- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build][main] Bug 40793: Add some metadata also to the Windows installer
by Pier Angelo Vendrame (＠pierov) 27 Feb '23

27 Feb '23

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 8d0aeaff by Pier Angelo Vendrame at 2023-02-27T18:57:02+01:00 Bug 40793: Add some metadata also to the Windows installer - - - - - 2 changed files: - projects/browser/windows-installer.nsi - projects/firefox/config Changes: ===================================== projects/browser/windows-installer.nsi ===================================== @@ -45,6 +45,15 @@ !define UNINST_KEY "Software\Microsoft\Windows\CurrentVersion\Uninstall\[% c('var/ProjectName') %]" [% END -%] +;-------------------------------- +;Metadata + + VIProductVersion "[% pc("firefox", "var/browser_series") %].0.0" + VIAddVersionKey "ProductName" "[% c('var/Project_Name') %]" + VIAddVersionKey "ProductVersion" "[% c('var/torbrowser_version') %]" + VIAddVersionKey "FileDescription" "[% c('var/Project_Name') %][% IF system_install_mode -%] System[% END -%] Installer" + VIAddVersionKey "LegalCopyright" "© [% pc("firefox", "var/copyright_year") %] The Tor Project" + ;-------------------------------- ;Interface Configuration @@ -164,7 +173,9 @@ Section "[% c('var/Project_Name') %]" SecBrowser WriteRegStr HKLM "${UNINST_KEY}" "DisplayName" "[% c('var/Project_Name') %]" WriteRegStr HKLM "${UNINST_KEY}" "UninstallString" "$\"$INSTDIR\uninstall.exe$\"" WriteRegStr HKLM "${UNINST_KEY}" "QuietUninstallString" "$\"$INSTDIR\uninstall.exe$\" /S" + WriteRegStr HKLM "${UNINST_KEY}" "Publisher" "The Tor Project" WriteRegStr HKLM "${UNINST_KEY}" "DisplayIcon" "$\"$INSTDIR\[% c('var/exe_name') %].exe$\"" + WriteRegStr HKLM "${UNINST_KEY}" "DisplayVersion" "[% c('var/torbrowser_version') %]" WriteRegDWORD HKLM "${UNINST_KEY}" "NoModify" "1" WriteRegDWORD HKLM "${UNINST_KEY}" "NoRepair" "1" ${GetSize} "$INSTDIR" "/S=0K" $0 $1 $2 ===================================== projects/firefox/config ===================================== @@ -13,7 +13,8 @@ container: var: firefox_platform_version: 102.8.0 firefox_version: '[% c("var/firefox_platform_version") %]esr' - browser_branch: '12.5-1' + browser_series: '12.5' + browser_branch: '[% c("var/browser_series") %]-1' browser_build: 3 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.8.0esr-12.5-1] 2 commits: fixup! Add TorStrings module for localization
by Richard Pospesel (＠richard) 27 Feb '23

27 Feb '23

Richard Pospesel pushed to branch tor-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 63afd83c by Dan Ballard at 2023-02-27T14:55:03+00:00 fixup! Add TorStrings module for localization bug 41085: add new strings for bridge removal dialog - - - - - 6518ee5b by Dan Ballard at 2023-02-27T14:55:03+00:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection bug 41085: move remove all bridges button and modernize dialoge to proton - - - - - 5 changed files: - browser/components/torpreferences/content/connectionPane.js - browser/components/torpreferences/content/connectionPane.xhtml - browser/components/torpreferences/content/torPreferences.css - browser/modules/TorStrings.jsm - toolkit/torbutton/chrome/locale/en-US/settings.properties Changes: ===================================== browser/components/torpreferences/content/connectionPane.js ===================================== @@ -117,9 +117,9 @@ const gConnectionPane = (function() { locationEntries: "#torPreferences-bridges-locationEntries", chooseForMe: "#torPreferences-bridges-buttonChooseBridgeForMe", currentHeader: "#torPreferences-currentBridges-header", - currentHeaderText: "#torPreferences-currentBridges-headerText", currentDescription: "#torPreferences-currentBridges-description", currentDescriptionText: "#torPreferences-currentBridges-descriptionText", + switchLabel: "#torPreferences-currentBridges-enableAll-label", switch: "#torPreferences-currentBridges-switch", cards: "#torPreferences-currentBridges-cards", cardTemplate: "#torPreferences-bridgeCard-template", @@ -426,10 +426,9 @@ const gConnectionPane = (function() { const bridgeHeader = prefpane.querySelector( selectors.bridges.currentHeader ); - bridgeHeader.querySelector( - selectors.bridges.currentHeaderText - ).textContent = TorStrings.settings.bridgeCurrent; - const bridgeSwitch = bridgeHeader.querySelector(selectors.bridges.switch); + bridgeHeader.textContent = TorStrings.settings.bridgeCurrent; + prefpane.querySelector(selectors.bridges.switchLabel).textContent = TorStrings.settings.allBridgesEnabled; + const bridgeSwitch = prefpane.querySelector(selectors.bridges.switch); bridgeSwitch.addEventListener("change", () => { TorSettings.bridges.enabled = bridgeSwitch.checked; TorSettings.saveToPrefs(); @@ -860,35 +859,32 @@ const gConnectionPane = (function() { } { - const overlay = prefpane.querySelector(selectors.bridges.removeOverlay); this._confirmBridgeRemoval = () => { - overlay.classList.remove("hidden"); - }; - const closeDialog = () => { - overlay.classList.add("hidden"); + const aParentWindow = Services.wm.getMostRecentWindow("navigator:browser"); + + const ps = Services.prompt; + const btnFlags = + ps.BUTTON_POS_0 * ps.BUTTON_TITLE_IS_STRING + + ps.BUTTON_POS_0_DEFAULT + + ps.BUTTON_POS_1 * ps.BUTTON_TITLE_CANCEL; + + const notUsed = { value: false }; + const btnIndex = ps.confirmEx( + aParentWindow, + TorStrings.settings.bridgeRemoveAllDialogTitle, + TorStrings.settings.bridgeRemoveAllDialogDescription, + btnFlags, + TorStrings.settings.remove, + null, + null, + null, + notUsed + ); + + if (btnIndex === 0) { + this.onRemoveAllBridges(); + } }; - overlay.addEventListener("click", closeDialog); - const modal = prefpane.querySelector(selectors.bridges.removeModal); - modal.addEventListener("click", e => { - e.stopPropagation(); - }); - const dismiss = prefpane.querySelector(selectors.bridges.removeDismiss); - dismiss.addEventListener("click", closeDialog); - const question = prefpane.querySelector( - selectors.bridges.removeQuestion - ); - question.textContent = TorStrings.settings.removeBridgesQuestion; - const warning = prefpane.querySelector(selectors.bridges.removeWarning); - warning.textContent = TorStrings.settings.removeBridgesWarning; - const confirm = prefpane.querySelector(selectors.bridges.removeConfirm); - confirm.setAttribute("label", TorStrings.settings.remove); - confirm.addEventListener("command", () => { - this.onRemoveAllBridges(); - closeDialog(); - }); - const cancel = prefpane.querySelector(selectors.bridges.removeCancel); - cancel.setAttribute("label", TorStrings.settings.cancel); - cancel.addEventListener("command", closeDialog); } // Advanced setup ===================================== browser/components/torpreferences/content/connectionPane.xhtml ===================================== @@ -91,12 +91,17 @@ <button id="torPreferences-bridges-buttonChooseBridgeForMe" class="primary"/> </hbox> <html:h2 id="torPreferences-currentBridges-header"> - <html:span id="torPreferences-currentBridges-headerText"/> - <html:input type="checkbox" id="torPreferences-currentBridges-switch" class="toggle-button"/> </html:h2> <description flex="1" id="torPreferences-currentBridges-description"> <html:span id="torPreferences-currentBridges-descriptionText"/> </description> + <hbox align="center"> + <html:input type="checkbox" id="torPreferences-currentBridges-switch" class="toggle-button"/> + <html:label id="torPreferences-currentBridges-enableAll-label" for="torPreferences-currentBridges-switch"> + </html:label> + <spacer flex="1"/> + <button id="torPreferences-currentBridges-removeAll"/> + </hbox> <menupopup id="torPreferences-bridgeCard-menu"/> <vbox id="torPreferences-bridgeCard-template" class="torPreferences-bridgeCard"> <hbox class="torPreferences-bridgeCard-heading"> @@ -133,7 +138,6 @@ <vbox id="torPreferences-currentBridges-cards"></vbox> <vbox align="center"> <button id="torPreferences-currentBridges-showAll"/> - <button id="torPreferences-currentBridges-removeAll" class="primary danger-button"/> </vbox> <html:h2 id="torPreferences-addBridge-header"></html:h2> <hbox align="center"> @@ -176,17 +180,4 @@ </hbox> </groupbox> -<html:div id="bridge-remove-overlay" class="hidden"> - <html:div id="bridge-remove-modal"> - <html:img id="bridge-remove-dismiss" src="chrome://global/skin/icons/close.svg"/> - <html:div id="bridge-remove-icon"/> - <html:p id="bridge-remove-question"/> - <html:p id="bridge-remove-warning"/> - <html:div id="bridge-remove-buttonbar"> - <button id="bridge-remove-cancel"/> - <button id="bridge-remove-confirm"/> - </html:div> - </html:div> -</html:div> - </html:template> ===================================== browser/components/torpreferences/content/torPreferences.css ===================================== @@ -187,6 +187,12 @@ html:dir(rtl) input[type="checkbox"].toggle-button::before { font-weight: 700; } +#torPreferences-currentBridges-enableAll-label { + /* Block display to work with parent's xul box layout. */ + display: block; + margin-inline: 6px; +} + /* Bridge cards */ :root { --bridgeCard-animation-time: 0.25s; ===================================== browser/modules/TorStrings.jsm ===================================== @@ -111,7 +111,10 @@ const Loader = { bridgeCopy: "Copy Bridge Address", copied: "Copied!", bridgeShowAll: "Show All Bridges", + allBridgesEnabled: "Use current bridges", bridgeRemoveAll: "Remove All Bridges", + bridgeRemoveAllDialogTitle: "Remove all bridges?", + bridgeRemoveAllDialogDescription: "If these bridges were received from torproject.org or added manually, this action cannot be undone", bridgeAdd: "Add a New Bridge", bridgeSelectBrowserBuiltin: "Choose from one of Tor Browser’s built-in bridges", ===================================== toolkit/torbutton/chrome/locale/en-US/settings.properties ===================================== @@ -43,7 +43,10 @@ settings.bridgeShare=Share this bridge using the QR code or by copying its addre settings.bridgeCopy=Copy Bridge Address settings.copied=Copied! settings.bridgeShowAll=Show All Bridges +settings.allBridgesEnabled=Use current bridges settings.bridgeRemoveAll=Remove All Bridges +settings.bridgeRemoveAllDialogTitle=Remove all bridges? +settings.bridgeRemoveAllDialogDescription=If these bridges were received from torproject.org or added manually, this action cannot be undone settings.bridgeAdd=Add a New Bridge settings.bridgeSelectBrowserBuiltin=Choose from one of Tor Browser’s built-in bridges settings.bridgeSelectBuiltin=Select a Built-In Bridge… View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/d81464… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/d81464… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.8.0esr-12.5-1] Bug 41635: Disable the Normandy component
by Richard Pospesel (＠richard) 27 Feb '23

27 Feb '23

Richard Pospesel pushed to branch base-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 21d60922 by Pier Angelo Vendrame at 2023-02-27T14:53:20+00:00 Bug 41635: Disable the Normandy component Do not include Normandy at all whenever MOZ_NORMANDY is False. - - - - - 2 changed files: - browser/components/BrowserGlue.jsm - toolkit/components/moz.build Changes: ===================================== browser/components/BrowserGlue.jsm ===================================== @@ -1934,7 +1934,13 @@ BrowserGlue.prototype = { () => PageDataService.uninit(), () => PageThumbs.uninit(), () => NewTabUtils.uninit(), - () => Normandy.uninit(), + + () => { + if (AppConstants.MOZ_NORMANDY) { + Normandy.uninit(); + } + }, + () => RFPHelper.uninit(), () => UpdateListener.reset(), ]; ===================================== toolkit/components/moz.build ===================================== @@ -123,7 +123,9 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] != "android": ] if CONFIG["MOZ_BUILD_APP"] == "browser": - DIRS += ["normandy", "messaging-system"] + if CONFIG["MOZ_NORMANDY"]: + DIRS += ["normandy"] + DIRS += ["messaging-system"] DIRS += ["nimbus"] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/21d6092… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/21d6092… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.8.0esr-12.5-1] Bug 41635: Disable the Normandy component
by Richard Pospesel (＠richard) 27 Feb '23

27 Feb '23

Richard Pospesel pushed to branch tor-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: d814648c by Pier Angelo Vendrame at 2023-02-27T14:09:58+00:00 Bug 41635: Disable the Normandy component Do not include Normandy at all whenever MOZ_NORMANDY is False. - - - - - 2 changed files: - browser/components/BrowserGlue.jsm - toolkit/components/moz.build Changes: ===================================== browser/components/BrowserGlue.jsm ===================================== @@ -2011,7 +2011,13 @@ BrowserGlue.prototype = { () => PageDataService.uninit(), () => PageThumbs.uninit(), () => NewTabUtils.uninit(), - () => Normandy.uninit(), + + () => { + if (AppConstants.MOZ_NORMANDY) { + Normandy.uninit(); + } + }, + () => RFPHelper.uninit(), () => UpdateListener.reset(), () => OnionAliasStore.uninit(), ===================================== toolkit/components/moz.build ===================================== @@ -124,7 +124,9 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] != "android": ] if CONFIG["MOZ_BUILD_APP"] == "browser": - DIRS += ["normandy", "messaging-system"] + if CONFIG["MOZ_NORMANDY"]: + DIRS += ["normandy"] + DIRS += ["messaging-system"] DIRS += ["nimbus"] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d814648… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d814648… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.8.0esr-12.5-1] 2 commits: Revert "Bug 41629: Fix errors with MOZ_SERVICES_SYNC=False"
by Pier Angelo Vendrame (＠pierov) 27 Feb '23

27 Feb '23

Pier Angelo Vendrame pushed to branch base-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: bc8fc896 by Richard Pospesel at 2023-02-27T09:47:57+01:00 Revert "Bug 41629: Fix errors with MOZ_SERVICES_SYNC=False" This reverts commit 8f61c9c0b06a1820caeb4683595cec98f0ad88b9. current implementation breaks about:preferences due to runtime errors - - - - - a4aaf6e6 by Richard Pospesel at 2023-02-27T09:48:26+01:00 Revert "fixup! Base Browser's .mozconfigs." This reverts commit 9ac0abfdd9f4bcb53841c40d3b42d34bec92b262. - - - - - 5 changed files: - browser/base/content/browser-sync.js - browser/components/BrowserGlue.jsm - browser/installer/package-manifest.in - browser/moz.configure - toolkit/modules/moz.build Changes: ===================================== browser/base/content/browser-sync.js ===================================== @@ -5,11 +5,7 @@ // This file is loaded into the browser window scope. /* eslint-env mozilla/browser-window */ -ChromeUtils.defineModuleGetter( - this, - "UIState", - "resource://services-sync/UIState.jsm" -); +const { UIState } = ChromeUtils.import("resource://services-sync/UIState.jsm"); ChromeUtils.defineModuleGetter( this, @@ -346,9 +342,7 @@ var gSync = { // once syncing completes (bug 1239042). _syncStartTime: 0, _syncAnimationTimer: 0, - _obs: AppConstants.MOZ_SERVICES_SYNC - ? ["weave:engine:sync:finish", "quit-application", UIState.ON_UPDATE] - : [], + _obs: ["weave:engine:sync:finish", "quit-application", UIState.ON_UPDATE], get log() { if (!this._log) { @@ -464,7 +458,7 @@ var gSync = { this._definePrefGetters(); - if (!AppConstants.MOZ_SERVICES_SYNC || !this.FXA_ENABLED) { + if (!this.FXA_ENABLED) { this.onFxaDisabled(); return; } @@ -1535,7 +1529,7 @@ var gSync = { // can lead to a empty label for 'Send To Device' Menu. this.init(); - if (!AppConstants.MOZ_SERVICES_SYNC || !this.FXA_ENABLED) { + if (!this.FXA_ENABLED) { // These items are hidden in onFxaDisabled(). No need to do anything. return; } @@ -1570,7 +1564,7 @@ var gSync = { // "Send Page to Device" and "Send Link to Device" menu items updateContentContextMenu(contextMenu) { - if (!AppConstants.MOZ_SERVICES_SYNC || !this.FXA_ENABLED) { + if (!this.FXA_ENABLED) { // These items are hidden by default. No need to do anything. return false; } ===================================== browser/components/BrowserGlue.jsm ===================================== @@ -718,10 +718,10 @@ let JSWINDOWACTORS = { }, }; -XPCOMUtils.defineLazyGetter(this, "WeaveService", () => - AppConstants.MOZ_SERVICES_SYNC - ? Cc["@mozilla.org/weave/service;1"].getService().wrappedJSObject - : null +XPCOMUtils.defineLazyGetter( + this, + "WeaveService", + () => Cc["@mozilla.org/weave/service;1"].getService().wrappedJSObject ); if (AppConstants.MOZ_CRASHREPORTER) { @@ -2690,7 +2690,7 @@ BrowserGlue.prototype = { // Schedule a sync (if enabled) after we've loaded { task: async () => { - if (WeaveService?.enabled) { + if (WeaveService.enabled) { await WeaveService.whenLoaded(); WeaveService.Weave.Service.scheduler.autoConnect(); } ===================================== browser/installer/package-manifest.in ===================================== @@ -179,17 +179,7 @@ @RESPATH@/browser/components/MacTouchBar.manifest @RESPATH@/browser/components/MacTouchBar.js #endif -; TODO: Remove this in ESR-115. -; If everything goes well, this patch will not be necessary in 115, because we -; have also an upstream bug. -; I suspect this is somehow incorrect, and that MOZ_SERVICES_SYNC is actually -; never defined for the makefile (it is not for Firefox 112, which builds -; correctly with MOZ_SERVICES_SYNC == False, even without this ifdef). -; But we are interested in disabling it, so using either this, or #if 0 would be -; fine for us. -#ifdef MOZ_SERVICES_SYNC @RESPATH@/components/SyncComponents.manifest -#endif @RESPATH@/components/servicesComponents.manifest @RESPATH@/components/servicesSettings.manifest @RESPATH@/components/cryptoComponents.manifest ===================================== browser/moz.configure ===================================== @@ -7,8 +7,7 @@ imply_option("MOZ_PLACES", True) # tor-browser#32493 imply_option("MOZ_SERVICES_HEALTHREPORT", False) -# tor-browser#41629 -imply_option("MOZ_SERVICES_SYNC", False) +imply_option("MOZ_SERVICES_SYNC", True) imply_option("MOZ_DEDICATED_PROFILES", True) imply_option("MOZ_BLOCK_PROFILE_DOWNGRADE", True) # tor-browser#33734 ===================================== toolkit/modules/moz.build ===================================== @@ -291,7 +291,6 @@ for var in ( for var in ( "MOZ_ALLOW_ADDON_SIDELOAD", "MOZ_BACKGROUNDTASKS", - "MOZ_SERVICES_SYNC", "MOZ_SYSTEM_NSS", "MOZ_SYSTEM_POLICIES", "MOZ_UNSIGNED_APP_SCOPE", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/24aca1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/24aca1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.8.0esr-12.5-1] Revert "fixup! Base Browser's .mozconfigs."
by Richard Pospesel (＠richard) 25 Feb '23

25 Feb '23

Richard Pospesel pushed to branch tor-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 85b5aa49 by Richard Pospesel at 2023-02-25T12:39:13+00:00 Revert "fixup! Base Browser's .mozconfigs." This reverts commit 9ac0abfdd9f4bcb53841c40d3b42d34bec92b262. - - - - - 1 changed file: - browser/moz.configure Changes: ===================================== browser/moz.configure ===================================== @@ -7,8 +7,7 @@ imply_option("MOZ_PLACES", True) # tor-browser#32493 imply_option("MOZ_SERVICES_HEALTHREPORT", False) -# tor-browser#41629 -imply_option("MOZ_SERVICES_SYNC", False) +imply_option("MOZ_SERVICES_SYNC", True) imply_option("MOZ_DEDICATED_PROFILES", False) imply_option("MOZ_BLOCK_PROFILE_DOWNGRADE", False) # tor-browser#33734 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/85b5aa4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/85b5aa4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.8.0esr-12.5-1] Revert "Bug 41629: Fix errors with MOZ_SERVICES_SYNC=False"
by Richard Pospesel (＠richard) 24 Feb '23

24 Feb '23

Richard Pospesel pushed to branch tor-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: cc0c58ab by Richard Pospesel at 2023-02-24T11:29:13+00:00 Revert "Bug 41629: Fix errors with MOZ_SERVICES_SYNC=False" This reverts commit 8f61c9c0b06a1820caeb4683595cec98f0ad88b9. current implementation breaks about:preferences due to runtime errors - - - - - 4 changed files: - browser/base/content/browser-sync.js - browser/components/BrowserGlue.jsm - browser/installer/package-manifest.in - toolkit/modules/moz.build Changes: ===================================== browser/base/content/browser-sync.js ===================================== @@ -5,11 +5,7 @@ // This file is loaded into the browser window scope. /* eslint-env mozilla/browser-window */ -ChromeUtils.defineModuleGetter( - this, - "UIState", - "resource://services-sync/UIState.jsm" -); +const { UIState } = ChromeUtils.import("resource://services-sync/UIState.jsm"); ChromeUtils.defineModuleGetter( this, @@ -346,9 +342,7 @@ var gSync = { // once syncing completes (bug 1239042). _syncStartTime: 0, _syncAnimationTimer: 0, - _obs: AppConstants.MOZ_SERVICES_SYNC - ? ["weave:engine:sync:finish", "quit-application", UIState.ON_UPDATE] - : [], + _obs: ["weave:engine:sync:finish", "quit-application", UIState.ON_UPDATE], get log() { if (!this._log) { @@ -464,7 +458,7 @@ var gSync = { this._definePrefGetters(); - if (!AppConstants.MOZ_SERVICES_SYNC || !this.FXA_ENABLED) { + if (!this.FXA_ENABLED) { this.onFxaDisabled(); return; } @@ -1535,7 +1529,7 @@ var gSync = { // can lead to a empty label for 'Send To Device' Menu. this.init(); - if (!AppConstants.MOZ_SERVICES_SYNC || !this.FXA_ENABLED) { + if (!this.FXA_ENABLED) { // These items are hidden in onFxaDisabled(). No need to do anything. return; } @@ -1570,7 +1564,7 @@ var gSync = { // "Send Page to Device" and "Send Link to Device" menu items updateContentContextMenu(contextMenu) { - if (!AppConstants.MOZ_SERVICES_SYNC || !this.FXA_ENABLED) { + if (!this.FXA_ENABLED) { // These items are hidden by default. No need to do anything. return false; } ===================================== browser/components/BrowserGlue.jsm ===================================== @@ -791,10 +791,10 @@ if (AppConstants.TOR_BROWSER_UPDATE) { }; } -XPCOMUtils.defineLazyGetter(this, "WeaveService", () => - AppConstants.MOZ_SERVICES_SYNC - ? Cc["@mozilla.org/weave/service;1"].getService().wrappedJSObject - : null +XPCOMUtils.defineLazyGetter( + this, + "WeaveService", + () => Cc["@mozilla.org/weave/service;1"].getService().wrappedJSObject ); if (AppConstants.MOZ_CRASHREPORTER) { @@ -2795,7 +2795,7 @@ BrowserGlue.prototype = { // Schedule a sync (if enabled) after we've loaded { task: async () => { - if (WeaveService?.enabled) { + if (WeaveService.enabled) { await WeaveService.whenLoaded(); WeaveService.Weave.Service.scheduler.autoConnect(); } ===================================== browser/installer/package-manifest.in ===================================== @@ -181,17 +181,7 @@ @RESPATH@/browser/components/MacTouchBar.manifest @RESPATH@/browser/components/MacTouchBar.js #endif -; TODO: Remove this in ESR-115. -; If everything goes well, this patch will not be necessary in 115, because we -; have also an upstream bug. -; I suspect this is somehow incorrect, and that MOZ_SERVICES_SYNC is actually -; never defined for the makefile (it is not for Firefox 112, which builds -; correctly with MOZ_SERVICES_SYNC == False, even without this ifdef). -; But we are interested in disabling it, so using either this, or #if 0 would be -; fine for us. -#ifdef MOZ_SERVICES_SYNC @RESPATH@/components/SyncComponents.manifest -#endif @RESPATH@/components/servicesComponents.manifest @RESPATH@/components/servicesSettings.manifest @RESPATH@/components/cryptoComponents.manifest ===================================== toolkit/modules/moz.build ===================================== @@ -293,7 +293,6 @@ for var in ( for var in ( "MOZ_ALLOW_ADDON_SIDELOAD", "MOZ_BACKGROUNDTASKS", - "MOZ_SERVICES_SYNC", "MOZ_SYSTEM_NSS", "MOZ_SYSTEM_POLICIES", "MOZ_UNSIGNED_APP_SCOPE", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/cc0c58a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/cc0c58a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40795: Trim down tor-browser-build release prep issue templates
by Richard Pospesel (＠richard) 23 Feb '23

23 Feb '23

Richard Pospesel pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: e9dc91e5 by Richard Pospesel at 2023-02-23T18:41:12+00:00 Bug 40795: Trim down tor-browser-build release prep issue templates - - - - - 2 changed files: - .gitlab/issue_templates/Release Prep - Alpha.md - .gitlab/issue_templates/Release Prep - Stable.md Changes: ===================================== .gitlab/issue_templates/Release Prep - Alpha.md ===================================== @@ -5,8 +5,6 @@ - `$(STAGING_SERVER)` : the server the signer is using to to run the signing process - `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc - example : `91.6.0` -- `$(RR_VERSION)` : the Mozilla defined Rapid-Release version; Tor Browser for Android is based off of the `$(ESR_VERSION)`, but Mozilla's Firefox for Android is based off of the `$(RR_VERSION)` so we need to keep track of security vulnerabilities to backport from the monthly Rapid-Release train and our frozen ESR train. - - example: `103` - `$(ESR_TAG)` : the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)` - exmaple : `FIREFOX_91_7_0esr_BUILD2` - `$(ESR_TAG_PREV)` : the Mozilla defined hg (Mercurial) tag associated with the previous ESR version when rebasing (ie, the ESR version we are rebasing from) @@ -23,91 +21,12 @@ - if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same. - `$(TOR_BROWSER_VERSION)` : the published Tor Browser version - example : `11.5a6`, `11.0.7` -- `$(TOR_BROWSER_BRANCH)` : the full name of tor-browser branch - - typically of the form: `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1` -- `$(TOR_BROWSER_BRANCH_PREV)` : the full name of the previous tor-browser branch (when rebasing) </details> -<details> - <summary>Android</summary> - -### **Security Vulnerabilities Backport** : https://www.mozilla.org/en-US/security/advisories/ -- **NOTE** : this work usually first occurs during the Tor Browser Stable release, so for alpha we typically only need to update the various `tor-browser-build` configs to point to the right release tags. -- [ ] Create tor-browser issue `Backport Android-specific Firefox $(RR_VERSION) to ESR $(ESR_VERSION)-based Tor Browser` - - [ ] Link new backport issue to this release prep issue -- [ ] Go through any `Security Vulnerabilities fixed in Firefox $(RR_VERSION)` (or similar) and create list of CVEs which affect Android that need to be a backported - - Potentially Affected Components: - - `firefox`/`geckoview` - - `application-services` - - `android-components` - - `fenix` - -### **application-services** ***(Optional)*** : *TODO: we need to setup a gitlab copy of this repo that we can apply security backports to* -- [ ] Backport any Android-specific security fixes from Firefox rapid-release -- [ ] Sign/Tag commit: - - Tag : `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)` - - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha` -- [ ] Push tag to `origin` - -### **android-components** ***(Optional)*** : https://gitlab.torproject.org/tpo/applications/android-components.git -- [ ] Backport any Android-specific security fixes from Firefox rapid-release -- [ ] Sign/Tag commit: - - Tag : `android-components-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)` - - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)` -- [ ] Push tag to `origin` - -### **fenix** ***(Optional)*** : https://gitlab.torproject.org/tpo/applications/fenix.git -- [ ] Backport any Android-specific security fixes from Firefox rapid-release -- [ ] Sign/Tag commit: - - Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)` - - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)` -- [ ] Push tag to `origin` - -</details> - -<details> - <summary>Shared</summary> - -### tor-browser: https://gitlab.torproject.org/tpo/applications/tor-browser.git -- [ ] ***(Optional)*** Backport any Android-specific security fixes from Firefox rapid-release -- [ ] ***(Optional, Chemspill)*** Backport security-fixes to both `tor-browser` and `base-browser` branches -- [ ] ***(Optional)*** Rebase to `$(ESR_VERSION)` - - [ ] Find the Firefox hg tag here : https://hg.mozilla.org/releases/mozilla-esr102/tags - - [ ] `$(ESR_TAG)` : `<INSERT_TAG_HERE>` - - [ ] Identify the hg patch associated with above hg tag, and find the equivalent `gecko-dev` git commit (search by commit message) - - [ ] `gecko-dev` commit : `<INSERT_COMMIT_HASH_HERE>` - - [ ] Sign/Tag `gecko-dev` commit : - - Tag : `$(ESR_TAG)` - - Message : `Hg tag $(ESR_TAG)` - - [ ] Create new `tor-browser` branch with the discovered `gecko-dev` commit as `HEAD` named: - - `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1` - - [ ] Push new branches and esr tag to origin - - [ ] Rebase previous `tor-browser` patches onto the new `gecko-dev` branch - - [ ] Compare patch-sets (ensure nothing *weird* happened during rebase): - - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..$(TOR_BROWSER_BRANCH)` - - [ ] diff of diffs: - - Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred `$(DIFF_TOOL)` and look at differences on lines that starts with + or - - - [ ] `git diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) > current_patchset.diff` - - [ ] `git diff $(ESR_TAG)..$(TOR_BROWSER_BRANCH) > rebased_patchset.diff` - - [ ] `$(DIFF_TOOL) current_patchset.diff rebased_patchset.diff` - - [ ] Open MR for the rebase - - [ ] Merge -- [ ] Sign/Tag `tor-browser` commit : - - Tag : `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(FIREFOX_BUILD_N)` - - Message : `Tagging $(FIREFOX_BUILD_N) for $(ESR_VERSION)esr-based alpha` -- [ ] Create `base-browser` branch from rebased `tor-browser` branch named: - - `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1` - - **NOTE** : Currently we are using the `Bug 40926: Implemented the New Identity feature` commit as the final commit of `base-browser` before `tor-browser` -- [ ] Sign/Tag `base-browser` commit : - - Tag : `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-build1` - - Message: `Tagging build1 for $(ESR_VERSION)esr-based alpha` -- [ ] Push tags to `origin` -- [ ] Update Gitlab Default Branch to new Alpha branch: https://gitlab.torproject.org/tpo/applications/tor-browser/-/settings/repos… - -</details> +**NOTE** It is assumed that the `tor-browser` rebase and security backport tasks have been completed <details> - <summary>Build</summary> + <summary>Build Updates</summary> ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git Tor Browser Alpha (and Nightly) are on the `main` branch @@ -115,9 +34,9 @@ Tor Browser Alpha (and Nightly) are on the `main` branch - [ ] Update `rbm.conf` - [ ] `var/torbrowser_version` : update to next version - [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)` - - [ ] ***(Optional, Desktop)*** `var/torbrowser_incremental_from` : update to previous Desktop version - - [ ] **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make incrementals-*` step will fail -- [ ] ***(Optional)*** Update Desktop-specific build configs + - [ ] ***(Desktop Only)***`var/torbrowser_incremental_from` : update to previous Desktop version + - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make incrementals-*` step will fail +- [ ] Update Desktop-specific build configs - [ ] Update `projects/firefox/config` - [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased @@ -127,7 +46,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch - [ ] `steps/base-browser-fluent/git_hash` : update with `HEAD` commit of project's `basebrowser-newidentityftl` branch - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch -- [ ] ***(Optional)*** Update Android-specific build configs +- [ ] Update Android-specific build configs - [ ] ***(Optional)*** Update `projects/geckoview/config` - [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased @@ -163,7 +82,7 @@ Tor Browser Alpha (and Nightly) are on the `main` branch - [ ] ***(Optional)*** Update `projects/go/config` - [ ] `version` : update go version - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page) - - [ ] ***(Optional)*** Update the manual : https://gitlab.torproject.org/tpo/web/manual/-/jobs/ + - [ ] Update the manual : https://gitlab.torproject.org/tpo/web/manual/-/jobs/ - [ ] Download the `artifacts.zip` file from latest build stage row (download icon button on the right) - [ ] Rename it to `manual_$PIPELINEID.zip` - [ ] Upload it to people.tpo @@ -178,40 +97,62 @@ Tor Browser Alpha (and Nightly) are on the `main` branch - Make sure you have `requests` installed (e.g., `apt install python3-requests`) - The first time you run this script you will need to generate an access token; the script will guide you - [ ] Copy the output of the script to the beginning of `ChangeLog.txt` and adjust its output - - At the moment, the script does not create a _Build System_ section - If you used the issue number, you will need to write the Tor Browser version manually + - [ ] Include any version updates for: + - [ ] translations + - [ ] OpenSSL + - [ ] NoScript + - [ ] Go + - [ ] zlib + - [ ] Include any ESR rebase for Firefox and GeckoView - [ ] Open MR with above changes - [ ] Begin build on `$(BUILD_SERVER)` (fix any issues which come up and update MR) - [ ] Merge - [ ] Sign/Tag commit: `make signtag-alpha` - [ ] Push tag to `origin` + </details> <details> - <summary>Communications</summary> + <summary>Communications</summary> ### notify stakeholders + + <details> + <summary>email template</summary> + + Hello All, + + Unsigned Tor Browser $(TOR_BROWSER_VERSION) alpha candidate builds are now available for testing: + + - https://tb-build-05.torproject.org/~$(BUILDER)/builds/release/unsigned/$(TO… + + The full changelog can be found here: + + - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/main… + + </details> + - [ ] Email tor-qa mailing list: tor-qa(a)lists.torproject.org - - [ ] Provide links to unsigned builds on `$(BUILD_SERVER)` - - [ ] Note any new functionality which needs testing - - [ ] Link to any known issues -- [ ] Email downstream consumers: + - Additional information: + - [ ] Note any new functionality which needs testing + - [ ] Link to any known issues +- [ ] ***(Optional, only around build/packaging changes)*** Email downstream consumers: - Recipients: - - [ ] Tails dev mailing list: tails-dev(a)boum.org - - [ ] Guardian Project: nathan(a)guardianproject.info - - [ ] torbrowser-launcher: micah(a)micahflee.com - - [ ] FreeBSD port: freebsd(a)sysctl.cz  - - [ ] OpenBSD port: caspar(a)schutijser.com  - - [ ] Provide links to unsigned builds on `$(BUILD_SERVER)` + - Tails dev mailing list: tails-dev(a)boum.org + - Guardian Project: nathan(a)guardianproject.info + - torbrowser-launcher: micah(a)micahflee.com + - FreeBSD port: freebsd(a)sysctl.cz  + - OpenBSD port: caspar(a)schutijser.com  - [ ] Note any changes which may affect packaging/downstream integration - [ ] Email upstream stakeholders: - - [ ] ***(Optional, after ESR migration)*** Cloudflare: ask-research(a)cloudflare.com + - ***(Optional, after ESR migration)*** Cloudflare: ask-research(a)cloudflare.com - **NOTE** : We need to provide them with updated user agent string so they can update their internal machinery to prevent Tor Browser users from getting so many CAPTCHAs </details> <details> - <summary>Signing/Publishing</summary> + <summary>Signing</summary> ### signing + publishing - [ ] Ensure builders have matching builds @@ -242,26 +183,32 @@ Tor Browser Alpha (and Nightly) are on the `main` branch - **NOTE**: at this point the signed binaries should have been copied to `staticiforme` - [ ] Update `staticiforme.torproject.org`: - From `screen` session on `staticiforme.torproject.org`: + - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` + - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-alpha.sh` - [ ] Remove old release data from following places: - **NOTE** : Skip this step if the current release is Android or Desktop *only* - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` - - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` - - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-alpha.sh` + - [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component - [ ] Publish APKs to Google Play: - Log into https://play.google.com/apps/publish - Select `Tor Browser (Alpha)` app - - Navigate to `Release > Production` and click `Create new release` button - - [ ] Upload the `*.multi.apk` APKs - - [ ] Update Release Name to Tor Browser version number - - [ ] Update Release Notes + - Navigate to `Release > Production` and click `Create new release` button: + - Upload the `*.multi.apk` APKs + - Update Release Name to Tor Browser version number + - Update Release Notes - Next to 'Release notes', click `Copy from a previous release` - - [ ] Edit blog post url to point to most recent blog post + - Edit blog post url to point to most recent blog post - Save, review, and configure rollout percentage - [ ] 25% rollout when publishing a scheduled update - [ ] 100% rollout when publishing a security-driven release - [ ] Update rollout percentage to 100% after confirmed no major issues +</details> + +<details> + <summary>Publishing</summary> + ### website: https://gitlab.torproject.org/tpo/web/tpo.git - [ ] `databags/versions.ini` : Update the downloads versions - `torbrowser-stable/version` : sort of a catch-all for latest stable version ===================================== .gitlab/issue_templates/Release Prep - Stable.md ===================================== @@ -4,16 +4,16 @@ - `$(BUILD_SERVER)` : the server the main builder is using to build a tor-browser release - `$(STAGING_SERVER)` : the server the signer is using to to run the signing process - `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc - - example : `91.6.0` -- `$(RR_VERSION)` : the Mozilla defined Rapid-Release version; Tor Browser for Android is based off of the `$(ESR_VERSION)`, but Mozilla's Firefox for Android is based off of the `$(RR_VERSION)` so we need to keep track of security vulnerabilities to backport from the monthly Rapid-Release train and our frozen ESR train. - - example: `103` + - example : `91.6.0` - `$(ESR_TAG)` : the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)` - - exmaple : `FIREFOX_91_7_0esr_BUILD2` + - exmaple : `FIREFOX_91_7_0esr_BUILD2` - `$(ESR_TAG_PREV)` : the Mozilla defined hg (Mercurial) tag associated with the previous ESR version when rebasing (ie, the ESR version we are rebasing from) - `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version - - example : `11` + - example : `11` - `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version - - example : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` + - example : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `$(TOR_BROWSER_VERSION)` : the Tor Browser version in the format + - example: `12.5a3`, `12.0.3` - `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(TOR_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build. - example : `build1` - `$(TOR_BROWSER_BUILD_N)` : the tor-browser build revision for a given Tor Browser release; used in tagging git commits @@ -23,89 +23,12 @@ - if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same. - `$(TOR_BROWSER_VERSION)` : the published Tor Browser version - example : `11.5a6`, `11.0.7` -- `$(TOR_BROWSER_BRANCH)` : the full name of tor-browser branch - - typically of the form: `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1` -- `$(TOR_BROWSER_BRANCH_PREV)` : the full name of the previous tor-browser branch (when rebasing) </details> -<details> - <summary>Android</summary> - -### **Security Vulnerabilities Backport** : https://www.mozilla.org/en-US/security/advisories/ -- [ ] Create tor-browser issue `Backport Android-specific Firefox $(RR_VERSION) to ESR $(ESR_VERSION)-based Tor Browser` - - [ ] Link new backport issue to this release prep issue -- [ ] Go through any `Security Vulnerabilities fixed in Firefox $(RR_VERSION)` (or similar) and create list of CVEs which affect Android that need to be a backported - - Potentially Affected Components: - - `firefox`/`geckoview` - - `application-services` - - `android-components` - - `fenix` - -### **application-services** ***(Optional)*** : *TODO: we need to setup a gitlab copy of this repo that we can apply security backports to* -- [ ] Backport any Android-specific security fixes from Firefox rapid-release -- [ ] Sign/Tag commit: - - Tag : `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)` - - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable` -- [ ] Push tag to `origin` - -### **android-components** ***(Optional)*** : https://gitlab.torproject.org/tpo/applications/android-components.git -- [ ] Backport any Android-specific security fixes from Firefox rapid-release -- [ ] Sign/Tag commit: - - Tag : `android-components-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)` - - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable)` -- [ ] Push tag to `origin` - -### **fenix** ***(Optional)*** : https://gitlab.torproject.org/tpo/applications/fenix.git -- [ ] Backport any Android-specific security fixes from Firefox rapid-release -- [ ] Sign/Tag commit: - - Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)` - - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based stable)` -- [ ] Push tag to `origin` - -</details> - -<details> - <summary>Shared</summary> - -### tor-browser: https://gitlab.torproject.org/tpo/applications/tor-browser.git -- [ ] ***(Optional)*** Backport any Android-specific security fixes from Firefox rapid-release -- [ ] ***(Optional, Chemspill)*** Backport security-fixes to both `tor-browser` and `base-browser` branches -- [ ] ***(Optional)*** Rebase to `$(ESR_VERSION)` - - [ ] Find the Firefox hg tag here : https://hg.mozilla.org/releases/mozilla-esr102/tags - - [ ] `$(ESR_TAG)` : `<INSERT_TAG_HERE>` - - [ ] Identify the hg patch associated with above hg tag, and find the equivalent `gecko-dev` git commit (search by commit message) - - [ ] `gecko-dev` commit : `<INSERT_COMMIT_HASH_HERE>` - - [ ] Sign/Tag `gecko-dev` commit : - - Tag : `$(ESR_TAG)` - - Message : `Hg tag $(ESR_TAG)` - - [ ] Create new `tor-browser` branch with the discovered `gecko-dev` commit as `HEAD` named: - - `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1` - - [ ] Push new branches and esr tag to origin - - [ ] Rebase previous `tor-browser` patches onto the new `gecko-dev` branch - - [ ] Compare patch-sets (ensure nothing *weird* happened during rebase): - - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..$(TOR_BROWSER_BRANCH)` - - [ ] diff of diffs: - - Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred `$(DIFF_TOOL)` and look at differences on lines that starts with + or - - - [ ] `git diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) > current_patchset.diff` - - [ ] `git diff $(ESR_TAG)..$(TOR_BROWSER_BRANCH) > rebased_patchset.diff` - - [ ] `$(DIFF_TOOL) current_patchset.diff rebased_patchset.diff` - - [ ] Open MR for the rebase - - [ ] Merge -- [ ] Sign/Tag `tor-browser` commit : - - Tag : `tor-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(FIREFOX_BUILD_N)` - - Message : `Tagging $(FIREFOX_BUILD_N) for $(ESR_VERSION)esr-based stable` -- [ ] Create `base-browser` branch from rebased `tor-browser` branch named: - - `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR-BROWSER_MINOR)-1` - - **NOTE** : Currently we are using the `Bug 40926: Implemented the New Identity feature` commit as the final commit of `base-browser` before `tor-browser` -- [ ] Sign/Tag `base-browser` commit: - - Tag : `base-browser-$(ESR_VERSION)esr-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-build1` - - Message: `Tagging build1 for $(ESR_VERSION)esr-based stable` -- [ ] Push tags to `origin` - -</details> +**NOTE** It is assumed that the `tor-browser` rebase and security backport tasks have been completed <details> - <summary>Build</summary> + <summary>Build Configs</summary> ### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)` (and possibly more specific) branches @@ -113,9 +36,9 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE - [ ] Update `rbm.conf` - [ ] `var/torbrowser_version` : update to next version - [ ] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)` - - [ ] ***(Optional, Desktop)*** `var/torbrowser_incremental_from` : update to previous Desktop version - - [ ] **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make incrementals-*` step will fail -- [ ] ***(Optional)*** Update Desktop-specific build configs + - [ ] ***(Desktop Only)***`var/torbrowser_incremental_from` : update to previous Desktop version + - **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make incrementals-*` step will fail +- [ ] Update Desktop-specific build configs - [ ] Update `projects/firefox/config` - [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag - [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased @@ -125,7 +48,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE - [ ] `steps/base-browser-fluent/git_hash` : update with `HEAD` commit of project's `basebrowser-newidentityftl` branch - [ ] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch - [ ] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch -- [ ] ***(Optional)*** Update Android-specific build configs +- [ ] Update Android-specific build configs - [ ] ***(Optional)*** Update `projects/geckoview/config` - [ ] `git_hash` : update the `$(BUILD_N)` section to match `tor-browser` tag - [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased @@ -161,7 +84,7 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE - [ ] ***(Optional)*** Update `projects/go/config` - [ ] `version` : update go version - [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page) - - [ ] ***(Optional)*** Update the manual : https://gitlab.torproject.org/tpo/web/manual/-/jobs/ + - [ ] Update the manual : https://gitlab.torproject.org/tpo/web/manual/-/jobs/ - [ ] Download the `artifacts.zip` file from latest build stage row (download icon button on the right) - [ ] Rename it to `manual_$PIPELINEID.zip` - [ ] Upload it to people.tpo @@ -176,40 +99,62 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE - Make sure you have `requests` installed (e.g., `apt install python3-requests`) - The first time you run this script you will need to generate an access token; the script will guide you - [ ] Copy the output of the script to the beginning of `ChangeLog.txt` and adjust its output - - At the moment, the script does not create a _Build System_ section - If you used the issue number, you will need to write the Tor Browser version manually + - [ ] Include any version updates for: + - [ ] translations + - [ ] OpenSSL + - [ ] NoScript + - [ ] Go + - [ ] zlib + - [ ] Include any ESR rebase for Firefox and GeckoView - [ ] Open MR with above changes - [ ] Begin build on `$(BUILD_SERVER)` (and fix any issues which come up and update MR) - [ ] Merge - [ ] Sign/Tag commit: `make signtag-release` - [ ] Push tag to `origin` + </details> <details> - <summary>Communications</summary> + <summary>Communications</summary> ### notify stakeholders + + <details> + <summary>email template</summary> + + Hello All, + + Unsigned Tor Browser $(TOR_BROWSER_VERSION) release candidate builds are now available for testing: + + - https://tb-build-05.torproject.org/~$(BUILDER)/builds/release/unsigned/$(TO… + + The full changelog can be found here: + + - https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/main… + + </details> + - [ ] Email tor-qa mailing list: tor-qa(a)lists.torproject.org - - [ ] Provide links to unsigned builds on `$(BUILD_SERVER)` - - [ ] Note any new functionality which needs testing - - [ ] Link to any known issues + - Additional information: + - [ ] Note any new functionality which needs testing + - [ ] Link to any known issues - [ ] Email downstream consumers: - Recipients: - - [ ] Tails dev mailing list: tails-dev(a)boum.org - - [ ] Guardian Project: nathan(a)guardianproject.info - - [ ] torbrowser-launcher: micah(a)micahflee.com - - [ ] FreeBSD port: freebsd(a)sysctl.cz  - - [ ] OpenBSD port: caspar(a)schutijser.com  - - [ ] Provide links to unsigned builds on `$(BUILD_SERVER)` + - Tails dev mailing list: tails-dev(a)boum.org + - Guardian Project: nathan(a)guardianproject.info + - torbrowser-launcher: micah(a)micahflee.com + - FreeBSD port: freebsd(a)sysctl.cz  + - OpenBSD port: caspar(a)schutijser.com  - [ ] Note any changes which may affect packaging/downstream integration - [ ] Email upstream stakeholders: - - [ ] ***(Optional, after ESR migration)*** Cloudflare: ask-research(a)cloudflare.com + - ***(Optional, after ESR migration)*** Cloudflare: ask-research(a)cloudflare.com - **NOTE** : We need to provide them with updated user agent string so they can update their internal machinery to prevent Tor Browser users from getting so many CAPTCHAs </details> <details> - <summary>Signing/Publishing</summary> + <summary>Signing</summary> ### signing + publishing - [ ] Ensure builders have matching builds @@ -240,26 +185,32 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE - **NOTE**: at this point the signed binaries should have been copied to `staticiforme` - [ ] Update `staticiforme.torproject.org`: - From `screen` session on `staticiforme.torproject.org`: + - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` + - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-release.sh` - [ ] Remove old release data from following places: - **NOTE** : Skip this step if the current release is Android or Desktop *only* - [ ] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser` - [ ] `/srv/dist-master.torproject.org/htdocs/torbrowser` - - [ ] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org` - - [ ] Enable update responses : `sudo -u tb-release ./deploy_update_responses-release.sh` +- [ ] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component - [ ] Publish APKs to Google Play: - Log into https://play.google.com/apps/publish - Select `Tor Browser` app - - Navigate to `Release > Production` and click `Create new release` button - - [ ] Upload the `*.multi.apk` APKs - - [ ] Update Release Name to Tor Browser version number - - [ ] Update Release Notes + - Navigate to `Release > Production` and click `Create new release` button: + - Upload the `*.multi.apk` APKs + - Update Release Name to Tor Browser version number + - Update Release Notes - Next to 'Release notes', click `Copy from a previous release` - - [ ] Edit blog post url to point to most recent blog post + - Edit blog post url to point to most recent blog post - Save, review, and configure rollout percentage - [ ] 25% rollout when publishing a scheduled update - [ ] 100% rollout when publishing a security-driven release - [ ] Update rollout percentage to 100% after confirmed no major issues +</details> + +<details> + <summary>Publishing</summary> + ### website: https://gitlab.torproject.org/tpo/web/tpo.git - [ ] `databags/versions.ini` : Update the downloads versions - `torbrowser-stable/version` : sort of a catch-all for latest stable version @@ -296,4 +247,3 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE </details> /label ~"Release Prep" - View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.8.0esr-12.5-1] Bug 41649: Create rebase and security backport gitlab issue templates
by Richard Pospesel (＠richard) 23 Feb '23

23 Feb '23

Richard Pospesel pushed to branch tor-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 85c86696 by Richard Pospesel at 2023-02-23T18:40:14+00:00 Bug 41649: Create rebase and security backport gitlab issue templates - - - - - 3 changed files: - + .gitlab/issue_templates/Backport Android Security Fixes.md - + .gitlab/issue_templates/Rebase Browser - Alpha.md - + .gitlab/issue_templates/Rebase Browser - Stable.md Changes: ===================================== .gitlab/issue_templates/Backport Android Security Fixes.md ===================================== @@ -0,0 +1,88 @@ +<details> + <summary>Explanation of Variables</summary> +- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc + - example : `102.8.0` +- `$(RR_VERSION)` : the Mozilla defined Rapid-Release version; Tor Browser for Android is based off of the `$(ESR_VERSION)`, but Mozilla's Firefox for Android is based off of the `$(RR_VERSION)` so we need to keep track of security vulnerabilities to backport from the monthly Rapid-Release train and our frozen ESR train. + - example: `110` +- `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version + - example : `12` +- `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version + - example : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `$(BUILD_N)` : a project's build revision within a its branch; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build. + - example : `build1` +</details> + +**NOTE:** It is assumed the `tor-browser` rebase has already happened and there exists a `build1` build tag for both `base-browser` and `tor-browser` + +### **Bookkeeping** + +- [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/is… issues (stable and alpha). + +### **Security Vulnerabilities Report** : https://www.mozilla.org/en-US/security/advisories/ + +- Potentially Affected Components: + - `firefox`/`geckoview` : https://github.com/mozilla/gecko-dev + - `application-services` : https://github.com/mozilla/application-services + - `android-components` : https://github.com/mozilla-mobile/firefox-android + - `fenix` : https://github.com/mozilla-mobile/firefox-android + +**NOTE:** `android-components` and `fenix` used to have their own repos, but since November 2022 they have converged to a single `firefox-android` repo. Any backports will require manually porting patches over to our legacy repos. + +- [ ] Go through any `Security Vulnerabilities fixed in Firefox $(RR_VERSION)` (or similar) and create a candidate list of CVEs which potentially need to be backported in this issue: + - CVEs which are explicitly labeled as 'Android' only + - CVEs which are fixed in Rapid Release but not in ESR + - 'Memory safety bugs' fixed in Rapid Release but not in ESR +- [ ] Foreach issue: + - Create link to the CVE on [mozilla.org](https://www.mozilla.org/en-US/security/advisories/) + - example: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-257… + - Create link to the associated Bugzilla issues (found in the CVE description) + - Create a link to the relevant `gecko-dev`/other commit hashes which need to be backported OR a brief justification for why the fix does not need to be backported + - To find the `gecko-dev` version of a `mozilla-central`, search for a unique string in the relevant `mozilla-central` commit message in the `gecko-dev/release` branch log. + - **NOTE:** This process is unfortunately somewhat poorly defined/ad-hoc given the general variation in how Bugzilla issues are labeled and resolved. In general this is going to involve a bit of hunting to identify needed commits or determining whether or not the fix is relevant. + + +### **tor-browser** : https://gitlab.torproject.org/tpo/applications/tor-browser.git +- [ ] Backport any Android-specific security fixes from Firefox rapid-release + - [ ] Sign/Tag commit: + - Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)` + - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)` + - [ ] Push tag to `origin` +**OR** +- [ ] No backports + +### **application-services** : *TODO: we will need to setup a gitlab copy of this repo that we can apply security backports to if there are ever any security issues here* +- [ ] Backport any Android-specific security fixes from Firefox rapid-release + - [ ] Sign/Tag commit: + - Tag : `application-services-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)` + - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha` + - [ ] Push tag to `origin` + **OR** +- [ ] No backports + + +### **android-components** : https://gitlab.torproject.org/tpo/applications/android-components.git +- [ ] Backport any Android-specific security fixes from Firefox rapid-release + - **NOTE**: Since November 2022, this repo has been merged with `fenix` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `android-components` project. + - [ ] Sign/Tag commit: + - Tag : `android-components-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)` + - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)` + - [ ] Push tag to `origin` +**OR** +- [ ] No backports + + +### **fenix** : https://gitlab.torproject.org/tpo/applications/fenix.git +- [ ] Backport any Android-specific security fixes from Firefox rapid-release + - **NOTE**: Since February 2023, this repo has been merged with `android-components` into a singular `firefox-android` repo: https://github.com/mozilla-mobile/firefox-android. Any backport will require a patch rewrite to apply to our legacy `fenix` project. + - [ ] Sign/Tag commit: + - Tag : `tor-browser-$(ESR_VERSION)-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)-1-$(BUILD_N)` + - Message: `Tagging $(BUILD_N) for $(ESR_VERSION)-based alpha)` + - [ ] Push tag to `origin` +**OR** +- [ ] No backports + +### CVEs + + + +/confidential ===================================== .gitlab/issue_templates/Rebase Browser - Alpha.md ===================================== @@ -0,0 +1,81 @@ +**NOTE:** All examples reference the rebase from 102.7.0esr to 102.8.0esr + +<details> + <summary>Explanation of Variables</summary> +- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc + - example : `102.8.0` +- `$(ESR_TAG)` : the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)` + - example : `FIREFOX_102_8_0esr_RELEASE` +- `$(ESR_TAG_PREV)` : the Mozilla defined hg (Mercurial) tag associated with the previous ESR version when rebasing (ie, the ESR version we are rebasing from) +- `$(BROWSER_MAJOR)` : the browser major version + - example : `12` +- `$(BROWSER_MINOR)` : the browser minor version + - example : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `$(BASE_BROWSER_BRANCH)` : the full name of the current `base-browser` branch + - example: `base-browser-102.8.0esr-12.5-1` +- `$(BASE_BROWSER_BRANCH_PREV)` : the full name of the previous `base-browser` branch + - example: `base-browser-102.7.0esr-12.5-1` +- `$(TOR_BROWSER_BRANCH)` : the full name of the current `tor-browser` branch + - example: `tor-browser-102.8.0esr-12.5-1` +- `$(TOR_BROWSER_BRANCH_PREV)` : the full name of the previous `tor-browser` branch + - example: `tor-browser-102.7.0esr-12.5-1` +</details> + +**NOTE:** It is assumed that we've already identified the new esr branch during the tor-browser stable rebase + +### **Bookkeeping** + +- [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/is… issue. + +### **Rebase base-browser** + +- [ ] Checkout a new branch for the `base-browser` rebase + - example: `git branch base-browser-rebase FIREFOX_102_8_0esr_BUILD1` +- [ ] Cherry-pick the previous `base-browser` commits up to `base-browser`'s `build1` tag onto new `base-browser` rebase branch + - example: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..base-browser-102.7.0esr-12.5-1-build1` +- [ ] Rebase and autosquash these cherry-picked commits + - example: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_BUILD1 HEAD` +- [ ] Cherry-pick remainder of patches after the `build1` tag + - example: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1 origin/base-browser-102.7.0esr-12.5-1` +- [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution: + - [ ] diff of diffs: + - Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred difftool and look at differences on lines that starts with + or - + - `git diff $(ESR_TAG_PREV)..$(BASE_BROWSER_BRANCH_PREV) > current_patchset.diff` + - `git diff $(ESR_TAG)..$(BASE_BROWSER_BRANCH) > rebased_patchset.diff` + - diff `current_patchset.diff` and `rebased_patchset.diff` + - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` + - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(BASE_BROWSER_BRANCH_PREV) $(ESR_TAG)..HEAD` + - example: `git range-dif FIREFOX_102_7_0esr_BUILD1..origin/base-browser-102.7.0esr-12.5-1 FIREFOX_102_8_0esr_BUILD1..HEAD` +- [ ] Open MR for the `base-browser` rebase +- [ ] Merge +- [ ] Sign/Tag HEAD of the merged new `base-browser` branch: + - Tag : `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1` + - Message : `Tagging build1 for $(ESR_VERSION)esr-based alpha` +- [ ] Push tag to `origin` + +### **Rebase tor-browser** + +- [ ] Checkout a new branch for the `tor-browser` rebase starting from the `base-browser` `build1` tag + - example: `git branch tor-browser-rebase base-browser-102.8.0esr-12.5-1-build1` +- [ ] Cherry-pick the previous `tor-browser` commits from `base-browser`'s previous `build1` tag up to `tor-browser`'s newest `buildN` tag (not necessarily `build1` if we have multiple build tags) + - example: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1..tor-browser-102.7.0esr-12.5-1-build1` +- [ ] Rebase and autosquash these cherry-picked commits (from the last new `base-browser` commit to `HEAD`) + - example: `git rebase --autosquash --interactive base-browser-102.8.0esr-12.5-1-build1 HEAD` +- [ ] Cherry-pick remainder of patches after the last `buildN` tag + - example: `git cherry-pick base-browser-102.7.0esr-12.5-1-build1..origin/tor-browser-102.7.0esr-12.5-1` +- [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution: + - [ ] diff of diffs: + - Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred difftool and look at differences on lines that starts with + or - + - `git diff $(ESR_TAG_PREV)..$(BROWSER_BRANCH_PREV) > current_patchset.diff` + - `git diff $(ESR_TAG)..$(BROWSER_BRANCH) > rebased_patchset.diff` + - diff `current_patchset.diff` and `rebased_patchset.diff` + - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` + - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..HEAD` + - example: `git range-dif FIREFOX_102_7_0esr_BUILD1..origin/tor-browser-102.7.0esr-12.5-1 FIREFOX_102_8_0esr_BUILD1..HEAD` +- [ ] Open MR for the `tor-browser` rebase +- [ ] Merge +- [ ] Sign/Tag HEAD of the merged new `tor-browser` branch: + - Tag : `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1` + - Message : `Tagging build1 for $(ESR_VERSION)esr-based alpha` +- [ ] Push tag to `origin` + ===================================== .gitlab/issue_templates/Rebase Browser - Stable.md ===================================== @@ -0,0 +1,100 @@ +**NOTE:** All examples reference the rebase from 102.7.0esr to 102.8.0esr + +<details> + <summary>Explanation of variables</summary> +- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc + - example : `102.8.0` +- `$(ESR_TAG)` : the Mozilla defined hg (Mercurial) tag associated with `$(ESR_VERSION)` + - example : `FIREFOX_102_8_0esr_RELEASE` +- `$(ESR_TAG_PREV)` : the Mozilla defined hg (Mercurial) tag associated with the previous ESR version when rebasing (ie, the ESR version we are rebasing from) +- `$(BROWSER_MAJOR)` : the browser major version + - example : `12` +- `$(BROWSER_MINOR)` : the browser minor version + - example : either `0` or `5`; Alpha's is always `(Stable + 5) % 10` +- `$(BASE_BROWSER_BRANCH)` : the full name of the current `base-browser` branch + - example: `base-browser-102.8.0esr-12.0-1` +- `$(BASE_BROWSER_BRANCH_PREV)` : the full name of the previous `base-browser` branch + - example: `base-browser-102.7.0esr-12.0-1` +- `$(TOR_BROWSER_BRANCH)` : the full name of the current `tor-browser` branch + - example: `tor-browser-102.8.0esr-12.0-1` +- `$(TOR_BROWSER_BRANCH_PREV)` : the full name of the previous `tor-browser` branch + - example: `tor-browser-102.7.0esr-12.0-1` +</details> + +### **Bookkeeping** + +- [ ] Link this issue to the appropriate [Release Prep](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/is… issue. + +### **Identify the Firefox Tagged Commit and Create New Branches** + +- [ ] Find the Firefox mercurial tag here : https://hg.mozilla.org/releases/mozilla-esr102/tags + - example: `FIREFOX_102_8_0esr_BUILD1` +- [ ] Find the analogous `gecko-dev` commit : https://github.com/mozilla/gecko-dev + - Search for unique string found in the mercurial commit in the `gecko-dev/esr102` branch + - example: 3a3a96c9eedd02296d6652dd50314fccbc5c4845 +- [ ] Sign and Tag `gecko-dev` commit + - Sign/Tag `gecko-dev` commit : + - Tag : `$(ESR_TAG)` + - Message : `Hg tag $(ESR_TAG)` +- [ ] Create new stable `base-browser` branch from tag + - branch name in the form: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1` + - example: `base-browser-102.8.0esr-12.0-1` +- [ ] Create new stable `tor-browser` branch from + - branch name in the form: `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1` + - example: `tor-browser-102.8.0esr-12.0-1` +- [ ] Push new `base-browser` branch to `origin` +- [ ] Push new `tor-browser` branch to `origin` +- [ ] Push new `$(ESR_TAG)` to `origin` + +### **Rebase base-browser** + +- [ ] Checkout a new branch for the `base-browser` rebase + - example: `git branch base-browser-rebase FIREFOX_102_8_0esr_BUILD1` +- [ ] Cherry-pick the previous `base-browser` commits up to `base-browser`'s `build1` tag onto new `base-browser` rebase branch + - example: `git cherry-pick FIREFOX_102_7_0esr_BUILD1..base-browser-102.7.0esr-12.0-1-build1` +- [ ] Rebase and autosquash these cherry-picked commits + - example: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_BUILD1 HEAD` +- [ ] Cherry-pick remainder of patches after the `build1` tag + - example: `git cherry-pick base-browser-102.7.0esr-12.0-1-build1 origin/base-browser-102.7.0esr-12.0-1` +- [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution: + - [ ] diff of diffs: + - Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred difftool and look at differences on lines that starts with + or - + - `git diff $(ESR_TAG_PREV)..$(BASE_BROWSER_BRANCH_PREV) > current_patchset.diff` + - `git diff $(ESR_TAG)..$(BASE_BROWSER_BRANCH) > rebased_patchset.diff` + - diff `current_patchset.diff` and `rebased_patchset.diff` + - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` + - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(BASE_BROWSER_BRANCH_PREV) $(ESR_TAG)..HEAD` + - example: `git range-dif FIREFOX_102_7_0esr_BUILD1..origin/base-browser-102.7.0esr-12.0-1 FIREFOX_102_8_0esr_BUILD1..HEAD` +- [ ] Open MR for the `base-browser` rebase +- [ ] Merge +- [ ] Sign/Tag HEAD of the merged new `base-browser` branch: + - Tag : `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1` + - Message : `Tagging build1 for $(ESR_VERSION)esr-based stable` +- [ ] Push tag to `origin` + +### **Rebase tor-browser** + +- [ ] Checkout a new branch for the `tor-browser` rebase starting from the `base-browser` `build1` tag + - example: `git branch tor-browser-rebase base-browser-102.8.0esr-12.0-1-build1` +- [ ] Cherry-pick the previous `tor-browser` commits from `base-browser`'s previous `build1` tag up to `tor-browser`'s newest `buildN` tag (not necessarily `build1` if we have multiple build tags) + - example: `git cherry-pick base-browser-102.7.0esr-12.0-1-build1..tor-browser-102.7.0esr-12.0-1-build1` +- [ ] Rebase and autosquash these cherry-picked commits (from the last new `base-browser` commit to `HEAD`) + - example: `git rebase --autosquash --interactive base-browser-102.8.0esr-12.0-1-build1 HEAD` +- [ ] Cherry-pick remainder of patches after the last `buildN` tag + - example: `git cherry-pick base-browser-102.7.0esr-12.0-1-build1..origin/tor-browser-102.7.0esr-12.0-1` +- [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution: + - [ ] diff of diffs: + - Do the diff between `current_patchset.diff` and `rebased_patchset.diff` with your preferred difftool and look at differences on lines that starts with + or - + - `git diff $(ESR_TAG_PREV)..$(BROWSER_BRANCH_PREV) > current_patchset.diff` + - `git diff $(ESR_TAG)..$(BROWSER_BRANCH) > rebased_patchset.diff` + - diff `current_patchset.diff` and `rebased_patchset.diff` + - If everything went correctly, the only lines which should differ should be the lines starting with `index abc123...def456` + - [ ] rangediff: `git range-diff $(ESR_TAG_PREV)..$(TOR_BROWSER_BRANCH_PREV) $(ESR_TAG)..HEAD` + - example: `git range-dif FIREFOX_102_7_0esr_BUILD1..origin/tor-browser-102.7.0esr-12.0-1 FIREFOX_102_8_0esr_BUILD1..HEAD` +- [ ] Open MR for the `tor-browser` rebase +- [ ] Merge +- [ ] Sign/Tag HEAD of the merged new `tor-browser` branch: + - Tag : `tor-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1` + - Message : `Tagging build1 for $(ESR_VERSION)esr-based stable` +- [ ] Push tag to `origin` + View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/85c8669… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/85c8669… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.8.0esr-12.5-1] fixup! Bug 31575: Disable Firefox Home (Activity Stream)
by Pier Angelo Vendrame (＠pierov) 23 Feb '23

23 Feb '23

Pier Angelo Vendrame pushed to branch base-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 24aca1ff by Pier Angelo Vendrame at 2023-02-23T16:22:48+01:00 fixup! Bug 31575: Disable Firefox Home (Activity Stream) Bug 41624: Further more SaveToPocket references deleted - - - - - 2 changed files: - browser/base/content/browser.js - browser/components/BrowserGlue.jsm Changes: ===================================== browser/base/content/browser.js ===================================== @@ -67,7 +67,6 @@ XPCOMUtils.defineLazyModuleGetters(this, { RFPHelper: "resource://gre/modules/RFPHelper.jsm", SafeBrowsing: "resource://gre/modules/SafeBrowsing.jsm", Sanitizer: "resource:///modules/Sanitizer.jsm", - SaveToPocket: "chrome://pocket/content/SaveToPocket.jsm", ScreenshotsUtils: "resource:///modules/ScreenshotsUtils.jsm", SessionStartup: "resource:///modules/sessionstore/SessionStartup.jsm", SessionStore: "resource:///modules/sessionstore/SessionStore.jsm", @@ -5442,8 +5441,6 @@ var XULBrowserWindow = { SafeBrowsingNotificationBox.onLocationChange(aLocationURI); - SaveToPocket.onLocationChange(window); - UrlbarProviderSearchTips.onLocationChange( window, aLocationURI, ===================================== browser/components/BrowserGlue.jsm ===================================== @@ -75,7 +75,6 @@ XPCOMUtils.defineLazyModuleGetters(this, { RFPHelper: "resource://gre/modules/RFPHelper.jsm", SafeBrowsing: "resource://gre/modules/SafeBrowsing.jsm", Sanitizer: "resource:///modules/Sanitizer.jsm", - SaveToPocket: "chrome://pocket/content/SaveToPocket.jsm", ScreenshotsUtils: "resource:///modules/ScreenshotsUtils.jsm", SearchSERPTelemetry: "resource:///modules/SearchSERPTelemetry.jsm", SessionStartup: "resource:///modules/sessionstore/SessionStartup.jsm", @@ -1209,8 +1208,6 @@ BrowserGlue.prototype = { Normandy.init(); } - SaveToPocket.init(); - AboutHomeStartupCache.init(); Services.obs.notifyObservers(null, "browser-ui-startup-complete"); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/24aca1f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/24aca1f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.8.0esr-12.5-1] Revert "fixup! Bug 31740: Remove some unnecessary RemoteSettings instances"
by Pier Angelo Vendrame (＠pierov) 23 Feb '23

23 Feb '23

Pier Angelo Vendrame pushed to branch base-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: f0b10df3 by Pier Angelo Vendrame at 2023-02-23T16:21:59+01:00 Revert "fixup! Bug 31740: Remove some unnecessary RemoteSettings instances" This reverts commit 34ed82f6c02a8dc5ed8390fa664e2f63aeadc303. - - - - - 1 changed file: - toolkit/components/moz.build Changes: ===================================== toolkit/components/moz.build ===================================== @@ -122,9 +122,10 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] != "android": "components.conf", ] -# tor-browser#41628: Disable Normandy and Nimbus at compile time if CONFIG["MOZ_BUILD_APP"] == "browser": - DIRS += ["messaging-system"] + DIRS += ["normandy", "messaging-system"] + +DIRS += ["nimbus"] if CONFIG["MOZ_BACKGROUNDTASKS"]: DIRS += ["backgroundtasks"] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/f0b10df… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/f0b10df… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.8.0esr-12.5-1] 2 commits: fixup! Base Browser's .mozconfigs.
by Pier Angelo Vendrame (＠pierov) 23 Feb '23

23 Feb '23

Pier Angelo Vendrame pushed to branch base-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: d912ca8d by Pier Angelo Vendrame at 2023-02-23T16:15:59+01:00 fixup! Base Browser's .mozconfigs. Bug 41629: Set MOZ_SERVICES_SYNC to False - - - - - f0d123b1 by Pier Angelo Vendrame at 2023-02-23T16:17:30+01:00 Bug 41629: Fix errors with MOZ_SERVICES_SYNC=False MOZ_SERVICES_SYNC should have been removed in Moz Bug 1227361. However, it is still available, so we would like to use it. Since it is a configuration that Mozilla does not test, and using it results in a build error and in a few runtime errors, too. This commit fixes them. We have an upstream bug, too, but its (proposed) fix does not apply to ESR 102 because of ESMification. Should it not be accepted, we could replace this commit with the poposed fix. Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1816969 - - - - - 5 changed files: - browser/base/content/browser-sync.js - browser/components/BrowserGlue.jsm - browser/installer/package-manifest.in - browser/moz.configure - toolkit/modules/moz.build Changes: ===================================== browser/base/content/browser-sync.js ===================================== @@ -5,7 +5,11 @@ // This file is loaded into the browser window scope. /* eslint-env mozilla/browser-window */ -const { UIState } = ChromeUtils.import("resource://services-sync/UIState.jsm"); +ChromeUtils.defineModuleGetter( + this, + "UIState", + "resource://services-sync/UIState.jsm" +); ChromeUtils.defineModuleGetter( this, @@ -342,7 +346,9 @@ var gSync = { // once syncing completes (bug 1239042). _syncStartTime: 0, _syncAnimationTimer: 0, - _obs: ["weave:engine:sync:finish", "quit-application", UIState.ON_UPDATE], + _obs: AppConstants.MOZ_SERVICES_SYNC + ? ["weave:engine:sync:finish", "quit-application", UIState.ON_UPDATE] + : [], get log() { if (!this._log) { @@ -458,7 +464,7 @@ var gSync = { this._definePrefGetters(); - if (!this.FXA_ENABLED) { + if (!AppConstants.MOZ_SERVICES_SYNC || !this.FXA_ENABLED) { this.onFxaDisabled(); return; } @@ -1529,7 +1535,7 @@ var gSync = { // can lead to a empty label for 'Send To Device' Menu. this.init(); - if (!this.FXA_ENABLED) { + if (!AppConstants.MOZ_SERVICES_SYNC || !this.FXA_ENABLED) { // These items are hidden in onFxaDisabled(). No need to do anything. return; } @@ -1564,7 +1570,7 @@ var gSync = { // "Send Page to Device" and "Send Link to Device" menu items updateContentContextMenu(contextMenu) { - if (!this.FXA_ENABLED) { + if (!AppConstants.MOZ_SERVICES_SYNC || !this.FXA_ENABLED) { // These items are hidden by default. No need to do anything. return false; } ===================================== browser/components/BrowserGlue.jsm ===================================== @@ -719,10 +719,10 @@ let JSWINDOWACTORS = { }, }; -XPCOMUtils.defineLazyGetter( - this, - "WeaveService", - () => Cc["@mozilla.org/weave/service;1"].getService().wrappedJSObject +XPCOMUtils.defineLazyGetter(this, "WeaveService", () => + AppConstants.MOZ_SERVICES_SYNC + ? Cc["@mozilla.org/weave/service;1"].getService().wrappedJSObject + : null ); if (AppConstants.MOZ_CRASHREPORTER) { @@ -2693,7 +2693,7 @@ BrowserGlue.prototype = { // Schedule a sync (if enabled) after we've loaded { task: async () => { - if (WeaveService.enabled) { + if (WeaveService?.enabled) { await WeaveService.whenLoaded(); WeaveService.Weave.Service.scheduler.autoConnect(); } ===================================== browser/installer/package-manifest.in ===================================== @@ -179,7 +179,17 @@ @RESPATH@/browser/components/MacTouchBar.manifest @RESPATH@/browser/components/MacTouchBar.js #endif +; TODO: Remove this in ESR-115. +; If everything goes well, this patch will not be necessary in 115, because we +; have also an upstream bug. +; I suspect this is somehow incorrect, and that MOZ_SERVICES_SYNC is actually +; never defined for the makefile (it is not for Firefox 112, which builds +; correctly with MOZ_SERVICES_SYNC == False, even without this ifdef). +; But we are interested in disabling it, so using either this, or #if 0 would be +; fine for us. +#ifdef MOZ_SERVICES_SYNC @RESPATH@/components/SyncComponents.manifest +#endif @RESPATH@/components/servicesComponents.manifest @RESPATH@/components/servicesSettings.manifest @RESPATH@/components/cryptoComponents.manifest ===================================== browser/moz.configure ===================================== @@ -7,7 +7,8 @@ imply_option("MOZ_PLACES", True) # tor-browser#32493 imply_option("MOZ_SERVICES_HEALTHREPORT", False) -imply_option("MOZ_SERVICES_SYNC", True) +# tor-browser#41629 +imply_option("MOZ_SERVICES_SYNC", False) imply_option("MOZ_DEDICATED_PROFILES", True) imply_option("MOZ_BLOCK_PROFILE_DOWNGRADE", True) # tor-browser#33734 ===================================== toolkit/modules/moz.build ===================================== @@ -291,6 +291,7 @@ for var in ( for var in ( "MOZ_ALLOW_ADDON_SIDELOAD", "MOZ_BACKGROUNDTASKS", + "MOZ_SERVICES_SYNC", "MOZ_SYSTEM_NSS", "MOZ_SYSTEM_POLICIES", "MOZ_UNSIGNED_APP_SCOPE", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/1aaacc… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/1aaacc… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.8.0esr-12.5-1] 2 commits: fixup! Base Browser's .mozconfigs.
by Pier Angelo Vendrame (＠pierov) 23 Feb '23

23 Feb '23

Pier Angelo Vendrame pushed to branch tor-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 9ac0abfd by Pier Angelo Vendrame at 2023-02-23T09:54:29+01:00 fixup! Base Browser's .mozconfigs. Bug 41629: Set MOZ_SERVICES_SYNC to False - - - - - 8f61c9c0 by Pier Angelo Vendrame at 2023-02-23T10:19:37+01:00 Bug 41629: Fix errors with MOZ_SERVICES_SYNC=False MOZ_SERVICES_SYNC should have been removed in Moz Bug 1227361. However, it is still available, so we would like to use it. Since it is a configuration that Mozilla does not test, and using it results in a build error and in a few runtime errors, too. This commit fixes them. We have an upstream bug, too, but its (proposed) fix does not apply to ESR 102 because of ESMification. Should it not be accepted, we could replace this commit with the poposed fix. Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1816969 - - - - - 5 changed files: - browser/base/content/browser-sync.js - browser/components/BrowserGlue.jsm - browser/installer/package-manifest.in - browser/moz.configure - toolkit/modules/moz.build Changes: ===================================== browser/base/content/browser-sync.js ===================================== @@ -5,7 +5,11 @@ // This file is loaded into the browser window scope. /* eslint-env mozilla/browser-window */ -const { UIState } = ChromeUtils.import("resource://services-sync/UIState.jsm"); +ChromeUtils.defineModuleGetter( + this, + "UIState", + "resource://services-sync/UIState.jsm" +); ChromeUtils.defineModuleGetter( this, @@ -342,7 +346,9 @@ var gSync = { // once syncing completes (bug 1239042). _syncStartTime: 0, _syncAnimationTimer: 0, - _obs: ["weave:engine:sync:finish", "quit-application", UIState.ON_UPDATE], + _obs: AppConstants.MOZ_SERVICES_SYNC + ? ["weave:engine:sync:finish", "quit-application", UIState.ON_UPDATE] + : [], get log() { if (!this._log) { @@ -458,7 +464,7 @@ var gSync = { this._definePrefGetters(); - if (!this.FXA_ENABLED) { + if (!AppConstants.MOZ_SERVICES_SYNC || !this.FXA_ENABLED) { this.onFxaDisabled(); return; } @@ -1529,7 +1535,7 @@ var gSync = { // can lead to a empty label for 'Send To Device' Menu. this.init(); - if (!this.FXA_ENABLED) { + if (!AppConstants.MOZ_SERVICES_SYNC || !this.FXA_ENABLED) { // These items are hidden in onFxaDisabled(). No need to do anything. return; } @@ -1564,7 +1570,7 @@ var gSync = { // "Send Page to Device" and "Send Link to Device" menu items updateContentContextMenu(contextMenu) { - if (!this.FXA_ENABLED) { + if (!AppConstants.MOZ_SERVICES_SYNC || !this.FXA_ENABLED) { // These items are hidden by default. No need to do anything. return false; } ===================================== browser/components/BrowserGlue.jsm ===================================== @@ -791,10 +791,10 @@ if (AppConstants.TOR_BROWSER_UPDATE) { }; } -XPCOMUtils.defineLazyGetter( - this, - "WeaveService", - () => Cc["@mozilla.org/weave/service;1"].getService().wrappedJSObject +XPCOMUtils.defineLazyGetter(this, "WeaveService", () => + AppConstants.MOZ_SERVICES_SYNC + ? Cc["@mozilla.org/weave/service;1"].getService().wrappedJSObject + : null ); if (AppConstants.MOZ_CRASHREPORTER) { @@ -2795,7 +2795,7 @@ BrowserGlue.prototype = { // Schedule a sync (if enabled) after we've loaded { task: async () => { - if (WeaveService.enabled) { + if (WeaveService?.enabled) { await WeaveService.whenLoaded(); WeaveService.Weave.Service.scheduler.autoConnect(); } ===================================== browser/installer/package-manifest.in ===================================== @@ -181,7 +181,17 @@ @RESPATH@/browser/components/MacTouchBar.manifest @RESPATH@/browser/components/MacTouchBar.js #endif +; TODO: Remove this in ESR-115. +; If everything goes well, this patch will not be necessary in 115, because we +; have also an upstream bug. +; I suspect this is somehow incorrect, and that MOZ_SERVICES_SYNC is actually +; never defined for the makefile (it is not for Firefox 112, which builds +; correctly with MOZ_SERVICES_SYNC == False, even without this ifdef). +; But we are interested in disabling it, so using either this, or #if 0 would be +; fine for us. +#ifdef MOZ_SERVICES_SYNC @RESPATH@/components/SyncComponents.manifest +#endif @RESPATH@/components/servicesComponents.manifest @RESPATH@/components/servicesSettings.manifest @RESPATH@/components/cryptoComponents.manifest ===================================== browser/moz.configure ===================================== @@ -7,7 +7,8 @@ imply_option("MOZ_PLACES", True) # tor-browser#32493 imply_option("MOZ_SERVICES_HEALTHREPORT", False) -imply_option("MOZ_SERVICES_SYNC", True) +# tor-browser#41629 +imply_option("MOZ_SERVICES_SYNC", False) imply_option("MOZ_DEDICATED_PROFILES", False) imply_option("MOZ_BLOCK_PROFILE_DOWNGRADE", False) # tor-browser#33734 ===================================== toolkit/modules/moz.build ===================================== @@ -293,6 +293,7 @@ for var in ( for var in ( "MOZ_ALLOW_ADDON_SIDELOAD", "MOZ_BACKGROUNDTASKS", + "MOZ_SERVICES_SYNC", "MOZ_SYSTEM_NSS", "MOZ_SYSTEM_POLICIES", "MOZ_UNSIGNED_APP_SCOPE", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ee46b9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ee46b9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40796: Improve the UX for the changelogs script when using the issue number
by Richard Pospesel (＠richard) 23 Feb '23

23 Feb '23

Richard Pospesel pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: ad6a7516 by Pier Angelo Vendrame at 2023-02-22T18:57:43+01:00 Bug 40796: Improve the UX for the changelogs script when using the issue number - - - - - 1 changed file: - tools/fetch-changelogs.py Changes: ===================================== tools/fetch-changelogs.py ===================================== @@ -102,30 +102,44 @@ with token_file.open() as f: token = f.read().strip() headers = {"PRIVATE-TOKEN": token} -if sys.argv[1][0] != "#": - version = sys.argv[1] - r = requests.get( - f"{API_URL}/projects/{PROJECT_ID}/issues?labels=Release Prep", - headers=headers, - ) - issue = None - for i in r.json(): - if i["title"].find(sys.argv[1]) != -1: - if issue is None: - issue = i - else: - print("More than one matching issue found!") - print("Please use the issue id.") - sys.exit(3) - if not issue: - print( - "Release preparation issue not found. Please make sure it has ~Release Prep." +version = sys.argv[1] +r = requests.get( + f"{API_URL}/projects/{PROJECT_ID}/issues?labels=Release Prep", + headers=headers, +) +if r.status_code == 401: + print("Unauthorized! Has your token expired?") + sys.exit(3) +issue = None +for i in r.json(): + if i["title"].find(sys.argv[1]) != -1: + if issue is None: + issue = i + else: + print("More than one matching issue found!") + print("Please use the issue id.") + sys.exit(4) +if not issue: + iid = version + version = None + if iid[0] == "#": + iid = iid[1:] + try: + int(iid) + r = requests.get( + f"{API_URL}/projects/{PROJECT_ID}/issues?iids={iid}", + headers=headers, ) - sys.exit(4) - iid = issue["iid"] -else: - version = "????" - iid = sys.argv[1][1:] + if r.ok and r.json(): + issue = r.json()[0] + except ValueError: + pass +if not issue: + print( + "Release preparation issue not found. Please make sure it has ~Release Prep." + ) + sys.exit(5) +iid = issue["iid"] linked = {} linked_build = {} View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.8.0esr-12.5-1] squash! Bug 31575: Disable Firefox Home (Activity Stream)
by Richard Pospesel (＠richard) 22 Feb '23

22 Feb '23

Richard Pospesel pushed to branch base-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 1aaacc15 by Pier Angelo Vendrame at 2023-02-22T11:35:58+00:00 squash! Bug 31575: Disable Firefox Home (Activity Stream) Bug 40144: Redirect about:privatebrowsing to the user's home - - - - - 1 changed file: - browser/components/about/AboutRedirector.cpp Changes: ===================================== browser/components/about/AboutRedirector.cpp ===================================== @@ -77,7 +77,7 @@ static const RedirEntry kRedirMap[] = { #endif {"policies", "chrome://browser/content/policies/aboutPolicies.html", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, - {"privatebrowsing", "chrome://browser/content/aboutPrivateBrowsing.html", + {"privatebrowsing", "about:blank", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::URI_MUST_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS}, @@ -190,7 +190,8 @@ AboutRedirector::NewChannel(nsIURI* aURI, nsILoadInfo* aLoadInfo, // enabled about:newtab. Disabled about:newtab page uses fallback. if (path.EqualsLiteral("home") || (StaticPrefs::browser_newtabpage_enabled() && - path.EqualsLiteral("newtab"))) { + path.EqualsLiteral("newtab")) || + path.EqualsLiteral("privatebrowsing")) { nsCOMPtr<nsIAboutNewTabService> aboutNewTabService = do_GetService("@mozilla.org/browser/aboutnewtab-service;1", &rv); NS_ENSURE_SUCCESS(rv, rv); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1aaacc1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1aaacc1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.8.0esr-12.5-1] squash! Bug 31575: Disable Firefox Home (Activity Stream)
by Richard Pospesel (＠richard) 22 Feb '23

22 Feb '23

Richard Pospesel pushed to branch tor-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: ee46b985 by Pier Angelo Vendrame at 2023-02-22T11:28:42+00:00 squash! Bug 31575: Disable Firefox Home (Activity Stream) Bug 40144: Redirect about:privatebrowsing to the user's home - - - - - 1 changed file: - browser/components/about/AboutRedirector.cpp Changes: ===================================== browser/components/about/AboutRedirector.cpp ===================================== @@ -82,7 +82,7 @@ static const RedirEntry kRedirMap[] = { #endif {"policies", "chrome://browser/content/policies/aboutPolicies.html", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, - {"privatebrowsing", "chrome://browser/content/aboutPrivateBrowsing.html", + {"privatebrowsing", "about:blank", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::URI_MUST_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS}, @@ -263,7 +263,8 @@ AboutRedirector::NewChannel(nsIURI* aURI, nsILoadInfo* aLoadInfo, // enabled about:newtab. Disabled about:newtab page uses fallback. if (path.EqualsLiteral("home") || (StaticPrefs::browser_newtabpage_enabled() && - path.EqualsLiteral("newtab"))) { + path.EqualsLiteral("newtab")) || + path.EqualsLiteral("privatebrowsing")) { nsCOMPtr<nsIAboutNewTabService> aboutNewTabService = do_GetService("@mozilla.org/browser/aboutnewtab-service;1", &rv); NS_ENSURE_SUCCESS(rv, rv); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ee46b98… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ee46b98… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.8.0esr-12.5-1] fixup! Bug 41116: Normalize system fonts.
by Richard Pospesel (＠richard) 22 Feb '23

22 Feb '23

Richard Pospesel pushed to branch base-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: ca8d87a9 by Pier Angelo Vendrame at 2023-02-22T11:25:47+00:00 fixup! Bug 41116: Normalize system fonts. Bug 41646: Fixes for the font normalization - - - - - 1 changed file: - layout/base/nsLayoutUtils.cpp Changes: ===================================== layout/base/nsLayoutUtils.cpp ===================================== @@ -9565,10 +9565,44 @@ void nsLayoutUtils::ComputeSystemFont(nsFont* aSystemFont, gfxFontStyle fontStyle; nsAutoString systemFontName; if (aDocument->ShouldResistFingerprinting()) { -#ifdef XP_MACOSX +#if defined(XP_MACOSX) systemFontName = u"-apple-system"_ns; + // Values taken from a macOS 10.15 system. + switch (aFontID) { + case LookAndFeel::FontID::Caption: + case LookAndFeel::FontID::Menu: + fontStyle.size = 13; + break; + case LookAndFeel::FontID::SmallCaption: + fontStyle.weight = gfxFontStyle::FontWeight(700); + // fall-through + case LookAndFeel::FontID::MessageBox: + case LookAndFeel::FontID::StatusBar: + fontStyle.size = 11; + break; + default: + fontStyle.size = 12; + break; + } +#elif defined(XP_WIN) || defined(MOZ_WIDGET_ANDROID) + // Windows uses Segoe UI for Latin alphabets, but other fonts for some RTL + // languages, so we fallback to sans-serif to fall back to the user's + // default sans-serif. Size is 12px for all system fonts (tried in an en-US + // system). + // Several Android systems reported Roboto 12px, so similar to what Windows + // does. + systemFontName = u"sans-serif"_ns; + fontStyle.size = 12; #else + // On Linux, there is not a default. For example, GNOME on Debian uses + // Cantarell, 14.667px. Ubuntu Mate uses the Ubuntu font, but also 14.667px. + // Fedora with KDE uses Noto Sans, 13.3333px, but it uses Noto Sans on + // GNOME, too. + // In general, Linux uses some sans-serif, but its size can vary between + // 12px and 16px. We chose 15px because it is what Firefox is doing for the + // UI font-size. systemFontName = u"sans-serif"_ns; + fontStyle.size = 15; #endif } else if (!LookAndFeel::GetFont(aFontID, systemFontName, fontStyle)) { return; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ca8d87a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ca8d87a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.8.0esr-12.5-1] fixup! Bug 41116: Normalize system fonts.
by Richard Pospesel (＠richard) 22 Feb '23

22 Feb '23

Richard Pospesel pushed to branch tor-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: e4caa4f8 by Pier Angelo Vendrame at 2023-02-22T12:24:49+01:00 fixup! Bug 41116: Normalize system fonts. Bug 41646: Fixes for the font normalization - - - - - 1 changed file: - layout/base/nsLayoutUtils.cpp Changes: ===================================== layout/base/nsLayoutUtils.cpp ===================================== @@ -9565,10 +9565,44 @@ void nsLayoutUtils::ComputeSystemFont(nsFont* aSystemFont, gfxFontStyle fontStyle; nsAutoString systemFontName; if (aDocument->ShouldResistFingerprinting()) { -#ifdef XP_MACOSX +#if defined(XP_MACOSX) systemFontName = u"-apple-system"_ns; + // Values taken from a macOS 10.15 system. + switch (aFontID) { + case LookAndFeel::FontID::Caption: + case LookAndFeel::FontID::Menu: + fontStyle.size = 13; + break; + case LookAndFeel::FontID::SmallCaption: + fontStyle.weight = gfxFontStyle::FontWeight(700); + // fall-through + case LookAndFeel::FontID::MessageBox: + case LookAndFeel::FontID::StatusBar: + fontStyle.size = 11; + break; + default: + fontStyle.size = 12; + break; + } +#elif defined(XP_WIN) || defined(MOZ_WIDGET_ANDROID) + // Windows uses Segoe UI for Latin alphabets, but other fonts for some RTL + // languages, so we fallback to sans-serif to fall back to the user's + // default sans-serif. Size is 12px for all system fonts (tried in an en-US + // system). + // Several Android systems reported Roboto 12px, so similar to what Windows + // does. + systemFontName = u"sans-serif"_ns; + fontStyle.size = 12; #else + // On Linux, there is not a default. For example, GNOME on Debian uses + // Cantarell, 14.667px. Ubuntu Mate uses the Ubuntu font, but also 14.667px. + // Fedora with KDE uses Noto Sans, 13.3333px, but it uses Noto Sans on + // GNOME, too. + // In general, Linux uses some sans-serif, but its size can vary between + // 12px and 16px. We chose 15px because it is what Firefox is doing for the + // UI font-size. systemFontName = u"sans-serif"_ns; + fontStyle.size = 15; #endif } else if (!LookAndFeel::GetFont(aFontID, systemFontName, fontStyle)) { return; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e4caa4f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e4caa4f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.8.0esr-12.5-1] 2 commits: Bug 1817756 - Add a seed to the network ID. r=valentin, necko-reviewers
by Richard Pospesel (＠richard) 22 Feb '23

22 Feb '23

Richard Pospesel pushed to branch base-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 391c79ea by Pier Angelo Vendrame at 2023-02-22T11:17:01+00:00 Bug 1817756 - Add a seed to the network ID. r=valentin,necko-reviewers This helps to prevent linkability of users in the same network. Differential Revision: https://phabricator.services.mozilla.com/D170373 - - - - - 56a8b3f0 by Pier Angelo Vendrame at 2023-02-22T11:17:01+00:00 Bug 41599: Always return an empty string as network ID Firefox computes an internal network ID used to detect network changes and act consequently (e.g., to improve WebSocket UX). However, there are a few ways to get this internal network ID, so we patch them out, to be sure any new code will not be able to use them and possibly link users. We also sent a patch to Mozilla to seed the internal network ID, to prevent any accidental leak in the future. Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1817756 - - - - - 8 changed files: - + netwerk/system/LinkServiceCommon.cpp - + netwerk/system/LinkServiceCommon.h - netwerk/system/android/nsAndroidNetworkLinkService.cpp - netwerk/system/linux/nsNetworkLinkService.cpp - netwerk/system/mac/nsNetworkLinkService.mm - netwerk/system/moz.build - netwerk/system/netlink/NetlinkService.cpp - netwerk/system/win32/nsNotifyAddrListener.cpp Changes: ===================================== netwerk/system/LinkServiceCommon.cpp ===================================== @@ -0,0 +1,30 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "LinkServiceCommon.h" + +#include "mozilla/Maybe.h" +#include "mozilla/SHA1.h" +#include "mozilla/TimeStamp.h" +#include "nsID.h" + +using namespace mozilla; + +void SeedNetworkId(SHA1Sum& aSha1) { + static Maybe<nsID> seed = ([]() { + Maybe<nsID> uuid(std::in_place); + if (NS_FAILED(nsID::GenerateUUIDInPlace(*uuid))) { + uuid.reset(); + } + return uuid; + })(); + if (seed) { + aSha1.update(seed.ptr(), sizeof(*seed)); + } else { + TimeStamp timestamp = TimeStamp::ProcessCreation(); + aSha1.update(&timestamp, sizeof(timestamp)); + } +} ===================================== netwerk/system/LinkServiceCommon.h ===================================== @@ -0,0 +1,17 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef LINK_SERVICE_COMMON_H_ +#define LINK_SERVICE_COMMON_H_ + +namespace mozilla { +class SHA1Sum; +} + +// Add a seed to the computed network ID to prevent user linkability. +void SeedNetworkId(mozilla::SHA1Sum& aSha1); + +#endif // LINK_SERVICE_COMMON_H_ ===================================== netwerk/system/android/nsAndroidNetworkLinkService.cpp ===================================== @@ -123,11 +123,15 @@ nsAndroidNetworkLinkService::GetLinkType(uint32_t* aLinkType) { NS_IMETHODIMP nsAndroidNetworkLinkService::GetNetworkID(nsACString& aNetworkID) { +#ifdef BASE_BROWSER + aNetworkID.Truncate(); +#else if (!mNetlinkSvc) { return NS_ERROR_NOT_AVAILABLE; } mNetlinkSvc->GetNetworkID(aNetworkID); +#endif return NS_OK; } ===================================== netwerk/system/linux/nsNetworkLinkService.cpp ===================================== @@ -50,11 +50,15 @@ nsNetworkLinkService::GetLinkType(uint32_t* aLinkType) { NS_IMETHODIMP nsNetworkLinkService::GetNetworkID(nsACString& aNetworkID) { +#ifdef BASE_BROWSER + aNetworkID.Truncate(); +#else if (!mNetlinkSvc) { return NS_ERROR_NOT_AVAILABLE; } mNetlinkSvc->GetNetworkID(aNetworkID); +#endif return NS_OK; } ===================================== netwerk/system/mac/nsNetworkLinkService.mm ===================================== @@ -35,6 +35,7 @@ #include "mozilla/Telemetry.h" #include "nsNetworkLinkService.h" #include "../../base/IPv6Utils.h" +#include "../LinkServiceCommon.h" #include "../NetworkLinkServiceDefines.h" #import <Cocoa/Cocoa.h> @@ -122,8 +123,12 @@ nsNetworkLinkService::GetLinkType(uint32_t* aLinkType) { NS_IMETHODIMP nsNetworkLinkService::GetNetworkID(nsACString& aNetworkID) { +#ifdef BASE_BROWSER + aNetworkID.Truncate(); +#else MutexAutoLock lock(mMutex); aNetworkID = mNetworkId; +#endif return NS_OK; } @@ -600,11 +605,8 @@ void nsNetworkLinkService::calculateNetworkIdInternal(void) { bool found6 = IPv6NetworkId(&sha1); if (found4 || found6) { - // This 'addition' could potentially be a fixed number from the - // profile or something. - nsAutoCString addition("local-rubbish"); nsAutoCString output; - sha1.update(addition.get(), addition.Length()); + SeedNetworkId(sha1); uint8_t digest[SHA1Sum::kHashSize]; sha1.finish(digest); nsAutoCString newString(reinterpret_cast<char*>(digest), SHA1Sum::kHashSize); ===================================== netwerk/system/moz.build ===================================== @@ -15,3 +15,9 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] == "android": elif CONFIG["OS_ARCH"] == "Linux": DIRS += ["linux", "netlink"] + +SOURCES += [ + "LinkServiceCommon.cpp", +] + +FINAL_LIBRARY = "xul" ===================================== netwerk/system/netlink/NetlinkService.cpp ===================================== @@ -18,6 +18,7 @@ #include "nsPrintfCString.h" #include "mozilla/Logging.h" #include "../../base/IPv6Utils.h" +#include "../LinkServiceCommon.h" #include "../NetworkLinkServiceDefines.h" #include "mozilla/Base64.h" @@ -1812,11 +1813,8 @@ void NetlinkService::CalculateNetworkID() { bool found6 = CalculateIDForFamily(AF_INET6, &sha1); if (found4 || found6) { - // This 'addition' could potentially be a fixed number from the - // profile or something. - nsAutoCString addition("local-rubbish"); nsAutoCString output; - sha1.update(addition.get(), addition.Length()); + SeedNetworkId(sha1); uint8_t digest[SHA1Sum::kHashSize]; sha1.finish(digest); nsAutoCString newString(reinterpret_cast<char*>(digest), @@ -1877,8 +1875,12 @@ void NetlinkService::CalculateNetworkID() { } void NetlinkService::GetNetworkID(nsACString& aNetworkID) { +#ifdef BASE_BROWSER + aNetworkID.Truncate(); +#else MutexAutoLock lock(mMutex); aNetworkID = mNetworkId; +#endif } nsresult NetlinkService::GetDnsSuffixList(nsTArray<nsCString>& aDnsSuffixList) { ===================================== netwerk/system/win32/nsNotifyAddrListener.cpp ===================================== @@ -45,6 +45,7 @@ #include "mozilla/Base64.h" #include "mozilla/ScopeExit.h" #include "mozilla/Telemetry.h" +#include "../LinkServiceCommon.h" #include <iptypes.h> #include <iphlpapi.h> @@ -104,8 +105,12 @@ nsNotifyAddrListener::GetLinkType(uint32_t* aLinkType) { NS_IMETHODIMP nsNotifyAddrListener::GetNetworkID(nsACString& aNetworkID) { +#ifdef BASE_BROWSER + aNetworkID.Truncate(); +#else MutexAutoLock lock(mMutex); aNetworkID = mNetworkId; +#endif return NS_OK; } @@ -248,7 +253,7 @@ void nsNotifyAddrListener::calculateNetworkId(void) { nsAutoCString output; SHA1Sum::Hash digest; HashSortedNetworkIds(nwGUIDS, sha1); - + SeedNetworkId(sha1); sha1.finish(digest); nsCString newString(reinterpret_cast<char*>(digest), SHA1Sum::kHashSize); nsresult rv = Base64Encode(newString, output); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/bd243d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/bd243d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.8.0esr-12.5-1] 2 commits: Bug 1817756 - Add a seed to the network ID. r=valentin, necko-reviewers
by Richard Pospesel (＠richard) 22 Feb '23

22 Feb '23

Richard Pospesel pushed to branch tor-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 3dd7b20a by Pier Angelo Vendrame at 2023-02-22T09:55:31+01:00 Bug 1817756 - Add a seed to the network ID. r=valentin,necko-reviewers This helps to prevent linkability of users in the same network. Differential Revision: https://phabricator.services.mozilla.com/D170373 - - - - - e8982629 by Pier Angelo Vendrame at 2023-02-22T09:59:38+01:00 Bug 41599: Always return an empty string as network ID Firefox computes an internal network ID used to detect network changes and act consequently (e.g., to improve WebSocket UX). However, there are a few ways to get this internal network ID, so we patch them out, to be sure any new code will not be able to use them and possibly link users. We also sent a patch to Mozilla to seed the internal network ID, to prevent any accidental leak in the future. Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1817756 - - - - - 8 changed files: - + netwerk/system/LinkServiceCommon.cpp - + netwerk/system/LinkServiceCommon.h - netwerk/system/android/nsAndroidNetworkLinkService.cpp - netwerk/system/linux/nsNetworkLinkService.cpp - netwerk/system/mac/nsNetworkLinkService.mm - netwerk/system/moz.build - netwerk/system/netlink/NetlinkService.cpp - netwerk/system/win32/nsNotifyAddrListener.cpp Changes: ===================================== netwerk/system/LinkServiceCommon.cpp ===================================== @@ -0,0 +1,30 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "LinkServiceCommon.h" + +#include "mozilla/Maybe.h" +#include "mozilla/SHA1.h" +#include "mozilla/TimeStamp.h" +#include "nsID.h" + +using namespace mozilla; + +void SeedNetworkId(SHA1Sum& aSha1) { + static Maybe<nsID> seed = ([]() { + Maybe<nsID> uuid(std::in_place); + if (NS_FAILED(nsID::GenerateUUIDInPlace(*uuid))) { + uuid.reset(); + } + return uuid; + })(); + if (seed) { + aSha1.update(seed.ptr(), sizeof(*seed)); + } else { + TimeStamp timestamp = TimeStamp::ProcessCreation(); + aSha1.update(&timestamp, sizeof(timestamp)); + } +} ===================================== netwerk/system/LinkServiceCommon.h ===================================== @@ -0,0 +1,17 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef LINK_SERVICE_COMMON_H_ +#define LINK_SERVICE_COMMON_H_ + +namespace mozilla { +class SHA1Sum; +} + +// Add a seed to the computed network ID to prevent user linkability. +void SeedNetworkId(mozilla::SHA1Sum& aSha1); + +#endif // LINK_SERVICE_COMMON_H_ ===================================== netwerk/system/android/nsAndroidNetworkLinkService.cpp ===================================== @@ -123,11 +123,15 @@ nsAndroidNetworkLinkService::GetLinkType(uint32_t* aLinkType) { NS_IMETHODIMP nsAndroidNetworkLinkService::GetNetworkID(nsACString& aNetworkID) { +#ifdef BASE_BROWSER + aNetworkID.Truncate(); +#else if (!mNetlinkSvc) { return NS_ERROR_NOT_AVAILABLE; } mNetlinkSvc->GetNetworkID(aNetworkID); +#endif return NS_OK; } ===================================== netwerk/system/linux/nsNetworkLinkService.cpp ===================================== @@ -50,11 +50,15 @@ nsNetworkLinkService::GetLinkType(uint32_t* aLinkType) { NS_IMETHODIMP nsNetworkLinkService::GetNetworkID(nsACString& aNetworkID) { +#ifdef BASE_BROWSER + aNetworkID.Truncate(); +#else if (!mNetlinkSvc) { return NS_ERROR_NOT_AVAILABLE; } mNetlinkSvc->GetNetworkID(aNetworkID); +#endif return NS_OK; } ===================================== netwerk/system/mac/nsNetworkLinkService.mm ===================================== @@ -35,6 +35,7 @@ #include "mozilla/Telemetry.h" #include "nsNetworkLinkService.h" #include "../../base/IPv6Utils.h" +#include "../LinkServiceCommon.h" #include "../NetworkLinkServiceDefines.h" #import <Cocoa/Cocoa.h> @@ -122,8 +123,12 @@ nsNetworkLinkService::GetLinkType(uint32_t* aLinkType) { NS_IMETHODIMP nsNetworkLinkService::GetNetworkID(nsACString& aNetworkID) { +#ifdef BASE_BROWSER + aNetworkID.Truncate(); +#else MutexAutoLock lock(mMutex); aNetworkID = mNetworkId; +#endif return NS_OK; } @@ -600,11 +605,8 @@ void nsNetworkLinkService::calculateNetworkIdInternal(void) { bool found6 = IPv6NetworkId(&sha1); if (found4 || found6) { - // This 'addition' could potentially be a fixed number from the - // profile or something. - nsAutoCString addition("local-rubbish"); nsAutoCString output; - sha1.update(addition.get(), addition.Length()); + SeedNetworkId(sha1); uint8_t digest[SHA1Sum::kHashSize]; sha1.finish(digest); nsAutoCString newString(reinterpret_cast<char*>(digest), SHA1Sum::kHashSize); ===================================== netwerk/system/moz.build ===================================== @@ -15,3 +15,9 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] == "android": elif CONFIG["OS_ARCH"] == "Linux": DIRS += ["linux", "netlink"] + +SOURCES += [ + "LinkServiceCommon.cpp", +] + +FINAL_LIBRARY = "xul" ===================================== netwerk/system/netlink/NetlinkService.cpp ===================================== @@ -18,6 +18,7 @@ #include "nsPrintfCString.h" #include "mozilla/Logging.h" #include "../../base/IPv6Utils.h" +#include "../LinkServiceCommon.h" #include "../NetworkLinkServiceDefines.h" #include "mozilla/Base64.h" @@ -1812,11 +1813,8 @@ void NetlinkService::CalculateNetworkID() { bool found6 = CalculateIDForFamily(AF_INET6, &sha1); if (found4 || found6) { - // This 'addition' could potentially be a fixed number from the - // profile or something. - nsAutoCString addition("local-rubbish"); nsAutoCString output; - sha1.update(addition.get(), addition.Length()); + SeedNetworkId(sha1); uint8_t digest[SHA1Sum::kHashSize]; sha1.finish(digest); nsAutoCString newString(reinterpret_cast<char*>(digest), @@ -1877,8 +1875,12 @@ void NetlinkService::CalculateNetworkID() { } void NetlinkService::GetNetworkID(nsACString& aNetworkID) { +#ifdef BASE_BROWSER + aNetworkID.Truncate(); +#else MutexAutoLock lock(mMutex); aNetworkID = mNetworkId; +#endif } nsresult NetlinkService::GetDnsSuffixList(nsTArray<nsCString>& aDnsSuffixList) { ===================================== netwerk/system/win32/nsNotifyAddrListener.cpp ===================================== @@ -45,6 +45,7 @@ #include "mozilla/Base64.h" #include "mozilla/ScopeExit.h" #include "mozilla/Telemetry.h" +#include "../LinkServiceCommon.h" #include <iptypes.h> #include <iphlpapi.h> @@ -104,8 +105,12 @@ nsNotifyAddrListener::GetLinkType(uint32_t* aLinkType) { NS_IMETHODIMP nsNotifyAddrListener::GetNetworkID(nsACString& aNetworkID) { +#ifdef BASE_BROWSER + aNetworkID.Truncate(); +#else MutexAutoLock lock(mMutex); aNetworkID = mNetworkId; +#endif return NS_OK; } @@ -248,7 +253,7 @@ void nsNotifyAddrListener::calculateNetworkId(void) { nsAutoCString output; SHA1Sum::Hash digest; HashSortedNetworkIds(nwGUIDS, sha1); - + SeedNetworkId(sha1); sha1.finish(digest); nsCString newString(reinterpret_cast<char*>(digest), SHA1Sum::kHashSize); nsresult rv = Base64Encode(newString, output); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/d80384… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/d80384… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40794: Make the language list change the build id of firefox-l10n
by Pier Angelo Vendrame (＠pierov) 21 Feb '23

21 Feb '23

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 237ce1c4 by Pier Angelo Vendrame at 2023-02-21T17:16:26+01:00 Bug 40794: Make the language list change the build id of firefox-l10n - - - - - 1 changed file: - projects/firefox-l10n/config Changes: ===================================== projects/firefox-l10n/config ===================================== @@ -1,6 +1,6 @@ # vim: filetype=yaml sw=2 version: '[% pc("firefox", "abbrev") %]' -filename: '[% project %]-[% c("var/osname") %]-[% c("version") %]-1' +filename: '[% project %]-[% c("var/osname") %]-[% c("version") %]-[% c("var/build_id") %]' link_input_files: 1 steps: View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40788: Remove all languages but en-US for privacy-browser build target
by Pier Angelo Vendrame (＠pierov) 21 Feb '23

21 Feb '23

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 89147beb by Pier Angelo Vendrame at 2023-02-21T09:42:44+01:00 Bug 40788: Remove all languages but en-US for privacy-browser build target - - - - - 3 changed files: - projects/firefox/build - projects/firefox/config - rbm.conf Changes: ===================================== projects/firefox/build ===================================== @@ -106,7 +106,7 @@ export MACH_BUILD_PYTHON_NATIVE_PACKAGE_SOURCE=system # Create .mozbuild to avoid interactive prompt in configure mkdir "$HOME/.mozbuild" -[% IF !c("var/testbuild") -%] +[% IF c("var/has_l10n") -%] supported_locales="[% tmpl(c('var/locales').join(' ')) %]" l10ncentral="$HOME/.mozbuild/l10n-central" @@ -176,7 +176,7 @@ export LANG=C.UTF-8 [% IF !c("var/rlbox") -%]--without-wasm-sandboxed-libraries[% END %] ./mach build --verbose -[% IF !c("var/testbuild") %] +[% IF c("var/has_l10n") %] export MOZ_CHROME_MULTILOCALE="$supported_locales" # No quotes on purpose, see https://firefox-source-docs.mozilla.org/build/buildsystem/locales.html#inst… ./mach package-multi-locale --locales en-US $MOZ_CHROME_MULTILOCALE ===================================== projects/firefox/config ===================================== @@ -27,6 +27,7 @@ var: - autoconf2.13 - yasm - pkg-config + has_l10n: '[% !c("var/testbuild") && c("var/locales").size %]' rezip: | rezip_tmpdir=$(mktemp -d) @@ -159,7 +160,7 @@ input_files: name: cbindgen - project: firefox-l10n name: firefox-l10n - enable: '[% !c("var/testbuild") %]' + enable: '[% c("var/has_l10n") %]' - project: wasi-sysroot name: wasi-sysroot enable: '[% c("var/rlbox") %]' @@ -183,15 +184,15 @@ input_files: - project: translation name: translation-base-browser pkg_type: base-browser - enable: '[% !c("var/testbuild") %]' + enable: '[% c("var/has_l10n") %]' - project: translation name: translation-base-browser-fluent pkg_type: base-browser-fluent - enable: '[% !c("var/testbuild") %]' + enable: '[% c("var/has_l10n") %]' - project: translation name: translation-tor-browser pkg_type: tor-browser - enable: '[% c("var/tor-browser") && !c("var/testbuild") %]' + enable: '[% c("var/tor-browser") && c("var/has_l10n") %]' - filename: namecoin-torbutton.patch enable: '[% c("var/namecoin") %]' # TorButton patch authored by Arthur Edelstein, from https://github.com/arthuredelstein/torbutton/ branch 2.1.10-namecoin ===================================== rbm.conf ===================================== @@ -247,6 +247,7 @@ targets: ProjectName: PrivacyBrowser exe_name: privacybrowser updater_enabled: 0 + locales: [] torbrowser-testbuild: - testbuild View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-12.0] Bug 40789: Broken mirror links for glean: link 404 for version 5.0.1 hosted at...
by Richard Pospesel (＠richard) 20 Feb '23

20 Feb '23

Richard Pospesel pushed to branch maint-12.0 at The Tor Project / Applications / tor-browser-build Commits: afa4a781 by Richard Pospesel at 2023-02-20T16:18:37+00:00 Bug 40789: Broken mirror links for glean: link 404 for version 5.0.1 hosted at aguestuser's tor people storage (cherry picked from commit 9b485949a8b71291286632da47ac51cee5cb873f) - - - - - 1 changed file: - projects/glean/config Changes: ===================================== projects/glean/config ===================================== @@ -29,7 +29,7 @@ var: 4.0.0: https://people.torproject.org/~boklm/mirrors/sources/glean-wheels-4.0.0.tar… 4.2.0: https://people.torproject.org/~pierov/tbb_files/glean-wheels-4.2.0.tar.xz 4.4.0: https://people.torproject.org/~boklm/mirrors/sources/glean-wheels-4.4.0.tar… - 5.0.1: https://people.torproject.org/~aguestuser/mirrors/sources/glean-wheels-5.0.… + 5.0.1: https://people.torproject.org/~richard/mirrors/sources/glean-wheels-5.0.1.t… steps: create_glean_deps_tarball: View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40789: Broken mirror links for glean: link 404 for version 5.0.1 hosted at...
by Richard Pospesel (＠richard) 20 Feb '23

20 Feb '23

Richard Pospesel pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 9b485949 by Richard Pospesel at 2023-02-20T15:44:33+00:00 Bug 40789: Broken mirror links for glean: link 404 for version 5.0.1 hosted at aguestuser's tor people storage - - - - - 1 changed file: - projects/glean/config Changes: ===================================== projects/glean/config ===================================== @@ -29,7 +29,7 @@ var: 4.0.0: https://people.torproject.org/~boklm/mirrors/sources/glean-wheels-4.0.0.tar… 4.2.0: https://people.torproject.org/~pierov/tbb_files/glean-wheels-4.2.0.tar.xz 4.4.0: https://people.torproject.org/~boklm/mirrors/sources/glean-wheels-4.4.0.tar… - 5.0.1: https://people.torproject.org/~aguestuser/mirrors/sources/glean-wheels-5.0.… + 5.0.1: https://people.torproject.org/~richard/mirrors/sources/glean-wheels-5.0.1.t… steps: create_glean_deps_tarball: View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40792: signing scripts missing project name prefix to make rule
by Richard Pospesel (＠richard) 20 Feb '23

20 Feb '23

Richard Pospesel pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 757d8f9d by Richard Pospesel at 2023-02-20T15:42:43+00:00 Bug 40792: signing scripts missing project name prefix to make rule - - - - - 2 changed files: - tools/signing/dmg2mar - tools/signing/upload-update_responses-to-staticiforme Changes: ===================================== tools/signing/dmg2mar ===================================== @@ -27,4 +27,4 @@ test "$nb_locales" -eq "$nb_bundles" || \ mv -vf "$macos_signed_dir"/"$ProjName"-*.dmg "$signed_version_dir"/ -make dmg2mar-$tbb_version_type +make $SIGNING_PROJECTNAME-dmg2mar-$tbb_version_type ===================================== tools/signing/upload-update_responses-to-staticiforme ===================================== @@ -10,11 +10,11 @@ update_responses_tar_filename="update-responses-$tbb_version_type-$tbb_version.t update_responses_tar="$script_dir/../../$SIGNING_PROJECTNAME/$tbb_version_type/update-responses/$update_responses_tar_filename" if test -f "$update_responses_tar" then - echo "$update_responses_tar_filename already exists: not running 'make update_responses-$tbb_version_type'" + echo "$update_responses_tar_filename already exists: not running 'make $SIGNING_PROJECTNAME-update_responses-$tbb_version_type'" else - echo "Running 'make update_responses-$tbb_version_type'" + echo "Running 'make $SIGNING_PROJECTNAME-update_responses-$tbb_version_type'" pushd "$script_dir/../.." > /dev/null - make update_responses-$tbb_version_type + make $SIGNING_PROJECTNAME-update_responses-$tbb_version_type popd > /dev/null fi View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… You're receiving this email because of your account on gitlab.torproject.org.

1 0