIn.GetUnfilteredStatusText(); RefPtr<InternalHeaders> headers = aIn.UnfilteredHeaders(); MOZ_DIAGNOSTIC_ASSERT(headers); - if (HasVaryStar(headers)) { + if (aIn.Type() != ResponseType::Opaque && HasVaryStar(headers)) { aRv.ThrowTypeError("Invalid Response object with a 'Vary: *' header."); return; } ===================================== dom/canvas/WebGLContextExtensions.cpp ===================================== @@ -17,15 +17,10 @@ namespace mozilla { const char* GetExtensionName(const WebGLExtensionID ext) { - static EnumeratedArray<WebGLExtensionID, WebGLExtensionID::Max, const char*> - sExtensionNamesEnumeratedArray; - static bool initialized = false; - - if (!initialized) { - initialized = true; - + switch (ext) { #define WEBGL_EXTENSION_IDENTIFIER(x) \ - sExtensionNamesEnumeratedArray[WebGLExtensionID::x] = #x; + case WebGLExtensionID::x: \ + return #x; WEBGL_EXTENSION_IDENTIFIER(ANGLE_instanced_arrays) WEBGL_EXTENSION_IDENTIFIER(EXT_blend_minmax) @@ -67,9 +62,11 @@ const char* GetExtensionName(const WebGLExtensionID ext) { WEBGL_EXTENSION_IDENTIFIER(WEBGL_provoking_vertex) #undef WEBGL_EXTENSION_IDENTIFIER - } - return sExtensionNamesEnumeratedArray[ext]; + case WebGLExtensionID::Max: + break; + } + MOZ_CRASH("bad WebGLExtensionID"); } // ---------------------------- ===================================== dom/media/MediaTrackGraph.cpp ===================================== @@ -145,6 +145,27 @@ class GraphKey final { nsTHashMap<nsGenericHashKey<GraphKey>, MediaTrackGraphImpl*> gGraphs; } // anonymous namespace +static void ApplyTrackDisabling(DisabledTrackMode aDisabledMode, + MediaSegment* aSegment, + MediaSegment* aRawSegment) { + if (aDisabledMode == DisabledTrackMode::ENABLED) { + return; + } + if (aDisabledMode == DisabledTrackMode::SILENCE_BLACK) { + aSegment->ReplaceWithDisabled(); + if (aRawSegment) { + aRawSegment->ReplaceWithDisabled(); + } + } else if (aDisabledMode == DisabledTrackMode::SILENCE_FREEZE) { + aSegment->ReplaceWithNull(); + if (aRawSegment) { + aRawSegment->ReplaceWithNull(); + } + } else { + MOZ_CRASH("Unsupported mode"); + } +} + MediaTrackGraphImpl::~MediaTrackGraphImpl() { MOZ_ASSERT(mTracks.IsEmpty() && mSuspendedTracks.IsEmpty(), "All tracks should have been destroyed by messages from the main " @@ -2421,6 +2442,7 @@ RefPtr<GenericPromise> MediaTrack::RemoveListener( void MediaTrack::AddDirectListenerImpl( already_AddRefed<DirectMediaTrackListener> aListener) { + MOZ_ASSERT(mGraph->OnGraphThread()); // Base implementation, for tracks that don't support direct track listeners. RefPtr<DirectMediaTrackListener> listener = aListener; listener->NotifyDirectListenerInstalled( @@ -2503,6 +2525,7 @@ void MediaTrack::RunAfterPendingUpdates( } void MediaTrack::SetDisabledTrackModeImpl(DisabledTrackMode aMode) { + MOZ_ASSERT(mGraph->OnGraphThread()); MOZ_DIAGNOSTIC_ASSERT( aMode == DisabledTrackMode::ENABLED || mDisabledMode == DisabledTrackMode::ENABLED, @@ -2531,22 +2554,8 @@ void MediaTrack::SetDisabledTrackMode(DisabledTrackMode aMode) { void MediaTrack::ApplyTrackDisabling(MediaSegment* aSegment, MediaSegment* aRawSegment) { - if (mDisabledMode == DisabledTrackMode::ENABLED) { - return; - } - if (mDisabledMode == DisabledTrackMode::SILENCE_BLACK) { - aSegment->ReplaceWithDisabled(); - if (aRawSegment) { - aRawSegment->ReplaceWithDisabled(); - } - } else if (mDisabledMode == DisabledTrackMode::SILENCE_FREEZE) { - aSegment->ReplaceWithNull(); - if (aRawSegment) { - aRawSegment->ReplaceWithNull(); - } - } else { - MOZ_CRASH("Unsupported mode"); - } + MOZ_ASSERT(mGraph->OnGraphThread()); + mozilla::ApplyTrackDisabling(mDisabledMode, aSegment, aRawSegment); } void MediaTrack::AddMainThreadListener( @@ -2866,7 +2875,7 @@ TrackTime SourceMediaTrack::AppendData(MediaSegment* aSegment, // Apply track disabling before notifying any consumers directly // or inserting into the graph - ApplyTrackDisabling(aSegment, aRawSegment); + mozilla::ApplyTrackDisabling(mDirectDisabledMode, aSegment, aRawSegment); ResampleAudioToGraphSampleRate(aSegment); @@ -2910,6 +2919,7 @@ void SourceMediaTrack::NotifyDirectConsumers(MediaSegment* aSegment) { void SourceMediaTrack::AddDirectListenerImpl( already_AddRefed<DirectMediaTrackListener> aListener) { + MOZ_ASSERT(mGraph->OnGraphThread()); MutexAutoLock lock(mMutex); RefPtr<DirectMediaTrackListener> listener = aListener; @@ -2979,6 +2989,7 @@ void SourceMediaTrack::AddDirectListenerImpl( void SourceMediaTrack::RemoveDirectListenerImpl( DirectMediaTrackListener* aListener) { + mGraph->AssertOnGraphThreadOrNotRunning(); MutexAutoLock lock(mMutex); for (int32_t i = mDirectTrackListeners.Length() - 1; i >= 0; --i) { const RefPtr<DirectMediaTrackListener>& l = mDirectTrackListeners[i]; @@ -3008,17 +3019,20 @@ void SourceMediaTrack::End() { } void SourceMediaTrack::SetDisabledTrackModeImpl(DisabledTrackMode aMode) { + MOZ_ASSERT(mGraph->OnGraphThread()); { MutexAutoLock lock(mMutex); + const DisabledTrackMode oldMode = mDirectDisabledMode; + const bool oldEnabled = oldMode == DisabledTrackMode::ENABLED; + const bool enabled = aMode == DisabledTrackMode::ENABLED; + mDirectDisabledMode = aMode; for (const auto& l : mDirectTrackListeners) { - DisabledTrackMode oldMode = mDisabledMode; - bool oldEnabled = oldMode == DisabledTrackMode::ENABLED; - if (!oldEnabled && aMode == DisabledTrackMode::ENABLED) { + if (!oldEnabled && enabled) { LOG(LogLevel::Debug, ("%p: SourceMediaTrack %p setting " "direct listener enabled", GraphImpl(), this)); l->DecreaseDisabled(oldMode); - } else if (oldEnabled && aMode != DisabledTrackMode::ENABLED) { + } else if (oldEnabled && !enabled) { LOG(LogLevel::Debug, ("%p: SourceMediaTrack %p setting " "direct listener disabled", GraphImpl(), this)); ===================================== dom/media/MediaTrackGraph.h ===================================== @@ -652,18 +652,8 @@ class SourceMediaTrack : public MediaTrack { */ void End(); - // Overriding allows us to hold the mMutex lock while changing the track - // enable status void SetDisabledTrackModeImpl(DisabledTrackMode aMode) override; - // Overriding allows us to ensure mMutex is locked while changing the track - // enable status - void ApplyTrackDisabling(MediaSegment* aSegment, - MediaSegment* aRawSegment = nullptr) override { - mMutex.AssertCurrentThreadOwns(); - MediaTrack::ApplyTrackDisabling(aSegment, aRawSegment); - } - uint32_t NumberOfChannels() const override; void RemoveAllDirectListenersImpl() override; @@ -742,6 +732,11 @@ class SourceMediaTrack : public MediaTrack { // protected by mMutex float mVolume MOZ_GUARDED_BY(mMutex) = 1.0; UniquePtr<TrackData> mUpdateTrack MOZ_GUARDED_BY(mMutex); + // This track's associated disabled mode for uses on the producing thread. + // It can either by disabled by frames being replaced by black, or by + // retaining the previous frame. + DisabledTrackMode mDirectDisabledMode MOZ_GUARDED_BY(mMutex) = + DisabledTrackMode::ENABLED; nsTArray<RefPtr<DirectMediaTrackListener>> mDirectTrackListeners MOZ_GUARDED_BY(mMutex); }; ===================================== gfx/2d/RecordedEventImpl.h ===================================== @@ -65,7 +65,7 @@ class RecordedDrawTargetCreation BackendType mBackendType; IntRect mRect; SurfaceFormat mFormat; - bool mHasExistingData; + bool mHasExistingData = false; RefPtr<SourceSurface> mExistingData; private: ===================================== gfx/2d/RecordingTypes.h ===================================== @@ -24,6 +24,28 @@ struct ElementStreamFormat { aStream.read(reinterpret_cast<char*>(&aElement), sizeof(T)); } }; +template <class S> +struct ElementStreamFormat<S, bool> { + static void Write(S& aStream, const bool& aElement) { + char boolChar = aElement ? '\x01' : '\x00'; + aStream.write(&boolChar, sizeof(boolChar)); + } + static void Read(S& aStream, bool& aElement) { + char boolChar; + aStream.read(&boolChar, sizeof(boolChar)); + switch (boolChar) { + case '\x00': + aElement = false; + break; + case '\x01': + aElement = true; + break; + default: + aStream.SetIsBad(); + break; + } + } +}; template <class S, class T> void WriteElement(S& aStream, const T& aElement) { ===================================== netwerk/cookie/CookieCommons.cpp ===================================== @@ -200,9 +200,9 @@ bool CookieCommons::CheckNameAndValueSize(const CookieStruct& aCookieData) { bool CookieCommons::CheckName(const CookieStruct& aCookieData) { const char illegalNameCharacters[] = { - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, - 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x00}; + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x3B, 0x3D, 0x7F, 0x00}; const auto* start = aCookieData.name().BeginReading(); const auto* end = aCookieData.name().EndReading(); ===================================== testing/web-platform/meta/cookies/name/name-ctl.html.ini ===================================== @@ -11,36 +11,6 @@ [Cookie with %xd in name is rejected (DOM).] expected: FAIL - [Cookie with %x7f in name is rejected (DOM).] - expected: FAIL - - [Cookie with %x0 in name is rejected or modified (HTTP).] - expected: FAIL - - [Cookie with %x1 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x2 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x3 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x4 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x5 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x6 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x7 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x8 in name is rejected (HTTP).] - expected: FAIL - [Cookie with %x9 in name is accepted (HTTP).] expected: FAIL ===================================== testing/web-platform/meta/service-workers/cache-storage/cache-put.https.any.js.ini deleted ===================================== @@ -1,26 +0,0 @@ -[cache-put.https.any.serviceworker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.sharedworker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.worker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL ===================================== toolkit/components/httpsonlyerror/content/errorpage.html ===================================== @@ -67,6 +67,7 @@ <button id="openInsecure" data-l10n-id="about-httpsonly-button-continue-to-site" + inert ></button> </div> <div class="suggestion-box" hidden> ===================================== toolkit/components/httpsonlyerror/content/errorpage.js ===================================== @@ -34,6 +34,11 @@ function initPage() { .getElementById("openInsecure") .addEventListener("click", onOpenInsecureButtonClick); + const delay = RPMGetIntPref("security.dialog_enable_delay", 1000); + setTimeout(() => { + document.getElementById("openInsecure").removeAttribute("inert"); + }, delay); + if (window.top == window) { document .getElementById("goBack") ===================================== toolkit/components/search/OpenSearchEngine.sys.mjs ===================================== @@ -144,7 +144,12 @@ export class OpenSearchEngine extends SearchEngine { lazy.logConsole.debug("_install: Downloading engine from:", loadURI.spec); - var chan = lazy.SearchUtils.makeChannel(loadURI); + var chan = lazy.SearchUtils.makeChannel( + loadURI, + // OpenSearchEngine is loading a definition file for a search engine, + // TYPE_DOCUMENT captures that load best + Ci.nsIContentPolicy.TYPE_DOCUMENT + ); if (this._engineToUpdate && chan instanceof Ci.nsIHttpChannel) { var lastModified = this._engineToUpdate.getAttr("updatelastmodified"); ===================================== toolkit/components/search/SearchEngine.sys.mjs ===================================== @@ -821,7 +821,10 @@ export class SearchEngine { this._hasPreferredIcon = isPreferred; }; - let chan = lazy.SearchUtils.makeChannel(uri); + let chan = lazy.SearchUtils.makeChannel( + uri, + Ci.nsIContentPolicy.TYPE_IMAGE + ); let listener = new lazy.SearchUtils.LoadListener( chan, /^image\//, ===================================== toolkit/components/search/SearchUtils.sys.mjs ===================================== @@ -248,19 +248,24 @@ export var SearchUtils = { * * @param {string|nsIURI} url * The URL string from which to create an nsIChannel. + * @param {nsIContentPolicy} contentPolicyType + * The type of document being loaded. * @returns {nsIChannel} * an nsIChannel object, or null if the url is invalid. */ - makeChannel(url) { + makeChannel(url, contentPolicyType) { + if (!contentPolicyType) { + throw new Error("makeChannel called with invalid content policy type"); + } try { let uri = typeof url == "string" ? Services.io.newURI(url) : url; return Services.io.newChannelFromURI( uri, null /* loadingNode */, - Services.scriptSecurityManager.getSystemPrincipal(), + Services.scriptSecurityManager.createNullPrincipal({}), null /* triggeringPrincipal */, Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, - Ci.nsIContentPolicy.TYPE_OTHER + contentPolicyType ); } catch (ex) {} ===================================== toolkit/components/search/tests/xpcshell/data/iconsRedirect.sjs ===================================== @@ -10,7 +10,7 @@ function handleRequest(request, response) { response.setStatusLine("1.1", 302, "Moved"); if (request.queryString == "type=invalid") { response.setHeader("Content-Type", "image/png", false); - response.setHeader("Location", "engine.xml", false); + response.setHeader("Location", "/head_search.js", false); } else { response.setHeader("Content-Type", "text/html", false); response.setHeader("Location", "remoteIcon.ico", false); ===================================== toolkit/components/search/tests/xpcshell/test_opensearch_icons_invalid.js ===================================== @@ -12,9 +12,11 @@ add_task(async function setup() { }); add_task(async function test_installedresourceicon() { + // Attempts to load a resource:// url as an icon. let engine1 = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}opensearch/resourceicon.xml`, }); + // Attempts to load a chrome:// url as an icon. let engine2 = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}opensearch/chromeicon.xml`, }); @@ -32,12 +34,13 @@ add_task(async function test_installedhttpplace() { // The easiest way to test adding the icon is via a generated xml, otherwise // we have to somehow insert the address of the server into it. + // Attempts to load a non-image page into an image icon. let engine = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}data/engineMaker.sjs?` + JSON.stringify({ baseURL: gDataUrl, - image: "opensearch/resourceicon.xml", + image: "head_search.js", name: "invalidicon", method: "GET", }), ===================================== toolkit/components/search/tests/xpcshell/test_webextensions_install.js ===================================== @@ -5,6 +5,8 @@ const { promiseShutdownManager, promiseStartupManager } = AddonTestUtils; +let gBaseUrl; + async function getEngineNames() { let engines = await Services.search.getEngines(); return engines.map(engine => engine._name); @@ -13,6 +15,8 @@ async function getEngineNames() { add_task(async function setup() { let server = useHttpServer(); server.registerContentType("sjs", "sjs"); + gBaseUrl = `http://localhost:${server.identity.primaryPort}/`; + await SearchTestUtils.useTestEngines("test-extensions"); await promiseStartupManager(); @@ -132,7 +136,7 @@ add_task(async function test_load_favicon_invalid() { // User installs a new search engine let extension = await SearchTestUtils.installSearchExtension( { - favicon_url: `${gDataUrl}engine.xml`, + favicon_url: `${gBaseUrl}/head_search.js`, }, { skipUnload: true } ); ===================================== toolkit/modules/RemotePageAccessManager.sys.mjs ===================================== @@ -66,6 +66,7 @@ export let RemotePageAccessManager = { }, "about:httpsonlyerror": { RPMGetFormatURLPref: ["app.support.baseURL"], + RPMGetIntPref: ["security.dialog_enable_delay"], RPMSendAsyncMessage: ["goBack", "openInsecure"], RPMAddMessageListener: ["WWWReachable"], RPMTryPingSecureWWWLink: ["*"], View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/78… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/78… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.4.0esr-13.0-1] 7 commits: Bug 1738426 - Ignoring status 206 and vary header checking for opaque response...
by richard (＠richard) 23 Oct '23

23 Oct '23

richard pushed to branch base-browser-115.4.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: b9e4a514 by Eden Chuang at 2023-10-23T12:08:01+00:00 Bug 1738426 - Ignoring status 206 and vary header checking for opaque response in Cache API. r=asuth Differential Revision: https://phabricator.services.mozilla.com/D186431 - - - - - 8c746a06 by edgul at 2023-10-23T12:08:02+00:00 Bug 1802057 - Block the following characters from use in the cookie name in the cookie string: 0x3B (semi-colon), 0x3D (equals), and 0x7F (del) r=dveditz,cookie-reviewers Differential Revision: https://phabricator.services.mozilla.com/D182373 - - - - - 84ccf5cf by Kelsey Gilbert at 2023-10-23T12:08:02+00:00 Bug 1819497 - Don't race on static bool for initialization. r=gfx-reviewers,aosmond We could do non-racy static init here (e.g. with a static initializer self-calling-closure), but there doesn't seem to be a strong reason for this. Let's just use a switch and get robustness from -Werror=switch. Differential Revision: https://phabricator.services.mozilla.com/D188054 - - - - - 86a0bd0a by Mark Banner at 2023-10-23T12:08:03+00:00 Bug 1845752. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D186676 - - - - - 20ba1040 by Bob Owen at 2023-10-23T12:08:03+00:00 Bug 1850072: Initialize RecordedDrawTargetCreation::mHasExistingData. r=jrmuizel This also specializes ElementStreamFormat for bool. Differential Revision: https://phabricator.services.mozilla.com/D187794 - - - - - ceefded8 by Malte Juergens at 2023-10-23T12:08:03+00:00 Bug 1850200 - Add delay to HTTPS-Only "Continue to HTTPS Site" button r=freddyb Differential Revision: https://phabricator.services.mozilla.com/D187887 - - - - - a27ce01f by Andreas Pehrson at 2023-10-23T12:08:04+00:00 Bug 1851803 - Introduce SourceMediaTrack::mDirectDisabledMode. r=karlt Similar to MediaTrack::mDisabledMode, but this is for uses on the SourceMediaTrack producer thread. It is still signaled via a control message from the control thread to maintain order of operations, and is protected by the SourceMediaTrack mutex. Differential Revision: https://phabricator.services.mozilla.com/D187554 - - - - - 18 changed files: - dom/cache/TypeUtils.cpp - dom/canvas/WebGLContextExtensions.cpp - dom/media/MediaTrackGraph.cpp - dom/media/MediaTrackGraph.h - gfx/2d/RecordedEventImpl.h - gfx/2d/RecordingTypes.h - netwerk/cookie/CookieCommons.cpp - testing/web-platform/meta/cookies/name/name-ctl.html.ini - − testing/web-platform/meta/service-workers/cache-storage/cache-put.https.any.js.ini - toolkit/components/httpsonlyerror/content/errorpage.html - toolkit/components/httpsonlyerror/content/errorpage.js - toolkit/components/search/OpenSearchEngine.sys.mjs - toolkit/components/search/SearchEngine.sys.mjs - toolkit/components/search/SearchUtils.sys.mjs - toolkit/components/search/tests/xpcshell/data/iconsRedirect.sjs - toolkit/components/search/tests/xpcshell/test_opensearch_icons_invalid.js - toolkit/components/search/tests/xpcshell/test_webextensions_install.js - toolkit/modules/RemotePageAccessManager.sys.mjs Changes: ===================================== dom/cache/TypeUtils.cpp ===================================== @@ -184,7 +184,7 @@ void TypeUtils::ToCacheResponseWithoutBody(CacheResponse& aOut, aOut.statusText() = aIn.GetUnfilteredStatusText(); RefPtr<InternalHeaders> headers = aIn.UnfilteredHeaders(); MOZ_DIAGNOSTIC_ASSERT(headers); - if (HasVaryStar(headers)) { + if (aIn.Type() != ResponseType::Opaque && HasVaryStar(headers)) { aRv.ThrowTypeError("Invalid Response object with a 'Vary: *' header."); return; } ===================================== dom/canvas/WebGLContextExtensions.cpp ===================================== @@ -17,15 +17,10 @@ namespace mozilla { const char* GetExtensionName(const WebGLExtensionID ext) { - static EnumeratedArray<WebGLExtensionID, WebGLExtensionID::Max, const char*> - sExtensionNamesEnumeratedArray; - static bool initialized = false; - - if (!initialized) { - initialized = true; - + switch (ext) { #define WEBGL_EXTENSION_IDENTIFIER(x) \ - sExtensionNamesEnumeratedArray[WebGLExtensionID::x] = #x; + case WebGLExtensionID::x: \ + return #x; WEBGL_EXTENSION_IDENTIFIER(ANGLE_instanced_arrays) WEBGL_EXTENSION_IDENTIFIER(EXT_blend_minmax) @@ -67,9 +62,11 @@ const char* GetExtensionName(const WebGLExtensionID ext) { WEBGL_EXTENSION_IDENTIFIER(WEBGL_provoking_vertex) #undef WEBGL_EXTENSION_IDENTIFIER - } - return sExtensionNamesEnumeratedArray[ext]; + case WebGLExtensionID::Max: + break; + } + MOZ_CRASH("bad WebGLExtensionID"); } // ---------------------------- ===================================== dom/media/MediaTrackGraph.cpp ===================================== @@ -145,6 +145,27 @@ class GraphKey final { nsTHashMap<nsGenericHashKey<GraphKey>, MediaTrackGraphImpl*> gGraphs; } // anonymous namespace +static void ApplyTrackDisabling(DisabledTrackMode aDisabledMode, + MediaSegment* aSegment, + MediaSegment* aRawSegment) { + if (aDisabledMode == DisabledTrackMode::ENABLED) { + return; + } + if (aDisabledMode == DisabledTrackMode::SILENCE_BLACK) { + aSegment->ReplaceWithDisabled(); + if (aRawSegment) { + aRawSegment->ReplaceWithDisabled(); + } + } else if (aDisabledMode == DisabledTrackMode::SILENCE_FREEZE) { + aSegment->ReplaceWithNull(); + if (aRawSegment) { + aRawSegment->ReplaceWithNull(); + } + } else { + MOZ_CRASH("Unsupported mode"); + } +} + MediaTrackGraphImpl::~MediaTrackGraphImpl() { MOZ_ASSERT(mTracks.IsEmpty() && mSuspendedTracks.IsEmpty(), "All tracks should have been destroyed by messages from the main " @@ -2421,6 +2442,7 @@ RefPtr<GenericPromise> MediaTrack::RemoveListener( void MediaTrack::AddDirectListenerImpl( already_AddRefed<DirectMediaTrackListener> aListener) { + MOZ_ASSERT(mGraph->OnGraphThread()); // Base implementation, for tracks that don't support direct track listeners. RefPtr<DirectMediaTrackListener> listener = aListener; listener->NotifyDirectListenerInstalled( @@ -2503,6 +2525,7 @@ void MediaTrack::RunAfterPendingUpdates( } void MediaTrack::SetDisabledTrackModeImpl(DisabledTrackMode aMode) { + MOZ_ASSERT(mGraph->OnGraphThread()); MOZ_DIAGNOSTIC_ASSERT( aMode == DisabledTrackMode::ENABLED || mDisabledMode == DisabledTrackMode::ENABLED, @@ -2531,22 +2554,8 @@ void MediaTrack::SetDisabledTrackMode(DisabledTrackMode aMode) { void MediaTrack::ApplyTrackDisabling(MediaSegment* aSegment, MediaSegment* aRawSegment) { - if (mDisabledMode == DisabledTrackMode::ENABLED) { - return; - } - if (mDisabledMode == DisabledTrackMode::SILENCE_BLACK) { - aSegment->ReplaceWithDisabled(); - if (aRawSegment) { - aRawSegment->ReplaceWithDisabled(); - } - } else if (mDisabledMode == DisabledTrackMode::SILENCE_FREEZE) { - aSegment->ReplaceWithNull(); - if (aRawSegment) { - aRawSegment->ReplaceWithNull(); - } - } else { - MOZ_CRASH("Unsupported mode"); - } + MOZ_ASSERT(mGraph->OnGraphThread()); + mozilla::ApplyTrackDisabling(mDisabledMode, aSegment, aRawSegment); } void MediaTrack::AddMainThreadListener( @@ -2866,7 +2875,7 @@ TrackTime SourceMediaTrack::AppendData(MediaSegment* aSegment, // Apply track disabling before notifying any consumers directly // or inserting into the graph - ApplyTrackDisabling(aSegment, aRawSegment); + mozilla::ApplyTrackDisabling(mDirectDisabledMode, aSegment, aRawSegment); ResampleAudioToGraphSampleRate(aSegment); @@ -2910,6 +2919,7 @@ void SourceMediaTrack::NotifyDirectConsumers(MediaSegment* aSegment) { void SourceMediaTrack::AddDirectListenerImpl( already_AddRefed<DirectMediaTrackListener> aListener) { + MOZ_ASSERT(mGraph->OnGraphThread()); MutexAutoLock lock(mMutex); RefPtr<DirectMediaTrackListener> listener = aListener; @@ -2979,6 +2989,7 @@ void SourceMediaTrack::AddDirectListenerImpl( void SourceMediaTrack::RemoveDirectListenerImpl( DirectMediaTrackListener* aListener) { + mGraph->AssertOnGraphThreadOrNotRunning(); MutexAutoLock lock(mMutex); for (int32_t i = mDirectTrackListeners.Length() - 1; i >= 0; --i) { const RefPtr<DirectMediaTrackListener>& l = mDirectTrackListeners[i]; @@ -3008,17 +3019,20 @@ void SourceMediaTrack::End() { } void SourceMediaTrack::SetDisabledTrackModeImpl(DisabledTrackMode aMode) { + MOZ_ASSERT(mGraph->OnGraphThread()); { MutexAutoLock lock(mMutex); + const DisabledTrackMode oldMode = mDirectDisabledMode; + const bool oldEnabled = oldMode == DisabledTrackMode::ENABLED; + const bool enabled = aMode == DisabledTrackMode::ENABLED; + mDirectDisabledMode = aMode; for (const auto& l : mDirectTrackListeners) { - DisabledTrackMode oldMode = mDisabledMode; - bool oldEnabled = oldMode == DisabledTrackMode::ENABLED; - if (!oldEnabled && aMode == DisabledTrackMode::ENABLED) { + if (!oldEnabled && enabled) { LOG(LogLevel::Debug, ("%p: SourceMediaTrack %p setting " "direct listener enabled", GraphImpl(), this)); l->DecreaseDisabled(oldMode); - } else if (oldEnabled && aMode != DisabledTrackMode::ENABLED) { + } else if (oldEnabled && !enabled) { LOG(LogLevel::Debug, ("%p: SourceMediaTrack %p setting " "direct listener disabled", GraphImpl(), this)); ===================================== dom/media/MediaTrackGraph.h ===================================== @@ -652,18 +652,8 @@ class SourceMediaTrack : public MediaTrack { */ void End(); - // Overriding allows us to hold the mMutex lock while changing the track - // enable status void SetDisabledTrackModeImpl(DisabledTrackMode aMode) override; - // Overriding allows us to ensure mMutex is locked while changing the track - // enable status - void ApplyTrackDisabling(MediaSegment* aSegment, - MediaSegment* aRawSegment = nullptr) override { - mMutex.AssertCurrentThreadOwns(); - MediaTrack::ApplyTrackDisabling(aSegment, aRawSegment); - } - uint32_t NumberOfChannels() const override; void RemoveAllDirectListenersImpl() override; @@ -742,6 +732,11 @@ class SourceMediaTrack : public MediaTrack { // protected by mMutex float mVolume MOZ_GUARDED_BY(mMutex) = 1.0; UniquePtr<TrackData> mUpdateTrack MOZ_GUARDED_BY(mMutex); + // This track's associated disabled mode for uses on the producing thread. + // It can either by disabled by frames being replaced by black, or by + // retaining the previous frame. + DisabledTrackMode mDirectDisabledMode MOZ_GUARDED_BY(mMutex) = + DisabledTrackMode::ENABLED; nsTArray<RefPtr<DirectMediaTrackListener>> mDirectTrackListeners MOZ_GUARDED_BY(mMutex); }; ===================================== gfx/2d/RecordedEventImpl.h ===================================== @@ -65,7 +65,7 @@ class RecordedDrawTargetCreation BackendType mBackendType; IntRect mRect; SurfaceFormat mFormat; - bool mHasExistingData; + bool mHasExistingData = false; RefPtr<SourceSurface> mExistingData; private: ===================================== gfx/2d/RecordingTypes.h ===================================== @@ -24,6 +24,28 @@ struct ElementStreamFormat { aStream.read(reinterpret_cast<char*>(&aElement), sizeof(T)); } }; +template <class S> +struct ElementStreamFormat<S, bool> { + static void Write(S& aStream, const bool& aElement) { + char boolChar = aElement ? '\x01' : '\x00'; + aStream.write(&boolChar, sizeof(boolChar)); + } + static void Read(S& aStream, bool& aElement) { + char boolChar; + aStream.read(&boolChar, sizeof(boolChar)); + switch (boolChar) { + case '\x00': + aElement = false; + break; + case '\x01': + aElement = true; + break; + default: + aStream.SetIsBad(); + break; + } + } +}; template <class S, class T> void WriteElement(S& aStream, const T& aElement) { ===================================== netwerk/cookie/CookieCommons.cpp ===================================== @@ -200,9 +200,9 @@ bool CookieCommons::CheckNameAndValueSize(const CookieStruct& aCookieData) { bool CookieCommons::CheckName(const CookieStruct& aCookieData) { const char illegalNameCharacters[] = { - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, - 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x00}; + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x3B, 0x3D, 0x7F, 0x00}; const auto* start = aCookieData.name().BeginReading(); const auto* end = aCookieData.name().EndReading(); ===================================== testing/web-platform/meta/cookies/name/name-ctl.html.ini ===================================== @@ -11,36 +11,6 @@ [Cookie with %xd in name is rejected (DOM).] expected: FAIL - [Cookie with %x7f in name is rejected (DOM).] - expected: FAIL - - [Cookie with %x0 in name is rejected or modified (HTTP).] - expected: FAIL - - [Cookie with %x1 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x2 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x3 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x4 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x5 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x6 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x7 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x8 in name is rejected (HTTP).] - expected: FAIL - [Cookie with %x9 in name is accepted (HTTP).] expected: FAIL ===================================== testing/web-platform/meta/service-workers/cache-storage/cache-put.https.any.js.ini deleted ===================================== @@ -1,26 +0,0 @@ -[cache-put.https.any.serviceworker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.sharedworker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.worker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL ===================================== toolkit/components/httpsonlyerror/content/errorpage.html ===================================== @@ -67,6 +67,7 @@ <button id="openInsecure" data-l10n-id="about-httpsonly-button-continue-to-site" + inert ></button> </div> <div class="suggestion-box" hidden> ===================================== toolkit/components/httpsonlyerror/content/errorpage.js ===================================== @@ -34,6 +34,11 @@ function initPage() { .getElementById("openInsecure") .addEventListener("click", onOpenInsecureButtonClick); + const delay = RPMGetIntPref("security.dialog_enable_delay", 1000); + setTimeout(() => { + document.getElementById("openInsecure").removeAttribute("inert"); + }, delay); + if (window.top == window) { document .getElementById("goBack") ===================================== toolkit/components/search/OpenSearchEngine.sys.mjs ===================================== @@ -144,7 +144,12 @@ export class OpenSearchEngine extends SearchEngine { lazy.logConsole.debug("_install: Downloading engine from:", loadURI.spec); - var chan = lazy.SearchUtils.makeChannel(loadURI); + var chan = lazy.SearchUtils.makeChannel( + loadURI, + // OpenSearchEngine is loading a definition file for a search engine, + // TYPE_DOCUMENT captures that load best + Ci.nsIContentPolicy.TYPE_DOCUMENT + ); if (this._engineToUpdate && chan instanceof Ci.nsIHttpChannel) { var lastModified = this._engineToUpdate.getAttr("updatelastmodified"); ===================================== toolkit/components/search/SearchEngine.sys.mjs ===================================== @@ -821,7 +821,10 @@ export class SearchEngine { this._hasPreferredIcon = isPreferred; }; - let chan = lazy.SearchUtils.makeChannel(uri); + let chan = lazy.SearchUtils.makeChannel( + uri, + Ci.nsIContentPolicy.TYPE_IMAGE + ); let listener = new lazy.SearchUtils.LoadListener( chan, /^image\//, ===================================== toolkit/components/search/SearchUtils.sys.mjs ===================================== @@ -248,19 +248,24 @@ export var SearchUtils = { * * @param {string|nsIURI} url * The URL string from which to create an nsIChannel. + * @param {nsIContentPolicy} contentPolicyType + * The type of document being loaded. * @returns {nsIChannel} * an nsIChannel object, or null if the url is invalid. */ - makeChannel(url) { + makeChannel(url, contentPolicyType) { + if (!contentPolicyType) { + throw new Error("makeChannel called with invalid content policy type"); + } try { let uri = typeof url == "string" ? Services.io.newURI(url) : url; return Services.io.newChannelFromURI( uri, null /* loadingNode */, - Services.scriptSecurityManager.getSystemPrincipal(), + Services.scriptSecurityManager.createNullPrincipal({}), null /* triggeringPrincipal */, Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, - Ci.nsIContentPolicy.TYPE_OTHER + contentPolicyType ); } catch (ex) {} ===================================== toolkit/components/search/tests/xpcshell/data/iconsRedirect.sjs ===================================== @@ -10,7 +10,7 @@ function handleRequest(request, response) { response.setStatusLine("1.1", 302, "Moved"); if (request.queryString == "type=invalid") { response.setHeader("Content-Type", "image/png", false); - response.setHeader("Location", "engine.xml", false); + response.setHeader("Location", "/head_search.js", false); } else { response.setHeader("Content-Type", "text/html", false); response.setHeader("Location", "remoteIcon.ico", false); ===================================== toolkit/components/search/tests/xpcshell/test_opensearch_icons_invalid.js ===================================== @@ -12,9 +12,11 @@ add_task(async function setup() { }); add_task(async function test_installedresourceicon() { + // Attempts to load a resource:// url as an icon. let engine1 = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}opensearch/resourceicon.xml`, }); + // Attempts to load a chrome:// url as an icon. let engine2 = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}opensearch/chromeicon.xml`, }); @@ -32,12 +34,13 @@ add_task(async function test_installedhttpplace() { // The easiest way to test adding the icon is via a generated xml, otherwise // we have to somehow insert the address of the server into it. + // Attempts to load a non-image page into an image icon. let engine = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}data/engineMaker.sjs?` + JSON.stringify({ baseURL: gDataUrl, - image: "opensearch/resourceicon.xml", + image: "head_search.js", name: "invalidicon", method: "GET", }), ===================================== toolkit/components/search/tests/xpcshell/test_webextensions_install.js ===================================== @@ -5,6 +5,8 @@ const { promiseShutdownManager, promiseStartupManager } = AddonTestUtils; +let gBaseUrl; + async function getEngineNames() { let engines = await Services.search.getEngines(); return engines.map(engine => engine._name); @@ -13,6 +15,8 @@ async function getEngineNames() { add_task(async function setup() { let server = useHttpServer(); server.registerContentType("sjs", "sjs"); + gBaseUrl = `http://localhost:${server.identity.primaryPort}/`; + await SearchTestUtils.useTestEngines("test-extensions"); await promiseStartupManager(); @@ -132,7 +136,7 @@ add_task(async function test_load_favicon_invalid() { // User installs a new search engine let extension = await SearchTestUtils.installSearchExtension( { - favicon_url: `${gDataUrl}engine.xml`, + favicon_url: `${gBaseUrl}/head_search.js`, }, { skipUnload: true } ); ===================================== toolkit/modules/RemotePageAccessManager.sys.mjs ===================================== @@ -66,6 +66,7 @@ export let RemotePageAccessManager = { }, "about:httpsonlyerror": { RPMGetFormatURLPref: ["app.support.baseURL"], + RPMGetIntPref: ["security.dialog_enable_delay"], RPMSendAsyncMessage: ["goBack", "openInsecure"], RPMAddMessageListener: ["WWWReachable"], RPMTryPingSecureWWWLink: ["*"], View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/a78a91… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/a78a91… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.0-1] 8 commits: Bug 1738426 - Ignoring status 206 and vary header checking for opaque response...
by richard (＠richard) 23 Oct '23

23 Oct '23

richard pushed to branch tor-browser-115.4.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 2abd55fd by Eden Chuang at 2023-10-21T19:53:08+02:00 Bug 1738426 - Ignoring status 206 and vary header checking for opaque response in Cache API. r=asuth Differential Revision: https://phabricator.services.mozilla.com/D186431 - - - - - 9935a5d2 by edgul at 2023-10-21T20:19:27+02:00 Bug 1802057 - Block the following characters from use in the cookie name in the cookie string: 0x3B (semi-colon), 0x3D (equals), and 0x7F (del) r=dveditz,cookie-reviewers Differential Revision: https://phabricator.services.mozilla.com/D182373 - - - - - 17f51380 by Kelsey Gilbert at 2023-10-21T20:26:18+02:00 Bug 1819497 - Don't race on static bool for initialization. r=gfx-reviewers,aosmond We could do non-racy static init here (e.g. with a static initializer self-calling-closure), but there doesn't seem to be a strong reason for this. Let's just use a switch and get robustness from -Werror=switch. Differential Revision: https://phabricator.services.mozilla.com/D188054 - - - - - 220260c4 by Mark Banner at 2023-10-21T20:56:11+02:00 Bug 1845752. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D186676 - - - - - 12d376c9 by Bob Owen at 2023-10-21T21:02:12+02:00 Bug 1850072: Initialize RecordedDrawTargetCreation::mHasExistingData. r=jrmuizel This also specializes ElementStreamFormat for bool. Differential Revision: https://phabricator.services.mozilla.com/D187794 - - - - - 2488f011 by Malte Juergens at 2023-10-21T21:24:39+02:00 Bug 1850200 - Add delay to HTTPS-Only "Continue to HTTPS Site" button r=freddyb Differential Revision: https://phabricator.services.mozilla.com/D187887 - - - - - 523a7efe by Andreas Pehrson at 2023-10-21T21:42:20+02:00 Bug 1851803 - Introduce SourceMediaTrack::mDirectDisabledMode. r=karlt Similar to MediaTrack::mDisabledMode, but this is for uses on the SourceMediaTrack producer thread. It is still signaled via a control message from the control thread to maintain order of operations, and is protected by the SourceMediaTrack mutex. Differential Revision: https://phabricator.services.mozilla.com/D187554 - - - - - c932accf by richard at 2023-10-23T11:42:18+00:00 Merge branch 'bug42191-confidential-issue' into 'tor-browser-115.4.0esr-13.0-1' Bug 42191: backports from 119 to esr115 See merge request ma1/tor-browser-confidential!4 - - - - - 18 changed files: - dom/cache/TypeUtils.cpp - dom/canvas/WebGLContextExtensions.cpp - dom/media/MediaTrackGraph.cpp - dom/media/MediaTrackGraph.h - gfx/2d/RecordedEventImpl.h - gfx/2d/RecordingTypes.h - netwerk/cookie/CookieCommons.cpp - testing/web-platform/meta/cookies/name/name-ctl.html.ini - − testing/web-platform/meta/service-workers/cache-storage/cache-put.https.any.js.ini - toolkit/components/httpsonlyerror/content/errorpage.html - toolkit/components/httpsonlyerror/content/errorpage.js - toolkit/components/search/OpenSearchEngine.sys.mjs - toolkit/components/search/SearchEngine.sys.mjs - toolkit/components/search/SearchUtils.sys.mjs - toolkit/components/search/tests/xpcshell/data/iconsRedirect.sjs - toolkit/components/search/tests/xpcshell/test_opensearch_icons_invalid.js - toolkit/components/search/tests/xpcshell/test_webextensions_install.js - toolkit/modules/RemotePageAccessManager.sys.mjs Changes: ===================================== dom/cache/TypeUtils.cpp ===================================== @@ -184,7 +184,7 @@ void TypeUtils::ToCacheResponseWithoutBody(CacheResponse& aOut, aOut.statusText() = aIn.GetUnfilteredStatusText(); RefPtr<InternalHeaders> headers = aIn.UnfilteredHeaders(); MOZ_DIAGNOSTIC_ASSERT(headers); - if (HasVaryStar(headers)) { + if (aIn.Type() != ResponseType::Opaque && HasVaryStar(headers)) { aRv.ThrowTypeError("Invalid Response object with a 'Vary: *' header."); return; } ===================================== dom/canvas/WebGLContextExtensions.cpp ===================================== @@ -17,15 +17,10 @@ namespace mozilla { const char* GetExtensionName(const WebGLExtensionID ext) { - static EnumeratedArray<WebGLExtensionID, WebGLExtensionID::Max, const char*> - sExtensionNamesEnumeratedArray; - static bool initialized = false; - - if (!initialized) { - initialized = true; - + switch (ext) { #define WEBGL_EXTENSION_IDENTIFIER(x) \ - sExtensionNamesEnumeratedArray[WebGLExtensionID::x] = #x; + case WebGLExtensionID::x: \ + return #x; WEBGL_EXTENSION_IDENTIFIER(ANGLE_instanced_arrays) WEBGL_EXTENSION_IDENTIFIER(EXT_blend_minmax) @@ -67,9 +62,11 @@ const char* GetExtensionName(const WebGLExtensionID ext) { WEBGL_EXTENSION_IDENTIFIER(WEBGL_provoking_vertex) #undef WEBGL_EXTENSION_IDENTIFIER - } - return sExtensionNamesEnumeratedArray[ext]; + case WebGLExtensionID::Max: + break; + } + MOZ_CRASH("bad WebGLExtensionID"); } // ---------------------------- ===================================== dom/media/MediaTrackGraph.cpp ===================================== @@ -145,6 +145,27 @@ class GraphKey final { nsTHashMap<nsGenericHashKey<GraphKey>, MediaTrackGraphImpl*> gGraphs; } // anonymous namespace +static void ApplyTrackDisabling(DisabledTrackMode aDisabledMode, + MediaSegment* aSegment, + MediaSegment* aRawSegment) { + if (aDisabledMode == DisabledTrackMode::ENABLED) { + return; + } + if (aDisabledMode == DisabledTrackMode::SILENCE_BLACK) { + aSegment->ReplaceWithDisabled(); + if (aRawSegment) { + aRawSegment->ReplaceWithDisabled(); + } + } else if (aDisabledMode == DisabledTrackMode::SILENCE_FREEZE) { + aSegment->ReplaceWithNull(); + if (aRawSegment) { + aRawSegment->ReplaceWithNull(); + } + } else { + MOZ_CRASH("Unsupported mode"); + } +} + MediaTrackGraphImpl::~MediaTrackGraphImpl() { MOZ_ASSERT(mTracks.IsEmpty() && mSuspendedTracks.IsEmpty(), "All tracks should have been destroyed by messages from the main " @@ -2421,6 +2442,7 @@ RefPtr<GenericPromise> MediaTrack::RemoveListener( void MediaTrack::AddDirectListenerImpl( already_AddRefed<DirectMediaTrackListener> aListener) { + MOZ_ASSERT(mGraph->OnGraphThread()); // Base implementation, for tracks that don't support direct track listeners. RefPtr<DirectMediaTrackListener> listener = aListener; listener->NotifyDirectListenerInstalled( @@ -2503,6 +2525,7 @@ void MediaTrack::RunAfterPendingUpdates( } void MediaTrack::SetDisabledTrackModeImpl(DisabledTrackMode aMode) { + MOZ_ASSERT(mGraph->OnGraphThread()); MOZ_DIAGNOSTIC_ASSERT( aMode == DisabledTrackMode::ENABLED || mDisabledMode == DisabledTrackMode::ENABLED, @@ -2531,22 +2554,8 @@ void MediaTrack::SetDisabledTrackMode(DisabledTrackMode aMode) { void MediaTrack::ApplyTrackDisabling(MediaSegment* aSegment, MediaSegment* aRawSegment) { - if (mDisabledMode == DisabledTrackMode::ENABLED) { - return; - } - if (mDisabledMode == DisabledTrackMode::SILENCE_BLACK) { - aSegment->ReplaceWithDisabled(); - if (aRawSegment) { - aRawSegment->ReplaceWithDisabled(); - } - } else if (mDisabledMode == DisabledTrackMode::SILENCE_FREEZE) { - aSegment->ReplaceWithNull(); - if (aRawSegment) { - aRawSegment->ReplaceWithNull(); - } - } else { - MOZ_CRASH("Unsupported mode"); - } + MOZ_ASSERT(mGraph->OnGraphThread()); + mozilla::ApplyTrackDisabling(mDisabledMode, aSegment, aRawSegment); } void MediaTrack::AddMainThreadListener( @@ -2866,7 +2875,7 @@ TrackTime SourceMediaTrack::AppendData(MediaSegment* aSegment, // Apply track disabling before notifying any consumers directly // or inserting into the graph - ApplyTrackDisabling(aSegment, aRawSegment); + mozilla::ApplyTrackDisabling(mDirectDisabledMode, aSegment, aRawSegment); ResampleAudioToGraphSampleRate(aSegment); @@ -2910,6 +2919,7 @@ void SourceMediaTrack::NotifyDirectConsumers(MediaSegment* aSegment) { void SourceMediaTrack::AddDirectListenerImpl( already_AddRefed<DirectMediaTrackListener> aListener) { + MOZ_ASSERT(mGraph->OnGraphThread()); MutexAutoLock lock(mMutex); RefPtr<DirectMediaTrackListener> listener = aListener; @@ -2979,6 +2989,7 @@ void SourceMediaTrack::AddDirectListenerImpl( void SourceMediaTrack::RemoveDirectListenerImpl( DirectMediaTrackListener* aListener) { + mGraph->AssertOnGraphThreadOrNotRunning(); MutexAutoLock lock(mMutex); for (int32_t i = mDirectTrackListeners.Length() - 1; i >= 0; --i) { const RefPtr<DirectMediaTrackListener>& l = mDirectTrackListeners[i]; @@ -3008,17 +3019,20 @@ void SourceMediaTrack::End() { } void SourceMediaTrack::SetDisabledTrackModeImpl(DisabledTrackMode aMode) { + MOZ_ASSERT(mGraph->OnGraphThread()); { MutexAutoLock lock(mMutex); + const DisabledTrackMode oldMode = mDirectDisabledMode; + const bool oldEnabled = oldMode == DisabledTrackMode::ENABLED; + const bool enabled = aMode == DisabledTrackMode::ENABLED; + mDirectDisabledMode = aMode; for (const auto& l : mDirectTrackListeners) { - DisabledTrackMode oldMode = mDisabledMode; - bool oldEnabled = oldMode == DisabledTrackMode::ENABLED; - if (!oldEnabled && aMode == DisabledTrackMode::ENABLED) { + if (!oldEnabled && enabled) { LOG(LogLevel::Debug, ("%p: SourceMediaTrack %p setting " "direct listener enabled", GraphImpl(), this)); l->DecreaseDisabled(oldMode); - } else if (oldEnabled && aMode != DisabledTrackMode::ENABLED) { + } else if (oldEnabled && !enabled) { LOG(LogLevel::Debug, ("%p: SourceMediaTrack %p setting " "direct listener disabled", GraphImpl(), this)); ===================================== dom/media/MediaTrackGraph.h ===================================== @@ -652,18 +652,8 @@ class SourceMediaTrack : public MediaTrack { */ void End(); - // Overriding allows us to hold the mMutex lock while changing the track - // enable status void SetDisabledTrackModeImpl(DisabledTrackMode aMode) override; - // Overriding allows us to ensure mMutex is locked while changing the track - // enable status - void ApplyTrackDisabling(MediaSegment* aSegment, - MediaSegment* aRawSegment = nullptr) override { - mMutex.AssertCurrentThreadOwns(); - MediaTrack::ApplyTrackDisabling(aSegment, aRawSegment); - } - uint32_t NumberOfChannels() const override; void RemoveAllDirectListenersImpl() override; @@ -742,6 +732,11 @@ class SourceMediaTrack : public MediaTrack { // protected by mMutex float mVolume MOZ_GUARDED_BY(mMutex) = 1.0; UniquePtr<TrackData> mUpdateTrack MOZ_GUARDED_BY(mMutex); + // This track's associated disabled mode for uses on the producing thread. + // It can either by disabled by frames being replaced by black, or by + // retaining the previous frame. + DisabledTrackMode mDirectDisabledMode MOZ_GUARDED_BY(mMutex) = + DisabledTrackMode::ENABLED; nsTArray<RefPtr<DirectMediaTrackListener>> mDirectTrackListeners MOZ_GUARDED_BY(mMutex); }; ===================================== gfx/2d/RecordedEventImpl.h ===================================== @@ -65,7 +65,7 @@ class RecordedDrawTargetCreation BackendType mBackendType; IntRect mRect; SurfaceFormat mFormat; - bool mHasExistingData; + bool mHasExistingData = false; RefPtr<SourceSurface> mExistingData; private: ===================================== gfx/2d/RecordingTypes.h ===================================== @@ -24,6 +24,28 @@ struct ElementStreamFormat { aStream.read(reinterpret_cast<char*>(&aElement), sizeof(T)); } }; +template <class S> +struct ElementStreamFormat<S, bool> { + static void Write(S& aStream, const bool& aElement) { + char boolChar = aElement ? '\x01' : '\x00'; + aStream.write(&boolChar, sizeof(boolChar)); + } + static void Read(S& aStream, bool& aElement) { + char boolChar; + aStream.read(&boolChar, sizeof(boolChar)); + switch (boolChar) { + case '\x00': + aElement = false; + break; + case '\x01': + aElement = true; + break; + default: + aStream.SetIsBad(); + break; + } + } +}; template <class S, class T> void WriteElement(S& aStream, const T& aElement) { ===================================== netwerk/cookie/CookieCommons.cpp ===================================== @@ -200,9 +200,9 @@ bool CookieCommons::CheckNameAndValueSize(const CookieStruct& aCookieData) { bool CookieCommons::CheckName(const CookieStruct& aCookieData) { const char illegalNameCharacters[] = { - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, - 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x00}; + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x3B, 0x3D, 0x7F, 0x00}; const auto* start = aCookieData.name().BeginReading(); const auto* end = aCookieData.name().EndReading(); ===================================== testing/web-platform/meta/cookies/name/name-ctl.html.ini ===================================== @@ -11,36 +11,6 @@ [Cookie with %xd in name is rejected (DOM).] expected: FAIL - [Cookie with %x7f in name is rejected (DOM).] - expected: FAIL - - [Cookie with %x0 in name is rejected or modified (HTTP).] - expected: FAIL - - [Cookie with %x1 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x2 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x3 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x4 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x5 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x6 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x7 in name is rejected (HTTP).] - expected: FAIL - - [Cookie with %x8 in name is rejected (HTTP).] - expected: FAIL - [Cookie with %x9 in name is accepted (HTTP).] expected: FAIL ===================================== testing/web-platform/meta/service-workers/cache-storage/cache-put.https.any.js.ini deleted ===================================== @@ -1,26 +0,0 @@ -[cache-put.https.any.serviceworker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.sharedworker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL - - -[cache-put.https.any.worker.html] - expected: - if (os == "android") and fission: [OK, TIMEOUT] - [Cache.put with a VARY:* opaque response should not reject] - expected: FAIL ===================================== toolkit/components/httpsonlyerror/content/errorpage.html ===================================== @@ -67,6 +67,7 @@ <button id="openInsecure" data-l10n-id="about-httpsonly-button-continue-to-site" + inert ></button> </div> <div class="suggestion-box" hidden> ===================================== toolkit/components/httpsonlyerror/content/errorpage.js ===================================== @@ -34,6 +34,11 @@ function initPage() { .getElementById("openInsecure") .addEventListener("click", onOpenInsecureButtonClick); + const delay = RPMGetIntPref("security.dialog_enable_delay", 1000); + setTimeout(() => { + document.getElementById("openInsecure").removeAttribute("inert"); + }, delay); + if (window.top == window) { document .getElementById("goBack") ===================================== toolkit/components/search/OpenSearchEngine.sys.mjs ===================================== @@ -144,7 +144,12 @@ export class OpenSearchEngine extends SearchEngine { lazy.logConsole.debug("_install: Downloading engine from:", loadURI.spec); - var chan = lazy.SearchUtils.makeChannel(loadURI); + var chan = lazy.SearchUtils.makeChannel( + loadURI, + // OpenSearchEngine is loading a definition file for a search engine, + // TYPE_DOCUMENT captures that load best + Ci.nsIContentPolicy.TYPE_DOCUMENT + ); if (this._engineToUpdate && chan instanceof Ci.nsIHttpChannel) { var lastModified = this._engineToUpdate.getAttr("updatelastmodified"); ===================================== toolkit/components/search/SearchEngine.sys.mjs ===================================== @@ -821,7 +821,10 @@ export class SearchEngine { this._hasPreferredIcon = isPreferred; }; - let chan = lazy.SearchUtils.makeChannel(uri); + let chan = lazy.SearchUtils.makeChannel( + uri, + Ci.nsIContentPolicy.TYPE_IMAGE + ); let listener = new lazy.SearchUtils.LoadListener( chan, /^image\//, ===================================== toolkit/components/search/SearchUtils.sys.mjs ===================================== @@ -248,19 +248,24 @@ export var SearchUtils = { * * @param {string|nsIURI} url * The URL string from which to create an nsIChannel. + * @param {nsIContentPolicy} contentPolicyType + * The type of document being loaded. * @returns {nsIChannel} * an nsIChannel object, or null if the url is invalid. */ - makeChannel(url) { + makeChannel(url, contentPolicyType) { + if (!contentPolicyType) { + throw new Error("makeChannel called with invalid content policy type"); + } try { let uri = typeof url == "string" ? Services.io.newURI(url) : url; return Services.io.newChannelFromURI( uri, null /* loadingNode */, - Services.scriptSecurityManager.getSystemPrincipal(), + Services.scriptSecurityManager.createNullPrincipal({}), null /* triggeringPrincipal */, Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, - Ci.nsIContentPolicy.TYPE_OTHER + contentPolicyType ); } catch (ex) {} ===================================== toolkit/components/search/tests/xpcshell/data/iconsRedirect.sjs ===================================== @@ -10,7 +10,7 @@ function handleRequest(request, response) { response.setStatusLine("1.1", 302, "Moved"); if (request.queryString == "type=invalid") { response.setHeader("Content-Type", "image/png", false); - response.setHeader("Location", "engine.xml", false); + response.setHeader("Location", "/head_search.js", false); } else { response.setHeader("Content-Type", "text/html", false); response.setHeader("Location", "remoteIcon.ico", false); ===================================== toolkit/components/search/tests/xpcshell/test_opensearch_icons_invalid.js ===================================== @@ -12,9 +12,11 @@ add_task(async function setup() { }); add_task(async function test_installedresourceicon() { + // Attempts to load a resource:// url as an icon. let engine1 = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}opensearch/resourceicon.xml`, }); + // Attempts to load a chrome:// url as an icon. let engine2 = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}opensearch/chromeicon.xml`, }); @@ -32,12 +34,13 @@ add_task(async function test_installedhttpplace() { // The easiest way to test adding the icon is via a generated xml, otherwise // we have to somehow insert the address of the server into it. + // Attempts to load a non-image page into an image icon. let engine = await SearchTestUtils.promiseNewSearchEngine({ url: `${gDataUrl}data/engineMaker.sjs?` + JSON.stringify({ baseURL: gDataUrl, - image: "opensearch/resourceicon.xml", + image: "head_search.js", name: "invalidicon", method: "GET", }), ===================================== toolkit/components/search/tests/xpcshell/test_webextensions_install.js ===================================== @@ -5,6 +5,8 @@ const { promiseShutdownManager, promiseStartupManager } = AddonTestUtils; +let gBaseUrl; + async function getEngineNames() { let engines = await Services.search.getEngines(); return engines.map(engine => engine._name); @@ -13,6 +15,8 @@ async function getEngineNames() { add_task(async function setup() { let server = useHttpServer(); server.registerContentType("sjs", "sjs"); + gBaseUrl = `http://localhost:${server.identity.primaryPort}/`; + await SearchTestUtils.useTestEngines("test-extensions"); await promiseStartupManager(); @@ -132,7 +136,7 @@ add_task(async function test_load_favicon_invalid() { // User installs a new search engine let extension = await SearchTestUtils.installSearchExtension( { - favicon_url: `${gDataUrl}engine.xml`, + favicon_url: `${gBaseUrl}/head_search.js`, }, { skipUnload: true } ); ===================================== toolkit/modules/RemotePageAccessManager.sys.mjs ===================================== @@ -66,6 +66,7 @@ export let RemotePageAccessManager = { }, "about:httpsonlyerror": { RPMGetFormatURLPref: ["app.support.baseURL"], + RPMGetIntPref: ["security.dialog_enable_delay"], RPMSendAsyncMessage: ["goBack", "openInsecure"], RPMAddMessageListener: ["WWWReachable"], RPMTryPingSecureWWWLink: ["*"], View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/466147… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/466147… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.4.0esr-13.0-1] fixup! Bug 40926: Implemented the New Identity feature
by ma1 (＠ma1) 20 Oct '23

20 Oct '23

ma1 pushed to branch mullvad-browser-115.4.0esr-13.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 7898b29a by hackademix at 2023-10-20T15:46:41+02:00 fixup! Bug 40926: Implemented the New Identity feature Bug 42182: avoid reloading any search engine extension. - - - - - 1 changed file: - browser/components/newidentity/content/newidentity.js Changes: ===================================== browser/components/newidentity/content/newidentity.js ===================================== @@ -415,10 +415,13 @@ XPCOMUtils.defineLazyGetter(this, "NewIdentityButton", () => { async reloadAddons() { logger.info("Reloading add-ons to clear their temporary state."); // Reload all active extensions except search engines, which would throw. - const addons = ( - await AddonManager.getAddonsByTypes(["extension"]) - ).filter(a => a.isActive && !a.id.endsWith("@search.mozilla.org")); - await Promise.all(addons.map(a => a.reload())); + const addons = await AddonManager.getAddonsByTypes(["extension"]); + const isSearchEngine = async addon => + (await (await fetch(addon.getResourceURI("manifest.json").spec)).json()) + ?.chrome_settings_overrides?.search_provider; + const reloadIfNeeded = async addon => + addon.isActive && !(await isSearchEngine(addon)) && addon.reload(); + await Promise.all(addons.map(addon => reloadIfNeeded(addon))); } // Broadcast as a hook to clear other data View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/789… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/789… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.4.0esr-13.0-1] fixup! Bug 40926: Implemented the New Identity feature
by ma1 (＠ma1) 20 Oct '23

20 Oct '23

ma1 pushed to branch base-browser-115.4.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: a78a919d by hackademix at 2023-10-20T15:45:50+02:00 fixup! Bug 40926: Implemented the New Identity feature Bug 42182: avoid reloading any search engine extension. - - - - - 1 changed file: - browser/components/newidentity/content/newidentity.js Changes: ===================================== browser/components/newidentity/content/newidentity.js ===================================== @@ -415,10 +415,13 @@ XPCOMUtils.defineLazyGetter(this, "NewIdentityButton", () => { async reloadAddons() { logger.info("Reloading add-ons to clear their temporary state."); // Reload all active extensions except search engines, which would throw. - const addons = ( - await AddonManager.getAddonsByTypes(["extension"]) - ).filter(a => a.isActive && !a.id.endsWith("@search.mozilla.org")); - await Promise.all(addons.map(a => a.reload())); + const addons = await AddonManager.getAddonsByTypes(["extension"]); + const isSearchEngine = async addon => + (await (await fetch(addon.getResourceURI("manifest.json").spec)).json()) + ?.chrome_settings_overrides?.search_provider; + const reloadIfNeeded = async addon => + addon.isActive && !(await isSearchEngine(addon)) && addon.reload(); + await Promise.all(addons.map(addon => reloadIfNeeded(addon))); } // Broadcast as a hook to clear other data View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a78a919… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a78a919… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.0-1] fixup! Bug 40926: Implemented the New Identity feature
by ma1 (＠ma1) 20 Oct '23

20 Oct '23

ma1 pushed to branch tor-browser-115.4.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 46614757 by hackademix at 2023-10-20T15:38:29+02:00 fixup! Bug 40926: Implemented the New Identity feature Bug 42182: avoid reloading any search engine extension. - - - - - 1 changed file: - browser/components/newidentity/content/newidentity.js Changes: ===================================== browser/components/newidentity/content/newidentity.js ===================================== @@ -415,10 +415,13 @@ XPCOMUtils.defineLazyGetter(this, "NewIdentityButton", () => { async reloadAddons() { logger.info("Reloading add-ons to clear their temporary state."); // Reload all active extensions except search engines, which would throw. - const addons = ( - await AddonManager.getAddonsByTypes(["extension"]) - ).filter(a => a.isActive && !a.id.endsWith("@search.mozilla.org")); - await Promise.all(addons.map(a => a.reload())); + const addons = await AddonManager.getAddonsByTypes(["extension"]); + const isSearchEngine = async addon => + (await (await fetch(addon.getResourceURI("manifest.json").spec)).json()) + ?.chrome_settings_overrides?.search_provider; + const reloadIfNeeded = async addon => + addon.isActive && !(await isSearchEngine(addon)) && addon.reload(); + await Promise.all(addons.map(addon => reloadIfNeeded(addon))); } // Broadcast as a hook to clear other data View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4661475… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4661475… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 40989: Add .nobackup files to reproducible and disposable directories
by boklm (＠boklm) 20 Oct '23

20 Oct '23

boklm pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 6fdfa43f by Richard Pospesel at 2023-10-20T08:18:52+02:00 Bug 40989: Add .nobackup files to reproducible and disposable directories - - - - - 7 changed files: - + git_clones/.nobackup - + hg_clones/.nobackup - + mullvadbrowser/.nobackup - + out/.nobackup - + testbuild/.nobackup - + tmp/.nobackup - + torbrowser/.nobackup Changes: ===================================== git_clones/.nobackup ===================================== ===================================== hg_clones/.nobackup ===================================== ===================================== mullvadbrowser/.nobackup ===================================== ===================================== out/.nobackup ===================================== ===================================== testbuild/.nobackup ===================================== ===================================== tmp/.nobackup ===================================== ===================================== torbrowser/.nobackup ===================================== View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40989: Add .nobackup files to reproducible and disposable directories
by boklm (＠boklm) 20 Oct '23

20 Oct '23

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 6ed1f805 by Richard Pospesel at 2023-10-19T21:08:33+00:00 Bug 40989: Add .nobackup files to reproducible and disposable directories - - - - - 7 changed files: - + git_clones/.nobackup - + hg_clones/.nobackup - + mullvadbrowser/.nobackup - + out/.nobackup - + testbuild/.nobackup - + tmp/.nobackup - + torbrowser/.nobackup Changes: ===================================== git_clones/.nobackup ===================================== ===================================== hg_clones/.nobackup ===================================== ===================================== mullvadbrowser/.nobackup ===================================== ===================================== out/.nobackup ===================================== ===================================== testbuild/.nobackup ===================================== ===================================== tmp/.nobackup ===================================== ===================================== torbrowser/.nobackup ===================================== View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.5-1] 2 commits: fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
by ma1 (＠ma1) 19 Oct '23

19 Oct '23

ma1 pushed to branch tor-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 365b399d by Henry Wilkes at 2023-10-19T16:09:40+01:00 fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser Bug 42184: Make torconnect redirect compatible with blank home page. - - - - - 8982a325 by Henry Wilkes at 2023-10-19T16:09:41+01:00 fixup! Bug 40597: Implement TorSettings module Bug 42184: Split out URI fixup logic to fixupURIs and simplify. This method is used in TorConnectParent to fixup the home page preference. - - - - - 4 changed files: - browser/components/torconnect/TorConnectChild.sys.mjs - browser/components/torconnect/TorConnectParent.sys.mjs - browser/components/torconnect/content/aboutTorConnect.js - browser/modules/TorConnect.sys.mjs Changes: ===================================== browser/components/torconnect/TorConnectChild.sys.mjs ===================================== @@ -2,4 +2,78 @@ import { RemotePageChild } from "resource://gre/actors/RemotePageChild.sys.mjs"; -export class TorConnectChild extends RemotePageChild {} +export class TorConnectChild extends RemotePageChild { + /** + * Whether we have redirected the page (after bootstrapping) or not. + * + * @type {boolean} + */ + #redirected = false; + + /** + * If bootstrapping is complete, or TorConnect is disabled, we redirect the + * page. + */ + async #maybeRedirect() { + if (await this.sendQuery("torconnect:should-show")) { + // Enabled and not yet bootstrapped. + return; + } + if (this.#redirected) { + return; + } + this.#redirected = true; + + const redirect = new URLSearchParams( + new URL(this.contentWindow.document.location.href).search + ).get("redirect"); + + // Fallback in error cases: + let replaceURI = "about:tor"; + try { + const url = new URL( + redirect + ? decodeURIComponent(redirect) + : // NOTE: We expect no redirect when address is entered manually, or + // about:torconnect is opened from preferences or urlbar. + // Go to the home page. + await this.sendQuery("torconnect:home-page") + ); + // Do not allow javascript URI. See tor-browser#41766 + if ( + ["about:", "file:", "https:", "http:"].includes(url.protocol) || + // Allow blank page. See tor-browser#42184. + // Blank page's are given as a chrome URL rather than "about:blank". + url.href === "chrome://browser/content/blanktab.html" + ) { + replaceURI = url.href; + } else { + console.error(`Scheme is not allowed "${redirect}"`); + } + } catch { + console.error(`Invalid redirect URL "${redirect}"`); + } + + // Replace the destination to prevent "about:torconnect" entering the + // history. + // NOTE: This is done here, in the window actor, rather than in content + // because we have the privilege to redirect to a "chrome:" uri here (for + // when the HomePage is set to be blank). + this.contentWindow.location.replace(replaceURI); + } + + actorCreated() { + super.actorCreated(); + // about:torconnect could need to be immediately redirected. E.g. if it is + // reached after bootstrapping. + this.#maybeRedirect(); + } + + receiveMessage(message) { + super.receiveMessage(message); + + if (message.name === "torconnect:state-change") { + this.#maybeRedirect(); + } + } +} ===================================== browser/components/torconnect/TorConnectParent.sys.mjs ===================================== @@ -1,5 +1,7 @@ // Copyright (c) 2021, The Tor Project, Inc. +import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs"; + const { TorStrings } = ChromeUtils.import("resource:///modules/TorStrings.jsm"); import { InternetStatus, @@ -15,6 +17,12 @@ import { const BroadcastTopic = "about-torconnect:broadcast"; +const lazy = {}; + +XPCOMUtils.defineLazyModuleGetters(lazy, { + HomePage: "resource:///modules/HomePage.jsm", +}); + /* This object is basically a marshalling interface between the TorConnect module and a particular about:torconnect page @@ -167,6 +175,11 @@ export class TorConnectParent extends JSWindowActorParent { async receiveMessage(message) { switch (message.name) { + case "torconnect:should-show": + return Promise.resolve(TorConnect.shouldShowTorConnect); + case "torconnect:home-page": + // If there are multiple home pages, just load the first one. + return Promise.resolve(TorConnect.fixupURIs(lazy.HomePage.get())[0]); case "torconnect:set-quickstart": TorSettings.quickstart.enabled = message.data; TorSettings.saveToPrefs().applySettings(); ===================================== browser/components/torconnect/content/aboutTorConnect.js ===================================== @@ -136,10 +136,6 @@ class AboutTorConnect { tryBridgeButton: document.querySelector(this.selectors.buttons.tryBridge), }); - // a redirect url can be passed as a query parameter for the page to - // forward us to once bootstrap completes (otherwise the window will just close) - redirect = null; - uiState = { currentState: UIStates.ConnectToTor, allowAutomaticLocation: true, @@ -425,11 +421,6 @@ class AboutTorConnect { this.setLongText(TorStrings.settings.torPreferencesDescription); this.setProgress("", showProgressbar, 100); this.hideButtons(); - - // redirects page to the requested redirect url, removes about:torconnect - // from the page stack, so users cannot accidentally go 'back' to the - // now unresponsive page - window.location.replace(this.redirect); } update_Disabled(state) { @@ -822,23 +813,6 @@ class AboutTorConnect { } async init() { - // if the user gets here manually or via the button in the urlbar - // then we will redirect to about:tor - this.redirect = "about:tor"; - - // see if a user has a final destination after bootstrapping - let params = new URLSearchParams(new URL(document.location.href).search); - if (params.has("redirect")) { - try { - const redirect = new URL(decodeURIComponent(params.get("redirect"))); - if (/^(?:https?|about):$/.test(redirect.protocol)) { - this.redirect = redirect.href; - } - } catch (e) { - console.error(e, `Invalid redirect URL "${params.get("redirect")}"!`); - } - } - let args = await RPMSendQuery("torconnect:get-init-args"); // various constants ===================================== browser/modules/TorConnect.sys.mjs ===================================== @@ -1156,67 +1156,54 @@ export const TorConnect = (() => { return `about:torconnect?redirect=${encodeURIComponent(url)}`; }, + /** + * Convert the given object into a list of valid URIs. + * + * The object is either from the user's homepage preference (which may + * contain multiple domains separated by "|") or uris passed to the browser + * via command-line. + * + * @param {string|string[]} uriVariant - The string to extract uris from. + * + * @return {string[]} - The array of uris found. + */ + fixupURIs(uriVariant) { + let uriArray; + if (typeof uriVariant === "string") { + uriArray = uriVariant.split("|"); + } else if ( + Array.isArray(uriVariant) && + uriVariant.every(entry => typeof entry === "string") + ) { + uriArray = uriVariant; + } else { + // about:tor as safe fallback + console.error( + `TorConnect: received unknown variant '${JSON.stringify(uriVariant)}'` + ); + uriArray = ["about:tor"]; + } + + // Attempt to convert user-supplied string to a uri, fallback to + // about:tor if cannot convert to valid uri object + return uriArray.map( + uriString => + Services.uriFixup.getFixupURIInfo( + uriString, + Ci.nsIURIFixup.FIXUP_FLAG_NONE + ).preferredURI?.spec ?? "about:tor" + ); + }, + // called from browser.js on browser startup, passed in either the user's homepage(s) // or uris passed via command-line; we want to replace them with about:torconnect uris // which redirect after bootstrapping getURIsToLoad(uriVariant) { - // convert the object we get from browser.js - let uriStrings = (v => { - // an interop array - if (v instanceof Ci.nsIArray) { - // Transform the nsIArray of nsISupportsString's into a JS Array of - // JS strings. - return Array.from( - v.enumerate(Ci.nsISupportsString), - supportStr => supportStr.data - ); - // an interop string - } else if (v instanceof Ci.nsISupportsString) { - return [v.data]; - // a js string - } else if (typeof v === "string") { - return v.split("|"); - // a js array of js strings - } else if ( - Array.isArray(v) && - v.reduce((allStrings, entry) => { - return allStrings && typeof entry === "string"; - }, true) - ) { - return v; - } - // about:tor as safe fallback - console.log( - `TorConnect: getURIsToLoad() received unknown variant '${JSON.stringify( - v - )}'` - ); - return ["about:tor"]; - })(uriVariant); - - // will attempt to convert user-supplied string to a uri, fallback to about:tor if cannot convert - // to valid uri object - let uriStringToUri = uriString => { - const fixupFlags = Ci.nsIURIFixup.FIXUP_FLAG_NONE; - let uri = Services.uriFixup.getFixupURIInfo( - uriString, - fixupFlags - ).preferredURI; - return uri ? uri : Services.io.newURI("about:tor"); - }; - let uris = uriStrings.map(uriStringToUri); - - // assume we have a valid uri and generate an about:torconnect redirect uri - let redirectUrls = uris.map(uri => this.getRedirectURL(uri.spec)); - + const uris = this.fixupURIs(uriVariant); console.log( - `TorConnect: Will load after bootstrap => [${uris - .map(uri => { - return uri.spec; - }) - .join(", ")}]` + `TorConnect: Will load after bootstrap => [${uris.join(", ")}]` ); - return redirectUrls; + return uris.map(uri => this.getRedirectURL(uri)); }, }; return retval; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ef3a54… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ef3a54… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 2 commits: Bug 40983: Bump versions for 13.5.
by Pier Angelo Vendrame (＠pierov) 19 Oct '23

19 Oct '23

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 04fb18b1 by Pier Angelo Vendrame at 2023-10-19T09:16:51+02:00 Bug 40983: Bump versions for 13.5. Also, update the MB extension, that was updated only on the 13.0 branch. - - - - - 6c469013 by Pier Angelo Vendrame at 2023-10-19T09:16:57+02:00 Revert "Bug 40933: Add symlinks to have incrementals between 12.5.x and 13.0" This reverts commit a21969281d18941b69a94b994b0797f8b88ad45f. We do not need it anymore, because the latest alphas already used the new naming scheme. - - - - - 8 changed files: - Makefile - projects/browser/config - projects/firefox-android/config - projects/firefox/config - projects/geckoview/config - projects/release/config - − projects/release/link_old_mar_filenames - rbm.conf Changes: ===================================== Makefile ===================================== @@ -183,7 +183,6 @@ torbrowser-testbuild-src: submodule-update torbrowser-incrementals-release: submodule-update $(rbm) build release --step update_responses_config --target release --target create_unsigned_incrementals --target torbrowser tools/update-responses/download_missing_versions release - $(rbm) build release --step link_old_mar_filenames --target release --target torbrowser tools/update-responses/gen_incrementals release $(rbm) build release --step hash_incrementals --target release --target torbrowser @@ -196,7 +195,6 @@ torbrowser-incrementals-release-unsigned: submodule-update torbrowser-incrementals-alpha: submodule-update $(rbm) build release --step update_responses_config --target alpha --target create_unsigned_incrementals --target torbrowser tools/update-responses/download_missing_versions alpha - $(rbm) build release --step link_old_mar_filenames --target alpha --target torbrowser tools/update-responses/gen_incrementals alpha $(rbm) build release --step hash_incrementals --target alpha --target torbrowser @@ -223,14 +221,12 @@ torbrowser-dmg2mar-release: submodule-update $(rbm) build release --step update_responses_config --target release --target signed --target torbrowser $(rbm) build release --step dmg2mar --target release --target signed --target torbrowser tools/update-responses/download_missing_versions release - $(rbm) build release --step link_old_mar_filenames --target release --target torbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals release torbrowser-dmg2mar-alpha: submodule-update $(rbm) build release --step update_responses_config --target alpha --target signed --target torbrowser $(rbm) build release --step dmg2mar --target alpha --target signed --target torbrowser tools/update-responses/download_missing_versions alpha - $(rbm) build release --step link_old_mar_filenames --target alpha --target torbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha @@ -515,7 +511,6 @@ mullvadbrowser-testbuild-src: submodule-update mullvadbrowser-incrementals-release: submodule-update $(rbm) build release --step update_responses_config --target release --target create_unsigned_incrementals --target mullvadbrowser tools/update-responses/download_missing_versions release - $(rbm) build release --step link_old_mar_filenames --target release --target mullvadbrowser tools/update-responses/gen_incrementals release $(rbm) build release --step hash_incrementals --target release --target mullvadbrowser @@ -528,7 +523,6 @@ mullvadbrowser-incrementals-release-unsigned: submodule-update mullvadbrowser-incrementals-alpha: submodule-update $(rbm) build release --step update_responses_config --target alpha --target create_unsigned_incrementals --target mullvadbrowser tools/update-responses/download_missing_versions alpha - $(rbm) build release --step link_old_mar_filenames --target alpha --target mullvadbrowser tools/update-responses/gen_incrementals alpha $(rbm) build release --step hash_incrementals --target alpha --target mullvadbrowser @@ -555,14 +549,12 @@ mullvadbrowser-dmg2mar-release: submodule-update $(rbm) build release --step update_responses_config --target release --target signed --target mullvadbrowser $(rbm) build release --step dmg2mar --target release --target signed --target mullvadbrowser tools/update-responses/download_missing_versions release - $(rbm) build release --step link_old_mar_filenames --target release --target mullvadbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals release mullvadbrowser-dmg2mar-alpha: submodule-update $(rbm) build release --step update_responses_config --target alpha --target signed --target mullvadbrowser $(rbm) build release --step dmg2mar --target alpha --target signed --target mullvadbrowser tools/update-responses/download_missing_versions alpha - $(rbm) build release --step link_old_mar_filenames --target alpha --target mullvadbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha ===================================== projects/browser/config ===================================== @@ -95,9 +95,9 @@ input_files: name: ublock-origin sha256sum: e8ee3f9d597a6d42db9d73fe87c1d521de340755fd8bfdd69e41623edfe096d6 enable: '[% c("var/mullvad-browser") %]' - - URL: https://github.com/mullvad/browser-extension/releases/download/v0.8.3-firef… + - URL: https://cdn.mullvad.net/browser-extension/0.8.4/mullvad-browser-extension-0… name: mullvad-extension - sha256sum: e531ce6e809091eb40848874ea9e695bce61196397b6d8238ab582a152e02ac7 + sha256sum: a0057a37482e178331cde7a6fd3c100315fcfc26e804aa37c9281f412d24cb79 enable: '[% c("var/mullvad-browser") %]' - filename: 'gtk3-settings.ini' enable: '[% c("var/linux") %]' ===================================== projects/firefox-android/config ===================================== @@ -15,8 +15,8 @@ container: var: fenix_version: 115.2.1 - browser_branch: 13.0-1 - browser_build: 5 + browser_branch: 13.5-1 + browser_build: 1 variant: Beta # This should be updated when the list of gradle dependencies is changed. gradle_dependencies_version: 1 ===================================== projects/firefox/config ===================================== @@ -14,11 +14,11 @@ container: use_container: 1 var: - firefox_platform_version: 115.3.0 + firefox_platform_version: 115.4.0 firefox_version: '[% c("var/firefox_platform_version") %]esr' - browser_series: '13.0' + browser_series: '13.5' browser_branch: '[% c("var/browser_series") %]-1' - browser_build: 3 + browser_build: 1 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' ===================================== projects/geckoview/config ===================================== @@ -14,9 +14,9 @@ container: use_container: 1 var: - geckoview_version: 115.3.0esr - browser_branch: 13.0-1 - browser_build: 3 + geckoview_version: 115.4.0esr + browser_branch: 13.5-1 + browser_build: 1 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' ===================================== projects/release/config ===================================== @@ -243,11 +243,6 @@ steps: debug: 0 input_files: [] update_responses_config: '[% INCLUDE update_responses_config %]' - link_old_mar_filenames: - build_log: '-' - debug: 0 - input_files: [] - link_old_mar_filenames: '[% INCLUDE link_old_mar_filenames %]' create_update_responses_tar: build_log: '-' debug: 0 ===================================== projects/release/link_old_mar_filenames deleted ===================================== @@ -1,19 +0,0 @@ -#!/bin/bash -[% c("var/set_default_env") -%] -# This script is for #40933: -# Fix generating incrementals between 12.5.x and 13.0 -[% FOREACH version = c("var/torbrowser_incremental_from") %] - cd [% shell_quote(path(dest_dir)) %]/[% IF c("var/unsigned_releases_dir") %]un[% END %]signed/[% version %] - test -e [% c("var/project-name") %]-linux-i686-[% version %]_ALL.mar || \ - ln -s [% c("var/project-name") %]-linux32-[% version %]_ALL.mar \ - [% c("var/project-name") %]-linux-i686-[% version %]_ALL.mar - test -e [% c("var/project-name") %]-linux-x86_64-[% version %]_ALL.mar || \ - ln -s [% c("var/project-name") %]-linux64-[% version %]_ALL.mar \ - [% c("var/project-name") %]-linux-x86_64-[% version %]_ALL.mar - test -e [% c("var/project-name") %]-windows-i686-[% version %]_ALL.mar || \ - ln -s [% c("var/project-name") %]-win32-[% version %]_ALL.mar \ - [% c("var/project-name") %]-windows-i686-[% version %]_ALL.mar - test -e [% c("var/project-name") %]-windows-x86_64-[% version %]_ALL.mar || \ - ln -s [% c("var/project-name") %]-win64-[% version %]_ALL.mar \ - [% c("var/project-name") %]-windows-x86_64-[% version %]_ALL.mar -[% END -%] ===================================== rbm.conf ===================================== @@ -81,12 +81,12 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '13.0a6' + torbrowser_version: '13.5a1' torbrowser_build: 'build1' torbrowser_incremental_from: - - '13.0a3' - '13.0a4' - '13.0a5' + - '13.0a6' updater_enabled: 1 build_mar: 1 mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.4.0esr-13.5-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by richard (＠richard) 18 Oct '23

18 Oct '23

richard pushed to branch mullvad-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 68ee3400 by hackademix at 2023-10-18T21:27:57+00:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42154: empty clipboard content from private windows on exit. - - - - - 2 changed files: - browser/app/profile/001-base-profile.js - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -87,6 +87,9 @@ pref("browser.sessionstore.resume_from_crash", false); // Also not needed in PBM at the moment. pref("browser.pagethumbnails.capturing_disabled", true); +// Empty clipboard content from private windows on exit (tor-browser#42154) +pref("browser.privatebrowsing.preserveClipboard", false); + // Enable HTTPS-Only mode (tor-browser#19850) pref("dom.security.https_only_mode", true); // The previous pref automatically sets this to true (see StaticPrefList.yaml), ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -148,6 +148,119 @@ const PRIVATE_BROWSING_EXE_ICON_INDEX = 1; const PREF_PRIVATE_BROWSING_SHORTCUT_CREATED = "browser.privacySegmentation.createdShortcut"; +// Empty clipboard content from private windows on exit +// (tor-browser#42154) +const ClipboardPrivacy = { + _lastClipboardHash: null, + _globalActivation: false, + _isPrivateClipboard: false, + _hasher: null, + + _computeClipboardHash(win = Services.ww.activeWindow) { + const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( + Ci.nsITransferable + ); + trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); + try { + Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); + const clipboardContent = {}; + trans.getAnyTransferData({}, clipboardContent); + const { data } = clipboardContent.value.QueryInterface( + Ci.nsISupportsString + ); + const bytes = new TextEncoder().encode(data); + const hasher = (this._hasher ||= Cc[ + "@mozilla.org/security/hash;1" + ].createInstance(Ci.nsICryptoHash)); + hasher.init(hasher.SHA256); + hasher.update(bytes, bytes.length); + return hasher.finish(true); + } catch (e) {} + return null; + }, + + startup() { + this._lastClipboardHash = this._computeClipboardHash(); + + // Here we track changes in active window / application, + // by filtering focus events and window closures. + const handleActivation = (win, activation) => { + if (activation) { + if (!this._globalActivation) { + // focus changed within this window, bail out. + return; + } + this._globalActivation = false; + } else if (!Services.focus.activeWindow) { + // focus is leaving this window: + // let's track whether it remains within the browser. + lazy.setTimeout(() => { + this._globalActivation = !Services.focus.activeWindow; + }, 100); + } + const clipboardHash = this._computeClipboardHash(win); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + const focusListener = e => + e.isTrusted && handleActivation(e.currentTarget, e.type === "focusin"); + const initWindow = win => { + for (const e of ["focusin", "focusout"]) { + win.addEventListener(e, focusListener); + } + }; + for (const w of Services.ww.getWindowEnumerator()) { + initWindow(w); + } + Services.ww.registerNotification((win, event) => { + switch (event) { + case "domwindowopened": + initWindow(win); + break; + case "domwindowclosed": + handleActivation(win, false); + if ( + this._isPrivateClipboard && + lazy.PrivateBrowsingUtils.isWindowPrivate(win) && + !( + lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + Array.from(Services.ww.getWindowEnumerator()).find(w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) + ) + ) + ) { + // no more private windows, empty private content if needed + this.emptyPrivate(); + } + } + }); + }, + emptyPrivate() { + if ( + this._isPrivateClipboard && + !Services.prefs.getBoolPref( + "browser.privatebrowsing.preserveClipboard", + false + ) && + this._lastClipboardHash === this._computeClipboardHash() + ) { + Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + this._lastClipboardHash = null; + this._isPrivateClipboard = false; + console.log("Private clipboard emptied."); + } + }, +}; + /** * Fission-compatible JSProcess implementations. * Each actor options object takes the form of a ProcessActorOptions dictionary. @@ -1619,6 +1732,8 @@ BrowserGlue.prototype = { lazy.DoHController.init(); + ClipboardPrivacy.startup(); + this._firstWindowTelemetry(aWindow); this._firstWindowLoaded(); @@ -1879,7 +1994,7 @@ BrowserGlue.prototype = { lazy.UpdateListener.reset(); } }, - () => Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard), // tor-browser#42019 + () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/68e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/68e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.4.0esr-13.5-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by richard (＠richard) 18 Oct '23

18 Oct '23

richard pushed to branch base-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: f3701b57 by hackademix at 2023-10-18T21:25:24+00:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42154: empty clipboard content from private windows on exit. - - - - - 2 changed files: - browser/app/profile/001-base-profile.js - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -87,6 +87,9 @@ pref("browser.sessionstore.resume_from_crash", false); // Also not needed in PBM at the moment. pref("browser.pagethumbnails.capturing_disabled", true); +// Empty clipboard content from private windows on exit (tor-browser#42154) +pref("browser.privatebrowsing.preserveClipboard", false); + // Enable HTTPS-Only mode (tor-browser#19850) pref("dom.security.https_only_mode", true); // The previous pref automatically sets this to true (see StaticPrefList.yaml), ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -148,6 +148,119 @@ const PRIVATE_BROWSING_EXE_ICON_INDEX = 1; const PREF_PRIVATE_BROWSING_SHORTCUT_CREATED = "browser.privacySegmentation.createdShortcut"; +// Empty clipboard content from private windows on exit +// (tor-browser#42154) +const ClipboardPrivacy = { + _lastClipboardHash: null, + _globalActivation: false, + _isPrivateClipboard: false, + _hasher: null, + + _computeClipboardHash(win = Services.ww.activeWindow) { + const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( + Ci.nsITransferable + ); + trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); + try { + Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); + const clipboardContent = {}; + trans.getAnyTransferData({}, clipboardContent); + const { data } = clipboardContent.value.QueryInterface( + Ci.nsISupportsString + ); + const bytes = new TextEncoder().encode(data); + const hasher = (this._hasher ||= Cc[ + "@mozilla.org/security/hash;1" + ].createInstance(Ci.nsICryptoHash)); + hasher.init(hasher.SHA256); + hasher.update(bytes, bytes.length); + return hasher.finish(true); + } catch (e) {} + return null; + }, + + startup() { + this._lastClipboardHash = this._computeClipboardHash(); + + // Here we track changes in active window / application, + // by filtering focus events and window closures. + const handleActivation = (win, activation) => { + if (activation) { + if (!this._globalActivation) { + // focus changed within this window, bail out. + return; + } + this._globalActivation = false; + } else if (!Services.focus.activeWindow) { + // focus is leaving this window: + // let's track whether it remains within the browser. + lazy.setTimeout(() => { + this._globalActivation = !Services.focus.activeWindow; + }, 100); + } + const clipboardHash = this._computeClipboardHash(win); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + const focusListener = e => + e.isTrusted && handleActivation(e.currentTarget, e.type === "focusin"); + const initWindow = win => { + for (const e of ["focusin", "focusout"]) { + win.addEventListener(e, focusListener); + } + }; + for (const w of Services.ww.getWindowEnumerator()) { + initWindow(w); + } + Services.ww.registerNotification((win, event) => { + switch (event) { + case "domwindowopened": + initWindow(win); + break; + case "domwindowclosed": + handleActivation(win, false); + if ( + this._isPrivateClipboard && + lazy.PrivateBrowsingUtils.isWindowPrivate(win) && + !( + lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + Array.from(Services.ww.getWindowEnumerator()).find(w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) + ) + ) + ) { + // no more private windows, empty private content if needed + this.emptyPrivate(); + } + } + }); + }, + emptyPrivate() { + if ( + this._isPrivateClipboard && + !Services.prefs.getBoolPref( + "browser.privatebrowsing.preserveClipboard", + false + ) && + this._lastClipboardHash === this._computeClipboardHash() + ) { + Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + this._lastClipboardHash = null; + this._isPrivateClipboard = false; + console.log("Private clipboard emptied."); + } + }, +}; + /** * Fission-compatible JSProcess implementations. * Each actor options object takes the form of a ProcessActorOptions dictionary. @@ -1652,6 +1765,8 @@ BrowserGlue.prototype = { lazy.DoHController.init(); + ClipboardPrivacy.startup(); + this._firstWindowTelemetry(aWindow); this._firstWindowLoaded(); @@ -1912,7 +2027,7 @@ BrowserGlue.prototype = { lazy.UpdateListener.reset(); } }, - () => Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard), // tor-browser#42019 + () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/f3701b5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/f3701b5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.5-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by richard (＠richard) 18 Oct '23

18 Oct '23

richard pushed to branch tor-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: ef3a546d by hackademix at 2023-10-18T21:46:03+02:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42154: empty clipboard content from private windows on exit. - - - - - 2 changed files: - browser/app/profile/001-base-profile.js - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -87,6 +87,9 @@ pref("browser.sessionstore.resume_from_crash", false); // Also not needed in PBM at the moment. pref("browser.pagethumbnails.capturing_disabled", true); +// Empty clipboard content from private windows on exit (tor-browser#42154) +pref("browser.privatebrowsing.preserveClipboard", false); + // Enable HTTPS-Only mode (tor-browser#19850) pref("dom.security.https_only_mode", true); // The previous pref automatically sets this to true (see StaticPrefList.yaml), ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -150,6 +150,119 @@ const PRIVATE_BROWSING_EXE_ICON_INDEX = 1; const PREF_PRIVATE_BROWSING_SHORTCUT_CREATED = "browser.privacySegmentation.createdShortcut"; +// Empty clipboard content from private windows on exit +// (tor-browser#42154) +const ClipboardPrivacy = { + _lastClipboardHash: null, + _globalActivation: false, + _isPrivateClipboard: false, + _hasher: null, + + _computeClipboardHash(win = Services.ww.activeWindow) { + const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( + Ci.nsITransferable + ); + trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); + try { + Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); + const clipboardContent = {}; + trans.getAnyTransferData({}, clipboardContent); + const { data } = clipboardContent.value.QueryInterface( + Ci.nsISupportsString + ); + const bytes = new TextEncoder().encode(data); + const hasher = (this._hasher ||= Cc[ + "@mozilla.org/security/hash;1" + ].createInstance(Ci.nsICryptoHash)); + hasher.init(hasher.SHA256); + hasher.update(bytes, bytes.length); + return hasher.finish(true); + } catch (e) {} + return null; + }, + + startup() { + this._lastClipboardHash = this._computeClipboardHash(); + + // Here we track changes in active window / application, + // by filtering focus events and window closures. + const handleActivation = (win, activation) => { + if (activation) { + if (!this._globalActivation) { + // focus changed within this window, bail out. + return; + } + this._globalActivation = false; + } else if (!Services.focus.activeWindow) { + // focus is leaving this window: + // let's track whether it remains within the browser. + lazy.setTimeout(() => { + this._globalActivation = !Services.focus.activeWindow; + }, 100); + } + const clipboardHash = this._computeClipboardHash(win); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + const focusListener = e => + e.isTrusted && handleActivation(e.currentTarget, e.type === "focusin"); + const initWindow = win => { + for (const e of ["focusin", "focusout"]) { + win.addEventListener(e, focusListener); + } + }; + for (const w of Services.ww.getWindowEnumerator()) { + initWindow(w); + } + Services.ww.registerNotification((win, event) => { + switch (event) { + case "domwindowopened": + initWindow(win); + break; + case "domwindowclosed": + handleActivation(win, false); + if ( + this._isPrivateClipboard && + lazy.PrivateBrowsingUtils.isWindowPrivate(win) && + !( + lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + Array.from(Services.ww.getWindowEnumerator()).find(w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) + ) + ) + ) { + // no more private windows, empty private content if needed + this.emptyPrivate(); + } + } + }); + }, + emptyPrivate() { + if ( + this._isPrivateClipboard && + !Services.prefs.getBoolPref( + "browser.privatebrowsing.preserveClipboard", + false + ) && + this._lastClipboardHash === this._computeClipboardHash() + ) { + Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + this._lastClipboardHash = null; + this._isPrivateClipboard = false; + console.log("Private clipboard emptied."); + } + }, +}; + /** * Fission-compatible JSProcess implementations. * Each actor options object takes the form of a ProcessActorOptions dictionary. @@ -1753,6 +1866,8 @@ BrowserGlue.prototype = { lazy.TorProviderBuilder.firstWindowLoaded(); + ClipboardPrivacy.startup(); + this._firstWindowTelemetry(aWindow); this._firstWindowLoaded(); @@ -2013,7 +2128,7 @@ BrowserGlue.prototype = { lazy.UpdateListener.reset(); } }, - () => Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard), // tor-browser#42019 + () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 () => lazy.OnionAliasStore.uninit(), ]; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ef3a546… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ef3a546… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 40984: Include PDBs also from obj-*/dist.
by Pier Angelo Vendrame (＠pierov) 18 Oct '23

18 Oct '23

Pier Angelo Vendrame pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 7ea63162 by Pier Angelo Vendrame at 2023-10-18T09:48:29+02:00 Bug 40984: Include PDBs also from obj-*/dist. Because of a difference between the investigation on adding PDBs and the actual implementation, we were missing .pdb files for .exe files. - - - - - 1 changed file: - projects/firefox/build Changes: ===================================== projects/firefox/build ===================================== @@ -229,7 +229,7 @@ RBM_TB_EOF mkdir -p $distdir/Debug/Browser pushd obj-* cp -Lr dist/include $distdir/Debug/ - find . $ -path ./dist -o -path ./_tests $ -prune -o -name '*.pdb' -exec cp -l {} $distdir/Debug/Browser/ \; + find . -path ./_tests -prune -o -name '*.pdb' -exec cp -l {} $distdir/Debug/Browser/ \; popd [% END -%] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40984: Include PDBs also from obj-*/dist.
by Pier Angelo Vendrame (＠pierov) 18 Oct '23

18 Oct '23

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: ffafd421 by Pier Angelo Vendrame at 2023-10-17T18:41:56+02:00 Bug 40984: Include PDBs also from obj-*/dist. Because of a difference between the investigation on adding PDBs and the actual implementation, we were missing .pdb files for .exe files. - - - - - 1 changed file: - projects/firefox/build Changes: ===================================== projects/firefox/build ===================================== @@ -229,7 +229,7 @@ RBM_TB_EOF mkdir -p $distdir/Debug/Browser pushd obj-* cp -Lr dist/include $distdir/Debug/ - find . $ -path ./dist -o -path ./_tests $ -prune -o -name '*.pdb' -exec cp -l {} $distdir/Debug/Browser/ \; + find . -path ./_tests -prune -o -name '*.pdb' -exec cp -l {} $distdir/Debug/Browser/ \; popd [% END -%] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… You're receiving this email because of your account on gitlab.torproject.org.

1 0