- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser][base-browser-115.6.0esr-13.5-1] 3 commits: fixup! Base Browser's .mozconfigs.
by Pier Angelo Vendrame (＠pierov) 15 Jan '24

15 Jan '24

Pier Angelo Vendrame pushed to branch base-browser-115.6.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 87e50941 by Pier Angelo Vendrame at 2024-01-15T18:30:54+01:00 fixup! Base Browser's .mozconfigs. Bug 42337: Enable GeckoDriver for all desktop platforms - - - - - 2aaaaab1 by Pier Angelo Vendrame at 2024-01-15T18:30:58+01:00 fixup! Base Browser's .mozconfigs. Bug 42146: Use LLD on Linux. This should allow us to restore debug symbols on Linux i686. - - - - - b6fdd885 by Tom Ritter at 2024-01-15T18:39:37+01:00 Bug 1873526: Refactor the restriction override list from a big if statement to a list r=KrisWright Differential Revision: https://phabricator.services.mozilla.com/D198081 - - - - - 5 changed files: - browser/config/mozconfigs/base-browser - modules/libpref/Preferences.cpp - mozconfig-linux-i686 - mozconfig-linux-x86_64 - mozconfig-linux-x86_64-dev Changes: ===================================== browser/config/mozconfigs/base-browser ===================================== @@ -50,4 +50,7 @@ if test -z "$WASI_SYSROOT"; then ac_add_options --without-wasm-sandboxed-libraries fi +# tor-browser#42337 +ac_add_options --enable-geckodriver + ac_add_options --with-relative-data-dir=BaseBrowser/Data/Browser ===================================== modules/libpref/Preferences.cpp ===================================== @@ -6024,7 +6024,8 @@ struct PrefListEntry { // StaticPrefList.yml), a string pref, and it is NOT exempted in // sDynamicPrefOverrideList // -// This behavior is codified in ShouldSanitizePreference() below +// This behavior is codified in ShouldSanitizePreference() below. +// Exclusions of preferences can be defined in sOverrideRestrictionsList[]. static const PrefListEntry sRestrictFromWebContentProcesses[] = { // Remove prefs with user data PREF_LIST_ENTRY("datareporting.policy."), @@ -6073,6 +6074,15 @@ static const PrefListEntry sRestrictFromWebContentProcesses[] = { PREF_LIST_ENTRY("toolkit.telemetry.previousBuildID"), }; +// Allowlist for prefs and branches blocklisted in +// sRestrictFromWebContentProcesses[], including prefs from +// StaticPrefList.yaml and *.js, to let them pass. +static const PrefListEntry sOverrideRestrictionsList[]{ + PREF_LIST_ENTRY("services.settings.clock_skew_seconds"), + PREF_LIST_ENTRY("services.settings.last_update_seconds"), + PREF_LIST_ENTRY("services.settings.server"), +}; + // These prefs are dynamically-named (i.e. not specified in prefs.js or // StaticPrefList) and would normally by blocklisted but we allow them through // anyway, so this override list acts as an allowlist @@ -6168,10 +6178,12 @@ static bool ShouldSanitizePreference(const Pref* const aPref) { // pref through. for (const auto& entry : sRestrictFromWebContentProcesses) { if (strncmp(entry.mPrefBranch, prefName, entry.mLen) == 0) { - const auto* p = prefName; // This avoids clang-format doing ugly things. - return !(strncmp("services.settings.clock_skew_seconds", p, 36) == 0 || - strncmp("services.settings.last_update_seconds", p, 37) == 0 || - strncmp("services.settings.server", p, 24) == 0); + for (const auto& pasEnt : sOverrideRestrictionsList) { + if (strncmp(pasEnt.mPrefBranch, prefName, pasEnt.mLen) == 0) { + return false; + } + } + return true; } } ===================================== mozconfig-linux-i686 ===================================== @@ -2,8 +2,11 @@ ac_add_options --target=i686-linux-gnu -ac_add_options --enable-default-toolkit=cairo-gtk3 +# Moz switched to lld for all Linux targets in Bug 1839739. +# Also, gold used not to work with debug symbols (tor-browser#42146). +ac_add_options --enable-linker=lld + +ac_add_options --disable-strip +ac_add_options --disable-install-strip -# Bug 31448: ld.gold fails if we don't disable debug-symbols. -# Also, we keep strip enabled. -ac_add_options --disable-debug-symbols +ac_add_options --enable-default-toolkit=cairo-gtk3 ===================================== mozconfig-linux-x86_64 ===================================== @@ -1,9 +1,9 @@ . $topsrcdir/browser/config/mozconfigs/base-browser -ac_add_options --enable-default-toolkit=cairo-gtk3 +# Moz switched to lld for all Linux targets in Bug 1839739. +ac_add_options --enable-linker=lld ac_add_options --disable-strip ac_add_options --disable-install-strip -# We want to bundle an own geckodriver, so we can use it for QA and other work -ac_add_options --enable-geckodriver +ac_add_options --enable-default-toolkit=cairo-gtk3 ===================================== mozconfig-linux-x86_64-dev ===================================== @@ -4,6 +4,9 @@ # It is only intended to be used when doing incremental Linux builds # during development. +# Moz switched to lld for all Linux targets in Bug 1839739. +ac_add_options --enable-linker=lld + export MOZILLA_OFFICIAL= ac_add_options --enable-default-toolkit=cairo-gtk3 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ae39cc… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ae39cc… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.5-1] 3 commits: dropme! Bug 40458: Implement .tor.onion aliases
by Pier Angelo Vendrame (＠pierov) 15 Jan '24

15 Jan '24

Pier Angelo Vendrame pushed to branch tor-browser-115.6.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 05d20cc1 by Pier Angelo Vendrame at 2024-01-15T09:46:08+01:00 dropme! Bug 40458: Implement .tor.onion aliases Bug 42354: Upstreamed the ShouldSanitizePreference refactor Drop this commit on the rebase. - - - - - d548b69e by Tom Ritter at 2024-01-15T09:54:34+01:00 Bug 1873526: Refactor the restriction override list from a big if statement to a list r=KrisWright Differential Revision: https://phabricator.services.mozilla.com/D198081 - - - - - 5cbefa67 by guest475646844 at 2024-01-15T09:57:16+01:00 fixup! Bug 40458: Implement .tor.onion aliases - - - - - 1 changed file: - modules/libpref/Preferences.cpp Changes: ===================================== modules/libpref/Preferences.cpp ===================================== @@ -6024,7 +6024,8 @@ struct PrefListEntry { // StaticPrefList.yml), a string pref, and it is NOT exempted in // sDynamicPrefOverrideList // -// This behavior is codified in ShouldSanitizePreference() below +// This behavior is codified in ShouldSanitizePreference() below. +// Exclusions of preferences can be defined in sOverrideRestrictionsList[]. static const PrefListEntry sRestrictFromWebContentProcesses[] = { // Remove prefs with user data PREF_LIST_ENTRY("datareporting.policy."), @@ -6073,6 +6074,18 @@ static const PrefListEntry sRestrictFromWebContentProcesses[] = { PREF_LIST_ENTRY("toolkit.telemetry.previousBuildID"), }; +// Allowlist for prefs and branches blocklisted in +// sRestrictFromWebContentProcesses[], including prefs from +// StaticPrefList.yaml and *.js, to let them pass. +static const PrefListEntry sOverrideRestrictionsList[]{ + PREF_LIST_ENTRY("services.settings.clock_skew_seconds"), + PREF_LIST_ENTRY("services.settings.last_update_seconds"), + PREF_LIST_ENTRY("services.settings.server"), + // tor-browser#41165, tor-browser!765: leave this static pref in + // gSharedMap to prevent a crash in gpu process in debug builds. + PREF_LIST_ENTRY("browser.urlbar.onionRewrites.enabled"), +}; + // These prefs are dynamically-named (i.e. not specified in prefs.js or // StaticPrefList) and would normally by blocklisted but we allow them through // anyway, so this override list acts as an allowlist @@ -6168,13 +6181,12 @@ static bool ShouldSanitizePreference(const Pref* const aPref) { // pref through. for (const auto& entry : sRestrictFromWebContentProcesses) { if (strncmp(entry.mPrefBranch, prefName, entry.mLen) == 0) { - const auto* p = prefName; // This avoids clang-format doing ugly things. - return !(strncmp("services.settings.clock_skew_seconds", p, 36) == 0 || - strncmp("services.settings.last_update_seconds", p, 37) == 0 || - strncmp("services.settings.server", p, 24) == 0 || - // Prevent a crash in debug builds. Please refer to - // StaticPrefList.yaml, tor-browser#41165 and tor-browser!765 for details. - strncmp("browser.urlbar.onionRewrites.enabled", p, 36) == 0); + for (const auto& pasEnt : sOverrideRestrictionsList) { + if (strncmp(pasEnt.mPrefBranch, prefName, pasEnt.mLen) == 0) { + return false; + } + } + return true; } } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/0c55a3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/0c55a3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher][main] Add script to tag new release (#13)
by boklm (＠boklm) 15 Jan '24

15 Jan '24

boklm pushed to branch main at The Tor Project / Applications / torbrowser-launcher Commits: 899ea231 by Nicolas Vigier at 2024-01-12T11:13:05+01:00 Add script to tag new release (#13) - - - - - 1 changed file: - + git-tag_release.sh Changes: ===================================== git-tag_release.sh ===================================== @@ -0,0 +1,6 @@ +#!/bin/sh +# Make a signed git tag for the current commit, for a new release +set -e +VERSION=$(cat share/torbrowser-launcher/version) +git tag -s --message="torbrowser-launcher version $VERSION" v$VERSION +echo "Created git tag v$VERSION" View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher] Pushed new tag v0.3.7
by boklm (＠boklm) 12 Jan '24

12 Jan '24

boklm pushed new tag v0.3.7 at The Tor Project / Applications / torbrowser-launcher -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/tree/v… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher][main] Version bump to 0.3.7 and update changelog
by boklm (＠boklm) 12 Jan '24

12 Jan '24

boklm pushed to branch main at The Tor Project / Applications / torbrowser-launcher Commits: e4bb9790 by Nicolas Vigier at 2024-01-11T20:00:16+01:00 Version bump to 0.3.7 and update changelog - - - - - 3 changed files: - CHANGELOG.md - share/metainfo/org.torproject.torbrowser-launcher.metainfo.xml - share/torbrowser-launcher/version Changes: ===================================== CHANGELOG.md ===================================== @@ -1,5 +1,19 @@ # Tor Browser Launcher Changelog +## 0.3.7 + +* Use Tor Browser 13.0 new filenames +* Adapt AppArmor profile for Tor Browser 13.0 +* Set the TORBROWSER_LAUNCHER environment variable to make it easier + for Tor Browser to see that it is being run by torbrowser-launcher +* Use a proper rDNS ID in AppStream metainfo +* Update to latest version of the Tor Browser OpenPGP signing key +* Remove some unused code to fix a warning +* Add dbus-glib to the rpm package dependencies +* Maintenance of torbrowser-launcher has been handed to Tor Project, + and the git repository moved to + https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/ + ## 0.3.6 * Tor Browser 12.0 no longer uses locales, so the download URL and local path have changed ===================================== share/metainfo/org.torproject.torbrowser-launcher.metainfo.xml ===================================== @@ -31,6 +31,7 @@ <update_contact>boklm(a)torproject.org</update_contact> <content_rating type="oars-1.1"/> <releases> + <release version="0.3.7" date="2024-01-12"/> <release version="0.3.6" date="2022-12-13"/> </releases> </component> ===================================== share/torbrowser-launcher/version ===================================== @@ -1 +1 @@ -0.3.6 +0.3.7 View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher][main] Remove gnupg_import_ok_pattern from torbrowser_launcher/common.py (#12)
by boklm (＠boklm) 11 Jan '24

11 Jan '24

boklm pushed to branch main at The Tor Project / Applications / torbrowser-launcher Commits: 10a13e3f by Nicolas Vigier at 2024-01-11T13:33:31+01:00 Remove gnupg_import_ok_pattern from torbrowser_launcher/common.py (#12) According to https://github.com/torproject/torbrowser-launcher/pull/716 the definition of `gnupg_import_ok_pattern` in `torbrowser_launcher/common.py` is causing some warnings. But it looks like it is not being used since 83fa1d38c44f16a76dd98407e321b9cc9b5b5743, so we can remove it. Thanks to meator for reporting the issue. - - - - - 1 changed file: - torbrowser_launcher/common.py Changes: ===================================== torbrowser_launcher/common.py ===================================== @@ -41,15 +41,6 @@ SHARE = os.getenv("TBL_SHARE", sys.prefix + "/share") + "/torbrowser-launcher" gettext.install("torbrowser-launcher") -# We're looking for output which: -# -# 1. The first portion must be `[GNUPG:] IMPORT_OK` -# 2. The second must be an integer between [0, 15], inclusive -# 3. The third must be an uppercased hex-encoded 160-bit fingerprint -gnupg_import_ok_pattern = re.compile( - b"(\[GNUPG\:\]) (IMPORT_OK) ([0-9]|[1]?[0-5]) ([A-F0-9]{40})" -) - class Common(object): def __init__(self, tbl_version): View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/firefox-android][firefox-android-115.2.1-13.0-1] 10 commits: fixup! Bug 1823316 - Use 'Snackbar' themed Dialog to notify on making app full-screen
by ma1 (＠ma1) 11 Jan '24

11 Jan '24

ma1 pushed to branch firefox-android-115.2.1-13.0-1 at The Tor Project / Applications / firefox-android Commits: 753c937e by hackademix at 2024-01-11T16:53:03+01:00 fixup! Bug 1823316 - Use 'Snackbar' themed Dialog to notify on making app full-screen Fix tor-browser#42355 backporting regression. - - - - - 0cd27910 by t-p-white at 2024-01-11T16:53:04+01:00 Bug 1864549 - Fix for IllegalStateException in full screen notification dialog - - - - - a7cafd1b by Alexandru2909 at 2024-01-11T16:53:04+01:00 Bug 1810776 - Move DismissedTabBackground into its own file - - - - - e40a62ad by DreVla at 2024-01-11T16:53:05+01:00 Bug 1828493 - Apply purple overlay on list item when in multi-select When having the list layout for tabs tray and entering multi-select mode, the selected list items should have a purple non opaque overlay on the thumbnail, as it was before in the XML implementation. - - - - - b4e5ab52 by Alexandru2909 at 2024-01-11T16:53:05+01:00 Bug 1810776 - Add SwipeToDismiss to composed tabs tray - - - - - 20a18e5b by Noah Bond at 2024-01-11T16:53:05+01:00 Bug 1815579 - Improve performance of image loading in tab items - - - - - a07ec0d9 by Noah Bond at 2024-01-11T16:53:06+01:00 Bug 1840896 - Remove `rememberSaveable` since bitmaps are not serializable - - - - - a860d4a3 by Noah Bond at 2024-01-11T16:53:06+01:00 Bug 1844967 - Improve performance of tab thumbnail loading in Compose - - - - - 0481dabe by Matthew Tighe at 2024-01-11T16:53:07+01:00 Bug 1721904 - update thumbnail caching on app open - - - - - 3400c111 by hackademix at 2024-01-11T16:53:07+01:00 Bug 42191: Temporary StrictMode relaxation to clear the thumbnail cache. - - - - - 30 changed files: - android-components/components/browser/state/src/main/java/mozilla/components/browser/state/action/BrowserAction.kt - android-components/components/browser/state/src/main/java/mozilla/components/browser/state/reducer/ContentStateReducer.kt - android-components/components/browser/tabstray/src/main/java/mozilla/components/browser/tabstray/TabViewHolder.kt - android-components/components/browser/tabstray/src/test/java/mozilla/components/browser/tabstray/DefaultTabViewHolderTest.kt - android-components/components/browser/thumbnails/src/main/java/mozilla/components/browser/thumbnails/ThumbnailsMiddleware.kt - android-components/components/browser/thumbnails/src/main/java/mozilla/components/browser/thumbnails/storage/ThumbnailStorage.kt - android-components/components/browser/thumbnails/src/main/java/mozilla/components/browser/thumbnails/utils/ThumbnailDiskCache.kt - android-components/components/browser/thumbnails/src/test/java/mozilla/components/browser/thumbnails/ThumbnailsMiddlewareTest.kt - android-components/components/browser/thumbnails/src/test/java/mozilla/components/browser/thumbnails/loader/ThumbnailLoaderTest.kt - android-components/components/browser/thumbnails/src/test/java/mozilla/components/browser/thumbnails/storage/ThumbnailStorageTest.kt - android-components/components/browser/thumbnails/src/test/java/mozilla/components/browser/thumbnails/utils/ThumbnailDiskCacheTest.kt - android-components/components/concept/base/src/main/java/mozilla/components/concept/base/images/ImageRequest.kt - android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/dialog/FullScreenNotificationDialog.kt - fenix/app/src/main/java/org/mozilla/fenix/browser/BaseBrowserFragment.kt - fenix/app/src/main/java/org/mozilla/fenix/browser/TabPreview.kt - fenix/app/src/main/java/org/mozilla/fenix/browser/ToolbarGestureHandler.kt - + fenix/app/src/main/java/org/mozilla/fenix/compose/SwipeToDismiss.kt - + fenix/app/src/main/java/org/mozilla/fenix/compose/TabThumbnail.kt - fenix/app/src/main/java/org/mozilla/fenix/compose/ThumbnailCard.kt - + fenix/app/src/main/java/org/mozilla/fenix/compose/ThumbnailImage.kt - fenix/app/src/main/java/org/mozilla/fenix/compose/list/ListItem.kt - + fenix/app/src/main/java/org/mozilla/fenix/compose/tabstray/DismissedTabBackground.kt - fenix/app/src/main/java/org/mozilla/fenix/compose/tabstray/TabGridItem.kt - fenix/app/src/main/java/org/mozilla/fenix/compose/tabstray/TabListItem.kt - fenix/app/src/main/java/org/mozilla/fenix/home/collections/CollectionItem.kt - fenix/app/src/main/java/org/mozilla/fenix/home/recentsyncedtabs/view/RecentSyncedTab.kt - fenix/app/src/main/java/org/mozilla/fenix/home/recentsyncedtabs/view/RecentSyncedTabViewHolder.kt - fenix/app/src/main/java/org/mozilla/fenix/home/recenttabs/view/RecentTabViewHolder.kt - fenix/app/src/main/java/org/mozilla/fenix/home/recenttabs/view/RecentTabs.kt - fenix/app/src/main/java/org/mozilla/fenix/tabstray/TabsTray.kt The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/da… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/da… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.5-1] fixup! Bug 40597: Implement TorSettings module
by Pier Angelo Vendrame (＠pierov) 11 Jan '24

11 Jan '24

Pier Angelo Vendrame pushed to branch tor-browser-115.6.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 0c55a36a by Pier Angelo Vendrame at 2024-01-09T18:39:07+01:00 fixup! Bug 40597: Implement TorSettings module Bug 42348: Do not use TorSettings.defaultSettings as a starting point for the settings object we receive from Moat. Also, removed the TODO about proxy and firewall, since Moat is not going to send them for now, but throw when we do not receive bridge settings. - - - - - 1 changed file: - toolkit/modules/Moat.sys.mjs Changes: ===================================== toolkit/modules/Moat.sys.mjs ===================================== @@ -2,10 +2,7 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -import { - TorSettings, - TorBridgeSource, -} from "resource://gre/modules/TorSettings.sys.mjs"; +import { TorBridgeSource } from "resource://gre/modules/TorSettings.sys.mjs"; const lazy = {}; @@ -204,68 +201,52 @@ export class MoatRPC { // Convert received settings object to format used by TorSettings module // In the event of error, just return null #fixupSettings(settings) { - try { - let retval = TorSettings.defaultSettings(); - if ("bridges" in settings) { - retval.bridges.enabled = true; - switch (settings.bridges.source) { - case "builtin": - retval.bridges.source = TorBridgeSource.BuiltIn; - retval.bridges.builtin_type = settings.bridges.type; - // Tor Browser will periodically update the built-in bridge strings list using the - // circumvention_builtin() function, so we can ignore the bridge strings we have received here; - // BridgeDB only returns a subset of the available built-in bridges through the circumvention_settings() - // function which is fine for our 3rd parties, but we're better off ignoring them in Tor Browser, otherwise - // we get in a weird situation of needing to update our built-in bridges in a piece-meal fashion which - // seems over-complicated/error-prone - break; - case "bridgedb": - retval.bridges.source = TorBridgeSource.BridgeDB; - if (settings.bridges.bridge_strings) { - retval.bridges.bridge_strings = settings.bridges.bridge_strings; - retval.bridges.disabled_strings = []; - } else { - throw new Error( - "MoatRPC::_fixupSettings(): Received no bridge-strings for BridgeDB bridge source" - ); - } - break; - default: - throw new Error( - `MoatRPC::_fixupSettings(): Unexpected bridge source '${settings.bridges.source}'` - ); + if (!("bridges" in settings)) { + throw new Error("Expected to find `bridges` in the settings object."); + } + const retval = { + bridges: { + enabled: true, + }, + }; + switch (settings.bridges.source) { + case "builtin": + retval.bridges.source = TorBridgeSource.BuiltIn; + retval.bridges.builtin_type = settings.bridges.type; + // TorSettings will ignore strings for built-in bridges, and use the + // ones it already knows, instead. + break; + case "bridgedb": + retval.bridges.source = TorBridgeSource.BridgeDB; + if (settings.bridges.bridge_strings) { + retval.bridges.bridge_strings = settings.bridges.bridge_strings; + } else { + throw new Error( + "Received no bridge-strings for BridgeDB bridge source" + ); } - } - if ("proxy" in settings) { - // TODO: populate proxy settings - } - if ("firewall" in settings) { - // TODO: populate firewall settings - } - return retval; - } catch (ex) { - console.log(ex.message); - return null; + break; + default: + throw new Error( + `Unexpected bridge source '${settings.bridges.source}'` + ); } + return retval; } // Converts a list of settings objects received from BridgeDB to a list of settings objects // understood by the TorSettings module // In the event of error, returns and empty list #fixupSettingsList(settingsList) { - try { - let retval = []; - for (let settings of settingsList) { - settings = this.#fixupSettings(settings); - if (settings != null) { - retval.push(settings); - } + const retval = []; + for (const settings of settingsList) { + try { + retval.push(this.#fixupSettings(settings)); + } catch (ex) { + console.log(ex); } - return retval; - } catch (ex) { - console.log(ex.message); - return []; } + return retval; } // Request tor settings for the user optionally based on their location (derived View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0c55a36… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0c55a36… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.5-1] fixup! Bug 40597: Implement TorSettings module
by Pier Angelo Vendrame (＠pierov) 11 Jan '24

11 Jan '24

Pier Angelo Vendrame pushed to branch tor-browser-115.6.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: da0f3108 by Pier Angelo Vendrame at 2024-01-09T18:38:42+01:00 fixup! Bug 40597: Implement TorSettings module Bug 42358: Extract the domain fronting request functionality form MoatRPC. - - - - - 3 changed files: - + toolkit/modules/DomainFrontedRequests.sys.mjs - toolkit/modules/Moat.sys.mjs - toolkit/modules/moz.build Changes: ===================================== toolkit/modules/DomainFrontedRequests.sys.mjs ===================================== @@ -0,0 +1,525 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const lazy = {}; + +ChromeUtils.defineESModuleGetters(lazy, { + EventDispatcher: "resource://gre/modules/Messaging.sys.mjs", + Subprocess: "resource://gre/modules/Subprocess.sys.mjs", + TorLauncherUtil: "resource://gre/modules/TorLauncherUtil.sys.mjs", + TorProviderBuilder: "resource://gre/modules/TorProviderBuilder.sys.mjs", + TorSettings: "resource://gre/modules/TorSettings.sys.mjs", +}); + +/** + * The meek pluggable transport takes the reflector URL and front domain as + * proxy credentials, which can be prepared with this function. + * + * @param {string} proxyType The proxy type (socks for socks5 or socks4) + * @param {string} reflector The URL of the service hosted by the CDN + * @param {string} front The domain to use as a front + * @returns {string[]} An array containing [username, password] + */ +function makeMeekCredentials(proxyType, reflector, front) { + // Construct the per-connection arguments. + let meekClientEscapedArgs = ""; + + // Escape aValue per section 3.5 of the PT specification: + // First the "<Key>=<Value>" formatted arguments MUST be escaped, + // such that all backslash, equal sign, and semicolon characters + // are escaped with a backslash. + const escapeArgValue = aValue => + aValue + ? aValue + .replaceAll("\\", "\\\\") + .replaceAll("=", "\\=") + .replaceAll(";", "\\;") + : ""; + + if (reflector) { + meekClientEscapedArgs += "url="; + meekClientEscapedArgs += escapeArgValue(reflector); + } + + if (front) { + if (meekClientEscapedArgs.length) { + meekClientEscapedArgs += ";"; + } + meekClientEscapedArgs += "front="; + meekClientEscapedArgs += escapeArgValue(front); + } + + // socks5 + if (proxyType === "socks") { + if (meekClientEscapedArgs.length <= 255) { + return [meekClientEscapedArgs, "\x00"]; + } + return [ + meekClientEscapedArgs.substring(0, 255), + meekClientEscapedArgs.substring(255), + ]; + } else if (proxyType === "socks4") { + return [meekClientEscapedArgs, undefined]; + } + throw new Error(`Unsupported proxy type ${proxyType}.`); +} + +/** + * Subprocess-based implementation to launch and control a PT process. + */ +class MeekTransport { + // These members are used by consumers to setup the proxy to do requests over + // meek. They are passed to newProxyInfoWithAuth. + proxyType = null; + proxyAddress = null; + proxyPort = 0; + proxyUsername = null; + proxyPassword = null; + + #inited = false; + #meekClientProcess = null; + + // launches the meekprocess + async init(reflector, front) { + // ensure we haven't already init'd + if (this.#inited) { + throw new Error("MeekTransport: Already initialized"); + } + + try { + // figure out which pluggable transport to use + const supportedTransports = ["meek", "meek_lite"]; + const provider = await lazy.TorProviderBuilder.build(); + const proxy = (await provider.getPluggableTransports()).find( + pt => + pt.type === "exec" && + supportedTransports.some(t => pt.transports.includes(t)) + ); + if (!proxy) { + throw new Error("No supported transport found."); + } + + const meekTransport = proxy.transports.find(t => + supportedTransports.includes(t) + ); + // Convert meek client path to absolute path if necessary + const meekWorkDir = lazy.TorLauncherUtil.getTorFile( + "pt-startup-dir", + false + ); + if (lazy.TorLauncherUtil.isPathRelative(proxy.pathToBinary)) { + const meekPath = meekWorkDir.clone(); + meekPath.appendRelativePath(proxy.pathToBinary); + proxy.pathToBinary = meekPath.path; + } + + // Setup env and start meek process + const ptStateDir = lazy.TorLauncherUtil.getTorFile("tordatadir", false); + ptStateDir.append("pt_state"); // Match what tor uses. + + const envAdditions = { + TOR_PT_MANAGED_TRANSPORT_VER: "1", + TOR_PT_STATE_LOCATION: ptStateDir.path, + TOR_PT_EXIT_ON_STDIN_CLOSE: "1", + TOR_PT_CLIENT_TRANSPORTS: meekTransport, + }; + if (lazy.TorSettings.proxy.enabled) { + envAdditions.TOR_PT_PROXY = lazy.TorSettings.proxy.uri; + } + + const opts = { + command: proxy.pathToBinary, + arguments: proxy.options.split(/s+/), + workdir: meekWorkDir.path, + environmentAppend: true, + environment: envAdditions, + stderr: "pipe", + }; + + // Launch meek client + this.#meekClientProcess = await lazy.Subprocess.call(opts); + + // Callback chain for reading stderr + const stderrLogger = async () => { + while (this.#meekClientProcess) { + const errString = await this.#meekClientProcess.stderr.readString(); + if (errString) { + console.log(`MeekTransport: stderr => ${errString}`); + } + } + }; + stderrLogger(); + + // Read pt's stdout until terminal (CMETHODS DONE) is reached + // returns array of lines for parsing + const getInitLines = async (stdout = "") => { + stdout += await this.#meekClientProcess.stdout.readString(); + + // look for the final message + const CMETHODS_DONE = "CMETHODS DONE"; + let endIndex = stdout.lastIndexOf(CMETHODS_DONE); + if (endIndex !== -1) { + endIndex += CMETHODS_DONE.length; + return stdout.substring(0, endIndex).split("\n"); + } + return getInitLines(stdout); + }; + + // read our lines from pt's stdout + const meekInitLines = await getInitLines(); + // tokenize our pt lines + const meekInitTokens = meekInitLines.map(line => { + const tokens = line.split(" "); + return { + keyword: tokens[0], + args: tokens.slice(1), + }; + }); + + // parse our pt tokens + for (const { keyword, args } of meekInitTokens) { + const argsJoined = args.join(" "); + let keywordError = false; + switch (keyword) { + case "VERSION": { + if (args.length !== 1 || args[0] !== "1") { + keywordError = true; + } + break; + } + case "PROXY": { + if (args.length !== 1 || args[0] !== "DONE") { + keywordError = true; + } + break; + } + case "CMETHOD": { + if (args.length !== 3) { + keywordError = true; + break; + } + const transport = args[0]; + const proxyType = args[1]; + const addrPortString = args[2]; + const addrPort = addrPortString.split(":"); + + if (transport !== meekTransport) { + throw new Error( + `MeekTransport: Expected ${meekTransport} but found ${transport}` + ); + } + if (!["socks4", "socks4a", "socks5"].includes(proxyType)) { + throw new Error( + `MeekTransport: Invalid proxy type => ${proxyType}` + ); + } + if (addrPort.length !== 2) { + throw new Error( + `MeekTransport: Invalid proxy address => ${addrPortString}` + ); + } + const addr = addrPort[0]; + const port = parseInt(addrPort[1]); + if (port < 1 || port > 65535) { + throw new Error(`MeekTransport: Invalid proxy port => ${port}`); + } + + // convert proxy type to strings used by protocol-proxy-servce + this.proxyType = proxyType === "socks5" ? "socks" : "socks4"; + this.proxyAddress = addr; + this.proxyPort = port; + + break; + } + // terminal + case "CMETHODS": { + if (args.length !== 1 || args[0] !== "DONE") { + keywordError = true; + } + break; + } + // errors (all fall through): + case "VERSION-ERROR": + case "ENV-ERROR": + case "PROXY-ERROR": + case "CMETHOD-ERROR": + throw new Error(`MeekTransport: ${keyword} => '${argsJoined}'`); + } + if (keywordError) { + throw new Error( + `MeekTransport: Invalid ${keyword} keyword args => '${argsJoined}'` + ); + } + } + + // register callback to cleanup on process exit + this.#meekClientProcess.wait().then(exitObj => { + this.#meekClientProcess = null; + this.uninit(); + }); + [this.proxyUsername, this.proxyPassword] = makeMeekCredentials( + this.proxyType, + reflector, + front + ); + this.#inited = true; + } catch (ex) { + if (this.#meekClientProcess) { + this.#meekClientProcess.kill(); + this.#meekClientProcess = null; + } + throw ex; + } + } + + async uninit() { + this.#inited = false; + + await this.#meekClientProcess?.kill(); + this.#meekClientProcess = null; + this.proxyType = null; + this.proxyAddress = null; + this.proxyPort = 0; + this.proxyUsername = null; + this.proxyPassword = null; + } +} + +/** + * Android implementation of the Meek process. + * + * GeckoView does not provide the subprocess module, so we have to use the + * EventDispatcher, and have a Java handler start and stop the proxy process. + */ +class MeekTransportAndroid { + // These members are used by consumers to setup the proxy to do requests over + // meek. They are passed to newProxyInfoWithAuth. + proxyType = null; + proxyAddress = null; + proxyPort = 0; + proxyUsername = null; + proxyPassword = null; + + /** + * An id for process this instance is linked to. + * + * Since we do not restrict the transport to be a singleton, we need a handle to + * identify the process we want to stop when the transport owner is done. + * We use a counter incremented on the Java side for now. + * + * This number must be a positive integer (i.e., 0 is an invalid handler). + * + * @type {number} + */ + #id = 0; + + async init(reflector, front) { + // ensure we haven't already init'd + if (this.#id) { + throw new Error("MeekTransport: Already initialized"); + } + const details = await lazy.EventDispatcher.instance.sendRequestForResult({ + type: "GeckoView:Tor:StartMeek", + }); + this.#id = details.id; + this.proxyType = "socks"; + this.proxyAddress = details.address; + this.proxyPort = details.port; + [this.proxyUsername, this.proxyPassword] = makeMeekCredentials( + this.proxyType, + reflector, + front + ); + } + + async uninit() { + lazy.EventDispatcher.instance.sendRequest({ + type: "GeckoView:Tor:StopMeek", + id: this.#id, + }); + this.#id = 0; + this.proxyType = null; + this.proxyAddress = null; + this.proxyPort = 0; + this.proxyUsername = null; + this.proxyPassword = null; + } +} + +/** + * Callback object to promisify the XPCOM request. + */ +class ResponseListener { + #response = ""; + #responsePromise; + #resolve; + #reject; + constructor() { + this.#response = ""; + // we need this promise here because await nsIHttpChannel::asyncOpen does + // not return only once the request is complete, it seems to return + // after it begins, so we have to get the result from this listener object. + // This promise is only resolved once onStopRequest is called + this.#responsePromise = new Promise((resolve, reject) => { + this.#resolve = resolve; + this.#reject = reject; + }); + } + + // callers wait on this for final response + response() { + return this.#responsePromise; + } + + // noop + onStartRequest(request) {} + + // resolve or reject our Promise + onStopRequest(request, status) { + try { + if (!Components.isSuccessCode(status)) { + const errorMessage = + lazy.TorLauncherUtil.getLocalizedStringForError(status); + this.#reject(new Error(errorMessage)); + } + if (request.responseStatus !== 200) { + this.#reject(new Error(request.responseStatusText)); + } + } catch (err) { + this.#reject(err); + } + this.#resolve(this.#response); + } + + // read response data + onDataAvailable(request, stream, offset, length) { + const scriptableStream = Cc[ + "@mozilla.org/scriptableinputstream;1" + ].createInstance(Ci.nsIScriptableInputStream); + scriptableStream.init(stream); + this.#response += scriptableStream.read(length); + } +} + +// constructs the json objects and sends the request over moat +export class DomainFrontRequestBuilder { + #inited = false; + #meekTransport = null; + + get inited() { + return this.#inited; + } + + async init(reflector, front) { + if (this.#inited) { + throw new Error("MoatRPC: Already initialized"); + } + + const meekTransport = + Services.appinfo.OS === "Android" + ? new MeekTransportAndroid() + : new MeekTransport(); + await meekTransport.init(reflector, front); + this.#meekTransport = meekTransport; + this.#inited = true; + } + + async uninit() { + await this.#meekTransport?.uninit(); + this.#meekTransport = null; + this.#inited = false; + } + + buildHttpHandler(uriString) { + if (!this.#inited) { + throw new Error("MoatRPC: Not initialized"); + } + + const { proxyType, proxyAddress, proxyPort, proxyUsername, proxyPassword } = + this.#meekTransport; + + const proxyPS = Cc[ + "@mozilla.org/network/protocol-proxy-service;1" + ].getService(Ci.nsIProtocolProxyService); + const flags = Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST; + const noTimeout = 0xffffffff; // UINT32_MAX + const proxyInfo = proxyPS.newProxyInfoWithAuth( + proxyType, + proxyAddress, + proxyPort, + proxyUsername, + proxyPassword, + undefined, + undefined, + flags, + noTimeout, + undefined + ); + + const uri = Services.io.newURI(uriString); + // There does not seem to be a way to directly create an nsILoadInfo from + // JavaScript, so we create a throw away non-proxied channel to get one. + const secFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL; + const loadInfo = Services.io.newChannelFromURI( + uri, + undefined, + Services.scriptSecurityManager.getSystemPrincipal(), + undefined, + secFlags, + Ci.nsIContentPolicy.TYPE_OTHER + ).loadInfo; + + const httpHandler = Services.io + .getProtocolHandler("http") + .QueryInterface(Ci.nsIHttpProtocolHandler); + const ch = httpHandler + .newProxiedChannel(uri, proxyInfo, 0, undefined, loadInfo) + .QueryInterface(Ci.nsIHttpChannel); + + // remove all headers except for 'Host" + const headers = []; + ch.visitRequestHeaders({ + visitHeader: (key, val) => { + if (key !== "Host") { + headers.push(key); + } + }, + }); + headers.forEach(key => ch.setRequestHeader(key, "", false)); + + return ch; + } + + /** + * Make a POST request with a JSON body. + * + * @param {string} url The URL to load + * @param {object} args The arguments to send to the procedure. It will be + * serialized to JSON by this function and then set as POST body + * @returns {Promise<object>} A promise with the parsed response + */ + async buildPostRequest(url, args) { + const ch = this.buildHttpHandler(url); + + const argsJson = JSON.stringify(args); + const inStream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance( + Ci.nsIStringInputStream + ); + inStream.setData(argsJson, argsJson.length); + const upChannel = ch.QueryInterface(Ci.nsIUploadChannel); + const contentType = "application/vnd.api+json"; + upChannel.setUploadStream(inStream, contentType, argsJson.length); + ch.requestMethod = "POST"; + + // Make request + const listener = new ResponseListener(); + await ch.asyncOpen(listener, ch); + + // wait for response + const responseJSON = await listener.response(); + + // parse that JSON + return JSON.parse(responseJSON); + } +} ===================================== toolkit/modules/Moat.sys.mjs ===================================== @@ -10,10 +10,8 @@ import { const lazy = {}; ChromeUtils.defineESModuleGetters(lazy, { - EventDispatcher: "resource://gre/modules/Messaging.sys.mjs", - Subprocess: "resource://gre/modules/Subprocess.sys.mjs", - TorLauncherUtil: "resource://gre/modules/TorLauncherUtil.sys.mjs", - TorProviderBuilder: "resource://gre/modules/TorProviderBuilder.sys.mjs", + DomainFrontRequestBuilder: + "resource://gre/modules/DomainFrontedRequests.sys.mjs", }); const TorLauncherPrefs = Object.freeze({ @@ -22,372 +20,9 @@ const TorLauncherPrefs = Object.freeze({ moat_service: "extensions.torlauncher.moat_service", }); -function makeMeekCredentials(proxyType) { - // Construct the per-connection arguments. - let meekClientEscapedArgs = ""; - const meekReflector = Services.prefs.getStringPref( - TorLauncherPrefs.bridgedb_reflector - ); - - // Escape aValue per section 3.5 of the PT specification: - // First the "<Key>=<Value>" formatted arguments MUST be escaped, - // such that all backslash, equal sign, and semicolon characters - // are escaped with a backslash. - const escapeArgValue = aValue => - aValue - ? aValue - .replaceAll("\\", "\\\\") - .replaceAll("=", "\\=") - .replaceAll(";", "\\;") - : ""; - - if (meekReflector) { - meekClientEscapedArgs += "url="; - meekClientEscapedArgs += escapeArgValue(meekReflector); - } - const meekFront = Services.prefs.getStringPref( - TorLauncherPrefs.bridgedb_front - ); - if (meekFront) { - if (meekClientEscapedArgs.length) { - meekClientEscapedArgs += ";"; - } - meekClientEscapedArgs += "front="; - meekClientEscapedArgs += escapeArgValue(meekFront); - } - - // socks5 - if (proxyType === "socks") { - if (meekClientEscapedArgs.length <= 255) { - return [meekClientEscapedArgs, "\x00"]; - } else { - return [ - meekClientEscapedArgs.substring(0, 255), - meekClientEscapedArgs.substring(255), - ]; - } - // socks4 - } else { - return [meekClientEscapedArgs, undefined]; - } -} - -// -// Launches and controls the PT process lifetime -// -class MeekTransport { - // These members are used by consumers to setup the proxy to do requests over - // meek. They are passed to newProxyInfoWithAuth. - proxyType = null; - proxyAddress = null; - proxyPort = 0; - proxyUsername = null; - proxyPassword = null; - - #inited = false; - #meekClientProcess = null; - - // launches the meekprocess - async init() { - // ensure we haven't already init'd - if (this.#inited) { - throw new Error("MeekTransport: Already initialized"); - } - - try { - // figure out which pluggable transport to use - const supportedTransports = ["meek", "meek_lite"]; - const provider = await lazy.TorProviderBuilder.build(); - const proxy = (await provider.getPluggableTransports()).find( - pt => - pt.type === "exec" && - supportedTransports.some(t => pt.transports.includes(t)) - ); - if (!proxy) { - throw new Error("No supported transport found."); - } - - const meekTransport = proxy.transports.find(t => - supportedTransports.includes(t) - ); - // Convert meek client path to absolute path if necessary - const meekWorkDir = lazy.TorLauncherUtil.getTorFile( - "pt-startup-dir", - false - ); - if (lazy.TorLauncherUtil.isPathRelative(proxy.pathToBinary)) { - const meekPath = meekWorkDir.clone(); - meekPath.appendRelativePath(proxy.pathToBinary); - proxy.pathToBinary = meekPath.path; - } - - // Setup env and start meek process - const ptStateDir = lazy.TorLauncherUtil.getTorFile("tordatadir", false); - ptStateDir.append("pt_state"); // Match what tor uses. - - const envAdditions = { - TOR_PT_MANAGED_TRANSPORT_VER: "1", - TOR_PT_STATE_LOCATION: ptStateDir.path, - TOR_PT_EXIT_ON_STDIN_CLOSE: "1", - TOR_PT_CLIENT_TRANSPORTS: meekTransport, - }; - if (TorSettings.proxy.enabled) { - envAdditions.TOR_PT_PROXY = TorSettings.proxy.uri; - } - - const opts = { - command: proxy.pathToBinary, - arguments: proxy.options.split(/s+/), - workdir: meekWorkDir.path, - environmentAppend: true, - environment: envAdditions, - stderr: "pipe", - }; - - // Launch meek client - this.#meekClientProcess = await lazy.Subprocess.call(opts); - - // Callback chain for reading stderr - const stderrLogger = async () => { - while (this.#meekClientProcess) { - const errString = await this.#meekClientProcess.stderr.readString(); - if (errString) { - console.log(`MeekTransport: stderr => ${errString}`); - } - } - }; - stderrLogger(); - - // Read pt's stdout until terminal (CMETHODS DONE) is reached - // returns array of lines for parsing - const getInitLines = async (stdout = "") => { - stdout += await this.#meekClientProcess.stdout.readString(); - - // look for the final message - const CMETHODS_DONE = "CMETHODS DONE"; - let endIndex = stdout.lastIndexOf(CMETHODS_DONE); - if (endIndex != -1) { - endIndex += CMETHODS_DONE.length; - return stdout.substring(0, endIndex).split("\n"); - } - return getInitLines(stdout); - }; - - // read our lines from pt's stdout - const meekInitLines = await getInitLines(); - // tokenize our pt lines - const meekInitTokens = meekInitLines.map(line => { - const tokens = line.split(" "); - return { - keyword: tokens[0], - args: tokens.slice(1), - }; - }); - - // parse our pt tokens - for (const { keyword, args } of meekInitTokens) { - const argsJoined = args.join(" "); - let keywordError = false; - switch (keyword) { - case "VERSION": { - if (args.length != 1 || args[0] !== "1") { - keywordError = true; - } - break; - } - case "PROXY": { - if (args.length != 1 || args[0] !== "DONE") { - keywordError = true; - } - break; - } - case "CMETHOD": { - if (args.length != 3) { - keywordError = true; - break; - } - const transport = args[0]; - const proxyType = args[1]; - const addrPortString = args[2]; - const addrPort = addrPortString.split(":"); - - if (transport !== meekTransport) { - throw new Error( - `MeekTransport: Expected ${meekTransport} but found ${transport}` - ); - } - if (!["socks4", "socks4a", "socks5"].includes(proxyType)) { - throw new Error( - `MeekTransport: Invalid proxy type => ${proxyType}` - ); - } - if (addrPort.length != 2) { - throw new Error( - `MeekTransport: Invalid proxy address => ${addrPortString}` - ); - } - const addr = addrPort[0]; - const port = parseInt(addrPort[1]); - if (port < 1 || port > 65535) { - throw new Error(`MeekTransport: Invalid proxy port => ${port}`); - } - - // convert proxy type to strings used by protocol-proxy-servce - this.proxyType = proxyType === "socks5" ? "socks" : "socks4"; - this.proxyAddress = addr; - this.proxyPort = port; - - break; - } - // terminal - case "CMETHODS": { - if (args.length != 1 || args[0] !== "DONE") { - keywordError = true; - } - break; - } - // errors (all fall through): - case "VERSION-ERROR": - case "ENV-ERROR": - case "PROXY-ERROR": - case "CMETHOD-ERROR": - throw new Error(`MeekTransport: ${keyword} => '${argsJoined}'`); - } - if (keywordError) { - throw new Error( - `MeekTransport: Invalid ${keyword} keyword args => '${argsJoined}'` - ); - } - } - - // register callback to cleanup on process exit - this.#meekClientProcess.wait().then(exitObj => { - this.#meekClientProcess = null; - this.uninit(); - }); - [this.proxyUsername, this.proxyPassword] = makeMeekCredentials( - this.proxyType - ); - this.#inited = true; - } catch (ex) { - if (this.#meekClientProcess) { - this.#meekClientProcess.kill(); - this.#meekClientProcess = null; - } - throw ex; - } - } - - async uninit() { - this.#inited = false; - - await this.#meekClientProcess?.kill(); - this.#meekClientProcess = null; - this.proxyType = null; - this.proxyAddress = null; - this.proxyPort = 0; - this.proxyUsername = null; - this.proxyPassword = null; - } -} - -class MeekTransportAndroid { - // These members are used by consumers to setup the proxy to do requests over - // meek. They are passed to newProxyInfoWithAuth. - proxyType = null; - proxyAddress = null; - proxyPort = 0; - proxyUsername = null; - proxyPassword = null; - - #id = 0; - - async init() { - // ensure we haven't already init'd - if (this.#id) { - throw new Error("MeekTransport: Already initialized"); - } - const details = await lazy.EventDispatcher.instance.sendRequestForResult({ - type: "GeckoView:Tor:StartMeek", - }); - this.#id = details.id; - this.proxyType = "socks"; - this.proxyAddress = details.address; - this.proxyPort = details.port; - [this.proxyUsername, this.proxyPassword] = makeMeekCredentials( - this.proxyType - ); - } - - async uninit() { - lazy.EventDispatcher.instance.sendRequest({ - type: "GeckoView:Tor:StopMeek", - id: this.#id, - }); - this.#id = 0; - this.proxyType = null; - this.proxyAddress = null; - this.proxyPort = 0; - this.proxyUsername = null; - this.proxyPassword = null; - } -} - -// -// Callback object with a cached promise for the returned Moat data -// -class MoatResponseListener { - #response = ""; - #responsePromise; - #resolve; - #reject; - constructor() { - this.#response = ""; - // we need this promise here because await nsIHttpChannel::asyncOpen does - // not return only once the request is complete, it seems to return - // after it begins, so we have to get the result from this listener object. - // This promise is only resolved once onStopRequest is called - this.#responsePromise = new Promise((resolve, reject) => { - this.#resolve = resolve; - this.#reject = reject; - }); - } - - // callers wait on this for final response - response() { - return this.#responsePromise; - } - - // noop - onStartRequest(request) {} - - // resolve or reject our Promise - onStopRequest(request, status) { - try { - if (!Components.isSuccessCode(status)) { - const errorMessage = - lazy.TorLauncherUtil.getLocalizedStringForError(status); - this.#reject(new Error(errorMessage)); - } - if (request.responseStatus != 200) { - this.#reject(new Error(request.responseStatusText)); - } - } catch (err) { - this.#reject(err); - } - this.#resolve(this.#response); - } - - // read response data - onDataAvailable(request, stream, offset, length) { - const scriptableStream = Cc[ - "@mozilla.org/scriptableinputstream;1" - ].createInstance(Ci.nsIScriptableInputStream); - scriptableStream.init(stream); - this.#response += scriptableStream.read(length); - } -} - +/** + * A special response listener that collects the received headers. + */ class InternetTestResponseListener { #promise; #resolve; @@ -436,129 +71,45 @@ class InternetTestResponseListener { } } -// constructs the json objects and sends the request over moat +/** + * Constructs JSON objects and sends requests over Moat. + * The documentation about the JSON schemas to use are available at + * https://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/blob/main/doc/moa…. + */ export class MoatRPC { - #inited = false; - #meekTransport = null; - - get inited() { - return this.#inited; - } + #requestBuilder = null; async init() { - if (this.#inited) { - throw new Error("MoatRPC: Already initialized"); + if (this.#requestBuilder !== null) { + return; } - const meekTransport = - Services.appinfo.OS === "Android" - ? new MeekTransportAndroid() - : new MeekTransport(); - await meekTransport.init(); - this.#meekTransport = meekTransport; - this.#inited = true; + const reflector = Services.prefs.getStringPref( + TorLauncherPrefs.bridgedb_reflector + ); + const front = Services.prefs.getStringPref(TorLauncherPrefs.bridgedb_front); + const builder = new lazy.DomainFrontRequestBuilder(); + await builder.init(reflector, front); + this.#requestBuilder = builder; } async uninit() { - await this.#meekTransport?.uninit(); - this.#meekTransport = null; - this.#inited = false; - } - - #makeHttpHandler(uriString) { - if (!this.#inited) { - throw new Error("MoatRPC: Not initialized"); - } - - const { proxyType, proxyAddress, proxyPort, proxyUsername, proxyPassword } = - this.#meekTransport; - - const proxyPS = Cc[ - "@mozilla.org/network/protocol-proxy-service;1" - ].getService(Ci.nsIProtocolProxyService); - const flags = Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST; - const noTimeout = 0xffffffff; // UINT32_MAX - const proxyInfo = proxyPS.newProxyInfoWithAuth( - proxyType, - proxyAddress, - proxyPort, - proxyUsername, - proxyPassword, - undefined, - undefined, - flags, - noTimeout, - undefined - ); - - const uri = Services.io.newURI(uriString); - // There does not seem to be a way to directly create an nsILoadInfo from - // JavaScript, so we create a throw away non-proxied channel to get one. - const secFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL; - const loadInfo = Services.io.newChannelFromURI( - uri, - undefined, - Services.scriptSecurityManager.getSystemPrincipal(), - undefined, - secFlags, - Ci.nsIContentPolicy.TYPE_OTHER - ).loadInfo; - - const httpHandler = Services.io - .getProtocolHandler("http") - .QueryInterface(Ci.nsIHttpProtocolHandler); - const ch = httpHandler - .newProxiedChannel(uri, proxyInfo, 0, undefined, loadInfo) - .QueryInterface(Ci.nsIHttpChannel); - - // remove all headers except for 'Host" - const headers = []; - ch.visitRequestHeaders({ - visitHeader: (key, val) => { - if (key !== "Host") { - headers.push(key); - } - }, - }); - headers.forEach(key => ch.setRequestHeader(key, "", false)); - - return ch; + await this.#requestBuilder?.uninit(); + this.#requestBuilder = null; } async #makeRequest(procedure, args) { const procedureURIString = `${Services.prefs.getStringPref( TorLauncherPrefs.moat_service )}/${procedure}`; - const ch = this.#makeHttpHandler(procedureURIString); - - // Arrange for the POST data to be sent. - const argsJson = JSON.stringify(args); - - const inStream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance( - Ci.nsIStringInputStream - ); - inStream.setData(argsJson, argsJson.length); - const upChannel = ch.QueryInterface(Ci.nsIUploadChannel); - const contentType = "application/vnd.api+json"; - upChannel.setUploadStream(inStream, contentType, argsJson.length); - ch.requestMethod = "POST"; - - // Make request - const listener = new MoatResponseListener(); - await ch.asyncOpen(listener, ch); - - // wait for response - const responseJSON = await listener.response(); - - // parse that JSON - return JSON.parse(responseJSON); + return this.#requestBuilder.buildPostRequest(procedureURIString, args); } async testInternetConnection() { const uri = `${Services.prefs.getStringPref( TorLauncherPrefs.moat_service )}/circumvention/countries`; - const ch = this.#makeHttpHandler(uri); + const ch = this.#requestBuilder.buildHttpHandler(uri); ch.requestMethod = "HEAD"; const listener = new InternetTestResponseListener(); @@ -566,10 +117,6 @@ export class MoatRPC { return listener.status; } - // - // Moat APIs - // - // Receive a CAPTCHA challenge, takes the following parameters: // - transports: array of transport strings available to us eg: ["obfs4", "meek"] // ===================================== toolkit/modules/moz.build ===================================== @@ -166,6 +166,7 @@ EXTRA_JS_MODULES += [ "DateTimePickerPanel.sys.mjs", "DeferredTask.sys.mjs", "Deprecated.sys.mjs", + "DomainFrontedRequests.sys.mjs", "DragDropFilter.sys.mjs", "E10SUtils.sys.mjs", "EventEmitter.sys.mjs", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/da0f310… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/da0f310… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 41063: Run "file $keyring" in tools/keyring/list-all-keyrings
by richard (＠richard) 11 Jan '24

11 Jan '24

richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: aa5571de by Nicolas Vigier at 2024-01-11T15:30:06+00:00 Bug 41063: Run "file $keyring" in tools/keyring/list-all-keyrings (cherry picked from commit 0fe87b4a9c5645157297106da33991d4e5a7dc3c) - - - - - 1 changed file: - tools/keyring/list-all-keyrings Changes: ===================================== tools/keyring/list-all-keyrings ===================================== @@ -6,5 +6,6 @@ set -e cd $(dirname "$0")/../.. for keyring in ./keyring/*.gpg do + file "$keyring" gpg --no-auto-check-trustdb --list-options show-unusable-subkeys,show-keyring --no-default-keyring --list-keys --keyring "$keyring" done View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41063: Run "file $keyring" in tools/keyring/list-all-keyrings
by richard (＠richard) 11 Jan '24

11 Jan '24

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 0fe87b4a by Nicolas Vigier at 2024-01-11T10:47:16+01:00 Bug 41063: Run "file $keyring" in tools/keyring/list-all-keyrings - - - - - 1 changed file: - tools/keyring/list-all-keyrings Changes: ===================================== tools/keyring/list-all-keyrings ===================================== @@ -6,5 +6,6 @@ set -e cd $(dirname "$0")/../.. for keyring in ./keyring/*.gpg do + file "$keyring" gpg --no-auto-check-trustdb --list-options show-unusable-subkeys,show-keyring --no-default-keyring --list-keys --keyring "$keyring" done View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher][main] Depend on dbus-glib
by boklm (＠boklm) 11 Jan '24

11 Jan '24

boklm pushed to branch main at The Tor Project / Applications / torbrowser-launcher Commits: 961da39f by Vecna at 2024-01-11T09:57:30+00:00 Depend on dbus-glib - - - - - 1 changed file: - build_rpm.sh Changes: ===================================== build_rpm.sh ===================================== @@ -6,7 +6,7 @@ VERSION=$(cat share/torbrowser-launcher/version) rm -r build dist # build binary package -python3 setup.py bdist_rpm --requires="python3-qt5, python3-gpg, python3-requests, python3-pysocks, python3-packaging, gnupg2" +python3 setup.py bdist_rpm --requires="python3-qt5, python3-gpg, python3-requests, python3-pysocks, python3-packaging, gnupg2, dbus-glib" # install it echo "" View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher][main] 2 commits: Update Copyright lines (#11)
by boklm (＠boklm) 10 Jan '24

10 Jan '24

boklm pushed to branch main at The Tor Project / Applications / torbrowser-launcher Commits: e5b82a62 by Nicolas Vigier at 2024-01-10T09:47:10+01:00 Update Copyright lines (#11) - - - - - 6f55236b by Nicolas Vigier at 2024-01-10T09:47:11+01:00 Update torbrowser_launcher.pot - - - - - 8 changed files: - LICENSE - setup.py - share/metainfo/org.torproject.torbrowser-launcher.metainfo.xml - torbrowser-launcher - torbrowser_launcher.pot - torbrowser_launcher/__init__.py - torbrowser_launcher/launcher.py - torbrowser_launcher/settings.py Changes: ===================================== LICENSE ===================================== @@ -1,4 +1,5 @@ Copyright (c) 2013-2023 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2024 Tor Project Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation ===================================== setup.py ===================================== @@ -2,7 +2,8 @@ Tor Browser Launcher https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/ -Copyright (c) 2013-2017 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2013-2023 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2024 Tor Project Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation @@ -100,6 +101,8 @@ setup( version=version, author="Micah Lee", author_email="micah(a)micahflee.com", + maintainer="Nicolas Vigier", + maintainer_email="boklm(a)torproject.org", url="https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/", platforms=["GNU/Linux"], license="MIT", ===================================== share/metainfo/org.torproject.torbrowser-launcher.metainfo.xml ===================================== @@ -1,5 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> - + + <component type="desktop-application"> <id>org.torproject.torbrowser-launcher</id> <launchable type="desktop-id">torbrowser.desktop</launchable> @@ -27,7 +28,7 @@ </screenshot> </screenshots> <url type="homepage">https://gitlab.torproject.org/tpo/applications/torbrowser-launcher</url> - <update_contact>micah(a)micahflee.com</update_contact> + <update_contact>boklm(a)torproject.org</update_contact> <content_rating type="oars-1.1"/> <releases> <release version="0.3.6" date="2022-12-13"/> ===================================== torbrowser-launcher ===================================== @@ -3,7 +3,8 @@ Tor Browser Launcher https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/ -Copyright (c) 2013-2017 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2013-2023 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2024 Tor Project Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation ===================================== torbrowser_launcher.pot ===================================== @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2018-03-23 15:47-0700\n" +"POT-Creation-Date: 2024-01-09 17:04+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL(a)li.org>\n" @@ -17,153 +17,154 @@ msgstr "" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" -#: __init__.py:65 launcher.py:470 +#: __init__.py:76 launcher.py:520 msgid "Tor Browser Launcher" msgstr "" -#: __init__.py:66 -msgid "By Micah Lee, licensed under MIT" +#: __init__.py:77 +msgid "By Micah Lee & Tor Project, licensed under MIT" msgstr "" -#: __init__.py:67 +#: __init__.py:78 #, python-brace-format msgid "version {0}" msgstr "" -#: common.py:100 +#: common.py:90 #, python-brace-format msgid "Error creating {0}" msgstr "" -#: common.py:102 common.py:180 +#: common.py:187 #, python-brace-format -msgid "{0} is not writable" +msgid "Renamed {0} to {1}" msgstr "" -#: common.py:177 +#: common.py:201 #, python-brace-format msgid "Cannot create directory {0}" msgstr "" -#: common.py:187 +#: common.py:204 +#, python-brace-format +msgid "{0} is not writable" +msgstr "" + +#: common.py:211 msgid "Creating GnuPG homedir" msgstr "" -#: common.py:254 +#: common.py:302 #, python-format msgid "Could not import key with fingerprint: %s." msgstr "" -#: common.py:259 +#: common.py:309 msgid "Not all keys were imported successfully!" msgstr "" -#: launcher.py:83 +#: launcher.py:87 msgid "Downloading Tor Browser for the first time." msgstr "" -#: launcher.py:85 +#: launcher.py:90 msgid "" "Your version of Tor Browser is out-of-date. Downloading the newest version." msgstr "" -#: launcher.py:100 +#: launcher.py:111 msgid "Downloading over Tor" msgstr "" -#: launcher.py:111 +#: launcher.py:122 msgid "Tor Browser" msgstr "" -#: launcher.py:128 +#: launcher.py:141 msgid "Start" msgstr "" -#: launcher.py:174 +#: launcher.py:191 msgid "Yes" msgstr "" -#: launcher.py:178 +#: launcher.py:195 msgid "Exit" msgstr "" -#: launcher.py:192 settings.py:136 +#: launcher.py:209 settings.py:136 msgid "Cancel" msgstr "" -#: launcher.py:231 launcher.py:245 launcher.py:249 launcher.py:279 -#: launcher.py:281 +#: launcher.py:246 launcher.py:267 launcher.py:276 launcher.py:315 +#: launcher.py:318 msgid "Downloading" msgstr "" -#: launcher.py:238 +#: launcher.py:257 msgid "Latest version: {}" msgstr "" -#: launcher.py:241 +#: launcher.py:261 msgid "Error detecting Tor Browser version." msgstr "" -#: launcher.py:256 launcher.py:357 +#: launcher.py:291 launcher.py:389 msgid "Verifying Signature" msgstr "" -#: launcher.py:260 +#: launcher.py:295 msgid "Extracting" msgstr "" -#: launcher.py:264 +#: launcher.py:299 msgid "Running" msgstr "" -#: launcher.py:268 +#: launcher.py:303 msgid "Starting download over again" msgstr "" -#: launcher.py:279 launcher.py:295 +#: launcher.py:315 launcher.py:334 msgid "(over Tor)" msgstr "" -#: launcher.py:293 +#: launcher.py:330 msgid "Downloaded" msgstr "" -#: launcher.py:393 +#: launcher.py:431 msgid "Installing" msgstr "" -#: launcher.py:401 +#: launcher.py:440 #, python-brace-format msgid "Tor Browser Launcher doesn't understand the file format of {0}" msgstr "" -#: launcher.py:427 +#: launcher.py:471 msgid "" "The version of Tor Browser you have installed is earlier than it should be, " "which could be a sign of an attack!" msgstr "" -#: launcher.py:446 +#: launcher.py:488 msgid "Downloading Tor Browser over again." msgstr "" -#: launcher.py:516 launcher.py:525 launcher.py:533 +#: launcher.py:561 launcher.py:569 msgid "Download Error:" msgstr "" -#: launcher.py:517 +#: launcher.py:563 msgid "You are currently using a non-default mirror" msgstr "" -#: launcher.py:518 +#: launcher.py:565 msgid "Would you like to switch back to the default?" msgstr "" -#: launcher.py:527 -msgid "Would you like to try the English version of Tor Browser instead?" -msgstr "" - -#: launcher.py:548 +#: launcher.py:585 #, python-brace-format msgid "" "Invalid SSL certificate for:\n" @@ -172,11 +173,11 @@ msgid "" "You may be under attack." msgstr "" -#: launcher.py:550 +#: launcher.py:588 msgid "Try the download again using Tor?" msgstr "" -#: launcher.py:559 +#: launcher.py:598 #, python-brace-format msgid "" "Error starting download:\n" @@ -187,7 +188,7 @@ msgid "" "running?" msgstr "" -#: launcher.py:563 +#: launcher.py:604 #, python-brace-format msgid "" "Error starting download:\n" @@ -197,42 +198,38 @@ msgid "" "Are you connected to the internet?" msgstr "" -#: settings.py:46 +#: settings.py:48 msgid "Tor Browser Launcher Settings" msgstr "" -#: settings.py:50 +#: settings.py:52 msgid "Download over system Tor" msgstr "" -#: settings.py:57 -msgid "Force downloading English version of Tor Browser" -msgstr "" - -#: settings.py:66 +#: settings.py:59 msgid "Tor server" msgstr "" -#: settings.py:82 +#: settings.py:74 msgid "Status: Installed" msgstr "" -#: settings.py:84 +#: settings.py:76 msgid "Status: Not Installed" msgstr "" -#: settings.py:87 +#: settings.py:79 msgid "Install Tor Browser" msgstr "" -#: settings.py:92 +#: settings.py:86 msgid "Reinstall Tor Browser" msgstr "" -#: settings.py:115 +#: settings.py:111 msgid "Mirror" msgstr "" -#: settings.py:131 +#: settings.py:129 msgid "Save && Exit" msgstr "" ===================================== torbrowser_launcher/__init__.py ===================================== @@ -2,7 +2,8 @@ Tor Browser Launcher https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/ -Copyright (c) 2013-2021 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2013-2023 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2024 Tor Project Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation @@ -73,7 +74,7 @@ def main(): tor_browser_launcher_version = buf.read().strip() print(_("Tor Browser Launcher")) - print(_("By Micah Lee, licensed under MIT")) + print(_("By Micah Lee & Tor Project, licensed under MIT")) print(_("version {0}").format(tor_browser_launcher_version)) print("https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/") ===================================== torbrowser_launcher/launcher.py ===================================== @@ -2,7 +2,8 @@ Tor Browser Launcher https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/ -Copyright (c) 2013-2021 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2013-2023 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2024 Tor Project Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation ===================================== torbrowser_launcher/settings.py ===================================== @@ -2,7 +2,8 @@ Tor Browser Launcher https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/ -Copyright (c) 2013-2021 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2013-2023 Micah Lee <micah(a)micahflee.com> +Copyright (c) 2024 Tor Project Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/compar… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/compar… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/firefox-android][firefox-android-115.2.1-13.5-1] 8 commits: Bug 1810776 - Move DismissedTabBackground into its own file
by Dan Ballard (＠dan) 10 Jan '24

10 Jan '24

Dan Ballard pushed to branch firefox-android-115.2.1-13.5-1 at The Tor Project / Applications / firefox-android Commits: eb11d34f by Alexandru2909 at 2024-01-10T09:23:58+01:00 Bug 1810776 - Move DismissedTabBackground into its own file - - - - - d3d59baf by DreVla at 2024-01-10T09:23:59+01:00 Bug 1828493 - Apply purple overlay on list item when in multi-select When having the list layout for tabs tray and entering multi-select mode, the selected list items should have a purple non opaque overlay on the thumbnail, as it was before in the XML implementation. - - - - - 594d50c7 by Alexandru2909 at 2024-01-10T09:23:59+01:00 Bug 1810776 - Add SwipeToDismiss to composed tabs tray - - - - - 65c66210 by Noah Bond at 2024-01-10T09:24:00+01:00 Bug 1815579 - Improve performance of image loading in tab items - - - - - 7a94beac by Noah Bond at 2024-01-10T09:24:00+01:00 Bug 1840896 - Remove `rememberSaveable` since bitmaps are not serializable - - - - - 963aaa93 by Noah Bond at 2024-01-10T09:24:01+01:00 Bug 1844967 - Improve performance of tab thumbnail loading in Compose - - - - - f6a83e7b by Matthew Tighe at 2024-01-10T09:24:01+01:00 Bug 1721904 - update thumbnail caching on app open - - - - - 4d646df9 by hackademix at 2024-01-10T10:24:54+01:00 Bug 42191: Temporary StrictMode relaxation to clear the thumbnail cache. - - - - - 30 changed files: - android-components/components/browser/state/src/main/java/mozilla/components/browser/state/action/BrowserAction.kt - android-components/components/browser/state/src/main/java/mozilla/components/browser/state/reducer/ContentStateReducer.kt - android-components/components/browser/tabstray/src/main/java/mozilla/components/browser/tabstray/TabViewHolder.kt - android-components/components/browser/tabstray/src/test/java/mozilla/components/browser/tabstray/DefaultTabViewHolderTest.kt - android-components/components/browser/thumbnails/src/main/java/mozilla/components/browser/thumbnails/ThumbnailsMiddleware.kt - android-components/components/browser/thumbnails/src/main/java/mozilla/components/browser/thumbnails/storage/ThumbnailStorage.kt - android-components/components/browser/thumbnails/src/main/java/mozilla/components/browser/thumbnails/utils/ThumbnailDiskCache.kt - android-components/components/browser/thumbnails/src/test/java/mozilla/components/browser/thumbnails/ThumbnailsMiddlewareTest.kt - android-components/components/browser/thumbnails/src/test/java/mozilla/components/browser/thumbnails/loader/ThumbnailLoaderTest.kt - android-components/components/browser/thumbnails/src/test/java/mozilla/components/browser/thumbnails/storage/ThumbnailStorageTest.kt - android-components/components/browser/thumbnails/src/test/java/mozilla/components/browser/thumbnails/utils/ThumbnailDiskCacheTest.kt - android-components/components/concept/base/src/main/java/mozilla/components/concept/base/images/ImageRequest.kt - fenix/app/src/main/java/org/mozilla/fenix/browser/TabPreview.kt - fenix/app/src/main/java/org/mozilla/fenix/browser/ToolbarGestureHandler.kt - + fenix/app/src/main/java/org/mozilla/fenix/compose/SwipeToDismiss.kt - + fenix/app/src/main/java/org/mozilla/fenix/compose/TabThumbnail.kt - fenix/app/src/main/java/org/mozilla/fenix/compose/ThumbnailCard.kt - + fenix/app/src/main/java/org/mozilla/fenix/compose/ThumbnailImage.kt - fenix/app/src/main/java/org/mozilla/fenix/compose/list/ListItem.kt - + fenix/app/src/main/java/org/mozilla/fenix/compose/tabstray/DismissedTabBackground.kt - fenix/app/src/main/java/org/mozilla/fenix/compose/tabstray/TabGridItem.kt - fenix/app/src/main/java/org/mozilla/fenix/compose/tabstray/TabListItem.kt - fenix/app/src/main/java/org/mozilla/fenix/home/collections/CollectionItem.kt - fenix/app/src/main/java/org/mozilla/fenix/home/recentsyncedtabs/view/RecentSyncedTab.kt - fenix/app/src/main/java/org/mozilla/fenix/home/recentsyncedtabs/view/RecentSyncedTabViewHolder.kt - fenix/app/src/main/java/org/mozilla/fenix/home/recenttabs/view/RecentTabViewHolder.kt - fenix/app/src/main/java/org/mozilla/fenix/home/recenttabs/view/RecentTabs.kt - fenix/app/src/main/java/org/mozilla/fenix/tabstray/TabsTray.kt - fenix/app/src/main/java/org/mozilla/fenix/tabstray/TabsTrayFragment.kt - fenix/app/src/main/java/org/mozilla/fenix/tabstray/TabsTrayTabLayouts.kt The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/c1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/c1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 41059: Update keyring/torbrowser.gpg with updated key
by richard (＠richard) 10 Jan '24

10 Jan '24

richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 2a253fd5 by Nicolas Vigier at 2024-01-10T15:55:56+00:00 Bug 41059: Update keyring/torbrowser.gpg with updated key Tor Browser gpg key has been updated with a new expiration date on its current subkey. (cherry picked from commit 07f2eaceff557d7dbb10123d7af9cec752f0e6f8) - - - - - 1 changed file: - keyring/torbrowser.gpg Changes: ===================================== keyring/torbrowser.gpg ===================================== Binary files a/keyring/torbrowser.gpg and b/keyring/torbrowser.gpg differ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41059: Update keyring/torbrowser.gpg with updated key
by richard (＠richard) 10 Jan '24

10 Jan '24

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 07f2eace by Nicolas Vigier at 2024-01-10T15:54:54+00:00 Bug 41059: Update keyring/torbrowser.gpg with updated key Tor Browser gpg key has been updated with a new expiration date on its current subkey. - - - - - 1 changed file: - keyring/torbrowser.gpg Changes: ===================================== keyring/torbrowser.gpg ===================================== Binary files a/keyring/torbrowser.gpg and b/keyring/torbrowser.gpg differ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 2 commits: Bug 40606: Use Clang to compile NSIS
by Pier Angelo Vendrame (＠pierov) 10 Jan '24

10 Jan '24

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 3c17b385 by Pier Angelo Vendrame at 2024-01-10T10:10:45+01:00 Bug 40606: Use Clang to compile NSIS NSIS officially supports only MSVC and GCC as compilers, so it was one of the two projects forcing us to keep a GCC toolchain for Windows. With this commit, we adapt the tricks Mozilla uses to build NSIS with Clang, and remove the dependency on mingw-w64. The main trick is to use the GNU assembler instead of Clang's internal one to build NSIS's system plugin. Luckily, it can be found in binutils, without a full GCC build. - - - - - 018b7e26 by Pier Angelo Vendrame at 2024-01-10T11:11:19+01:00 Bug 40900: Update NSIS to 3.09. The update allows us to delete the no-reloc-section patch, and while we are at it, we can replace the no-insert-timestamp patch with SOURCE_DATE_EPOCH, which we set as the creation date of the Source directory form the tarball. - - - - - 5 changed files: - projects/nsis/build - projects/nsis/config - − projects/nsis/no-insert-timestamp.patch - − projects/nsis/no-reloc-section.diff - + projects/nsis/resource-reproducible.diff Changes: ===================================== projects/nsis/build ===================================== @@ -4,21 +4,41 @@ mkdir -p /var/tmp/build tar -C /var/tmp/build -xf nsis-[% c('version') %].tar.bz2 +# We need the GNU assembler for the system plugin +tar -C /var/tmp/dist -xf [% c('input_files_by_name/binutils') %] + # NSIS requires zlib and we later set the path using ZLIB_W32. tar -C /var/tmp/build -xf [% c('input_files_by_name/zlib') %] +# This trick is adapted from Firefox's +# taskcluster/scripts/misc/build-mingw32-nsis.sh +compiler_prefix=/var/tmp/dist/mingw-w64-clang/bin/[% c("arch") %]-w64-mingw32 +cat <<'EOF' >"$compiler_prefix-gcc" +#!/bin/sh +# SCons ignores the external $PATH, so we add binutils here. +export PATH=/var/tmp/dist/binutils/bin:$PATH +case "$@" in +*/Call*.S) + $(dirname $0)/[% c("arch") %]-w64-mingw32-clang -fno-integrated-as "$@" + ;; +*) + $(dirname $0)/[% c("arch") %]-w64-mingw32-clang "$@" + ;; +esac +EOF + +chmod +x "$compiler_prefix-gcc" +ln -s "$compiler_prefix-clang++" "$compiler_prefix-g++" + cd /var/tmp/build/nsis-[% c('version') %]-src -# Adding --no-insert-timestamp to APPEND_LINKFLAGS is not working as it -# is used for both the host and cross-compiled parts, but this option is -# only valid for the Windows linker. Therefore we add it using a patch -# to the cross-compilation part only. Still needed as of 3.06.1, see: #40090. -patch -p1 < $rootdir/no-insert-timestamp.patch -# tor-browser-build#40822: NSIS adds a flag to tell it supports ASLR, but it -# does so only to pass MS certifications. According to the NSIS forums, they -# intended not to ship the .reloc to save space. But, according to the bug -# tracker, binutils 2.36 started adding a .reloc section by default, and we need -# to disable it with this patch. -patch -p1 < $rootdir/no-reloc-section.diff + +# These two sed commands also come from build-mingw32-nsis.sh +sed -i 's/-Wl,--exclude-libs,msvcrt.a/-Wl,-Xlink=-fixed/' SCons/Config/gnu +sed -i '2i extern "C"' SCons/Config/{memcpy,memset}.c + +export SOURCE_DATE_EPOCH=$(stat -c '%Y' Source) +# Resource.dll does not obey the source date epoch... +patch -p1 < "$rootdir/resource-reproducible.diff" [% IF c("var/windows-x86_64") %] # Seems like setting TARGET_ARCH is not enough so we need to patch build.cpp @@ -30,8 +50,7 @@ patch -p1 < $rootdir/no-reloc-section.diff [% END %] [% SET scons_args = 'VERSION=' _ c("version") - _ ' APPEND_CCFLAGS="-fgnu89-inline"' - _ " SKIPUTILS='NSIS Menu' XGCC_W32_PREFIX=" _ c("arch") _ "-w64-mingw32-" + _ " SKIPUTILS='NSIS Menu,Makensisw' XGCC_W32_PREFIX=" _ c("arch") _ "-w64-mingw32-" _ " TARGET_ARCH=" _ target _ " ZLIB_W32=/var/tmp/build/zlib/" _ ' PREFIX=/var/tmp/dist/nsis' -%] ===================================== projects/nsis/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 3.08 +version: 3.09 filename: 'nsis-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -11,21 +11,16 @@ var: - zlib1g-dev - libcppunit-dev - xsltproc - # NSIS has an assembly part that cannot be compiled with Clang. - # Mozilla uses -fno-integrated-as (see - # taskcluster/scripts/misc/build-mingw32-nsis.sh) but for some reason this - # does not seem to work for us, so just keep GCC for the moment, since we are - # already using it for Rust anyway. - compiler: mingw-w64 input_files: - project: container-image - filename: 'nsis-[% c("version") %].tar.bz2' URL: 'https://downloads.sourceforge.net/nsis/nsis-[% c("version") %]-src.tar.bz2' - sha256sum: a85270ad5386182abecb2470e3d7e9bec9fe4efd95210b13551cb386830d1e87 - - filename: no-insert-timestamp.patch - - filename: no-reloc-section.diff + sha256sum: 0cd846c6e9c59068020a87bfca556d4c630f2c5d554c1098024425242ddc56e2 - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' + - name: binutils + project: binutils - name: zlib project: zlib + - filename: resource-reproducible.diff ===================================== projects/nsis/no-insert-timestamp.patch deleted ===================================== @@ -1,27 +0,0 @@ -diff -ur nsis-3.03-src/SCons/Config/gnu nsis-3.03-src.n/SCons/Config/gnu ---- nsis-3.03-src/SCons/Config/gnu 2017-10-06 15:30:20.000000000 -0400 -+++ nsis-3.03-src.n/SCons/Config/gnu 2018-06-17 13:26:05.945495151 -0400 -@@ -102,6 +102,7 @@ - stub_env.Append(LINKFLAGS = ['$NODEFLIBS_FLAG']) # no standard libraries - stub_env.Append(LINKFLAGS = ['$ALIGN_FLAG']) # 512 bytes align - stub_env.Append(LINKFLAGS = ['$MAP_FLAG']) # generate map file -+stub_env.Append(LINKFLAGS = ['-Wl,--no-insert-timestamp']) # remove timestamps for reproducible builds - - stub_uenv = stub_env.Clone() - stub_uenv.Append(CPPDEFINES = ['_UNICODE', 'UNICODE']) -@@ -142,6 +143,7 @@ - plugin_env.Append(LINKFLAGS = ['$MAP_FLAG']) # generate map file - plugin_env.Append(LINKFLAGS = ['-static-libgcc']) # remove libgcc*.dll dependency - plugin_env.Append(LINKFLAGS = ['-static-libstdc++']) # remove libstdc++*.dll dependency -+plugin_env.Append(LINKFLAGS = ['-Wl,--no-insert-timestamp']) # remove timestamps for reproducible builds - - plugin_uenv = plugin_env.Clone() - plugin_uenv.Append(CPPDEFINES = ['_UNICODE', 'UNICODE']) -@@ -181,6 +183,7 @@ - - util_env.Append(LINKFLAGS = ['-mwindows']) # build windows executables - util_env.Append(LINKFLAGS = ['$ALIGN_FLAG']) # 512 bytes align -+util_env.Append(LINKFLAGS = ['-Wl,--no-insert-timestamp']) # remove timestamps for reproducible builds - - - conf = FlagsConfigure(util_env) ===================================== projects/nsis/no-reloc-section.diff deleted ===================================== @@ -1,14 +0,0 @@ -diff -Naur nsis-3.08-orig/SCons/Config/gnu nsis-3.08-src/SCons/Config/gnu ---- nsis-3.08-orig/SCons/Config/gnu 2023-03-23 09:22:46.315471779 +0100 -+++ nsis-3.08-src/SCons/Config/gnu 2023-03-23 09:24:05.260933879 +0100 -@@ -103,6 +103,10 @@ - stub_env.Append(LINKFLAGS = ['$ALIGN_FLAG']) # 512 bytes align - stub_env.Append(LINKFLAGS = ['$MAP_FLAG']) # generate map file - -+# https://sourceforge.net/p/nsis/bugs/1283/?limit=25#e303, -+# https://sourceforge.net/p/nsis/bugs/1283/?limit=25#e303/e90f -+stub_env.Append(LINKFLAGS = ['-Wl,--disable-reloc-section']) -+ - conf = FlagsConfigure(stub_env) - conf.CheckCompileFlag('-fno-tree-loop-distribute-patterns') # GCC 10: Don't generate msvcrt!memmove calls (bug #1248) - conf.Finish() ===================================== projects/nsis/resource-reproducible.diff ===================================== @@ -0,0 +1,10 @@ +diff '--color=auto' -rupN nsis-3.09-orig/Contrib/System/SConscript nsis-3.09-src/Contrib/System/SConscript +--- nsis-3.09-orig/Contrib/System/SConscript 2024-01-10 11:07:15.161175520 +0100 ++++ nsis-3.09-src/Contrib/System/SConscript 2024-01-10 11:08:47.338628667 +0100 +@@ -76,4 +76,5 @@ resources = Split(""" + + env.Depends(res_target, resources) + +-env.SharedLibrary('Resource', res_target + res_main) ++resource = env.SharedLibrary('Resource', res_target + res_main) ++env.MakeReproducible(resource) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/firefox-android][firefox-android-115.2.1-13.5-1] 2 commits: fixup! Bug 1823316 - Use 'Snackbar' themed Dialog to notify on making app full-screen
by ma1 (＠ma1) 10 Jan '24

10 Jan '24

ma1 pushed to branch firefox-android-115.2.1-13.5-1 at The Tor Project / Applications / firefox-android Commits: a57e5d10 by hackademix at 2024-01-10T08:41:06+01:00 fixup! Bug 1823316 - Use 'Snackbar' themed Dialog to notify on making app full-screen Fix tor-browser#42355 backporting regression. - - - - - c1397e81 by t-p-white at 2024-01-10T08:41:06+01:00 Bug 1864549 - Fix for IllegalStateException in full screen notification dialog - - - - - 2 changed files: - android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/dialog/FullScreenNotificationDialog.kt - fenix/app/src/main/java/org/mozilla/fenix/browser/BaseBrowserFragment.kt Changes: ===================================== android-components/components/feature/prompts/src/main/java/mozilla/components/feature/prompts/dialog/FullScreenNotificationDialog.kt ===================================== @@ -59,11 +59,12 @@ class FullScreenNotificationDialog(@LayoutRes val layout: Int) : window.setGravity(Gravity.BOTTOM) window.clearFlags(WindowManager.LayoutParams.FLAG_DIM_BEHIND) } + } - lifecycleScope.launch { - delay(SNACKBAR_DURATION_LONG_MS) - dismiss() - } + // Attempt to automatically dismiss the dialog after the given duration. + lifecycleScope.launch { + delay(SNACKBAR_DURATION_LONG_MS) + dialog?.dismiss() } } } ===================================== fenix/app/src/main/java/org/mozilla/fenix/browser/BaseBrowserFragment.kt ===================================== @@ -1491,6 +1491,7 @@ abstract class BaseBrowserFragment : parentFragmentManager, ) + activity?.enterToImmersiveMode() (view as? SwipeGestureLayout)?.isSwipeEnabled = false browserToolbarView.collapse() browserToolbarView.view.isVisible = false View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/be… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/compare/be… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 41058: Update Snowflake to 2.8.1
by richard (＠richard) 09 Jan '24

09 Jan '24

richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: d7ba22ea by Richard Pospesel at 2024-01-09T17:39:48+00:00 Bug 41058: Update Snowflake to 2.8.1 (cherry picked from commit 4ea089e41deb39fd5837eca71a29274dcb60c9fc) - - - - - 1 changed file: - projects/snowflake/config Changes: ===================================== projects/snowflake/config ===================================== @@ -1,7 +1,9 @@ # vim: filetype=yaml sw=2 version: '[% c("abbrev") %]' git_url: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… -git_hash: b5d702f48315ee7dc718496dc6996f266e0ba047 #v2.6.1 +git_hash: v2.8.1 +gpg_keyring: anti-censorship.gpg +tag_gpg_id: 1 container: use_container: 1 @@ -20,6 +22,6 @@ steps: pkg_type: go_vendor project: snowflake norec: - sha256sum: 47ba1520df228ecffcf48ea4d826a365f39f31d9122200dd993c437cf347dc09 + sha256sum: 6e41846a6d3e94891847d74ac08c6888c1540e0b0680ed3900ca54d7c35e1752 target_replace: '^torbrowser-(?!testbuild).*': 'torbrowser-linux-x86_64' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41058: Update Snowflake to 2.8.1
by richard (＠richard) 09 Jan '24

09 Jan '24

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 4ea089e4 by Richard Pospesel at 2024-01-09T17:38:39+00:00 Bug 41058: Update Snowflake to 2.8.1 - - - - - 1 changed file: - projects/snowflake/config Changes: ===================================== projects/snowflake/config ===================================== @@ -1,7 +1,9 @@ # vim: filetype=yaml sw=2 version: '[% c("abbrev") %]' git_url: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snow… -git_hash: b5d702f48315ee7dc718496dc6996f266e0ba047 #v2.6.1 +git_hash: v2.8.1 +gpg_keyring: anti-censorship.gpg +tag_gpg_id: 1 container: use_container: 1 @@ -20,6 +22,6 @@ steps: pkg_type: go_vendor project: snowflake norec: - sha256sum: 47ba1520df228ecffcf48ea4d826a365f39f31d9122200dd993c437cf347dc09 + sha256sum: 6e41846a6d3e94891847d74ac08c6888c1540e0b0680ed3900ca54d7c35e1752 target_replace: '^torbrowser-(?!testbuild).*': 'torbrowser-linux-x86_64' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.5-1] fixup! Bug 40597: Implement TorSettings module
by Pier Angelo Vendrame (＠pierov) 09 Jan '24

09 Jan '24

Pier Angelo Vendrame pushed to branch tor-browser-115.6.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: afe1be79 by Pier Angelo Vendrame at 2024-01-09T17:57:06+01:00 fixup! Bug 40597: Implement TorSettings module Bug 42359: Handle firewall and proxy in setSettings. - - - - - 1 changed file: - toolkit/modules/TorSettings.sys.mjs Changes: ===================================== toolkit/modules/TorSettings.sys.mjs ===================================== @@ -301,8 +301,12 @@ class TorSettingsImpl { return this.#parsePort(val, false) ?? 0; }, }, - username: {}, - password: {}, + username: { + transform: val => val ?? "", + }, + password: { + transform: val => val ?? "", + }, uri: { getter: () => { const { type, address, port, username, password } = this.proxy; @@ -910,7 +914,11 @@ class TorSettingsImpl { } /** - * Set all of our settings at once from a settings object. + * Set blocks of settings at once from an object. + * + * It is possible to set all settings, or only some sections (e.g., only + * bridges), but if a key is present, its settings must make sense (e.g., if + * bridges are enabled, a valid source must be provided). * * @param {object} settings The settings object to set */ @@ -924,35 +932,59 @@ class TorSettingsImpl { // Hold off on lots of notifications until all settings are changed. this.freezeNotifications(); try { - this.bridges.enabled = !!settings.bridges.enabled; - this.bridges.source = settings.bridges.source; - switch (settings.bridges.source) { - case TorBridgeSource.BridgeDB: - case TorBridgeSource.UserProvided: - this.bridges.bridge_strings = settings.bridges.bridge_strings; - break; - case TorBridgeSource.BuiltIn: { - this.bridges.builtin_type = settings.bridges.builtin_type; - if (!this.bridges.bridge_strings.length) { - // No bridges were found when setting the builtin_type. - throw new Error( - `No available builtin bridges of type ${settings.bridges.builtin_type}` - ); - } - break; + if ("bridges" in settings) { + this.bridges.enabled = !!settings.bridges.enabled; + // Currently, disabling bridges in the UI does not remove the lines, + // because we call only the `enabled` setter. + // So, if the bridge source is undefined but bridges are disabled, + // do not force Invalid. Instead, keep the current source. + if (this.bridges.enabled || settings.bridges.source !== undefined) { + this.bridges.source = settings.bridges.source; } - case TorBridgeSource.Invalid: - break; - default: - if (settings.bridges.enabled) { - throw new Error( - `Bridge source '${settings.source}' is not a valid source` - ); + switch (settings.bridges.source) { + case TorBridgeSource.BridgeDB: + case TorBridgeSource.UserProvided: + this.bridges.bridge_strings = settings.bridges.bridge_strings; + break; + case TorBridgeSource.BuiltIn: { + this.bridges.builtin_type = settings.bridges.builtin_type; + if (!this.bridges.bridge_strings.length) { + // No bridges were found when setting the builtin_type. + throw new Error( + `No available builtin bridges of type ${settings.bridges.builtin_type}` + ); + } + break; } - break; + case TorBridgeSource.Invalid: + break; + default: + if (settings.bridges.enabled) { + throw new Error( + `Bridge source '${settings.source}' is not a valid source` + ); + } + break; + } } - // TODO: proxy and firewall + if ("proxy" in settings) { + this.proxy.enabled = !!settings.proxy.enabled; + if (this.proxy.enabled) { + this.proxy.type = settings.proxy.type; + this.proxy.address = settings.proxy.address; + this.proxy.port = settings.proxy.port; + this.proxy.username = settings.proxy.username; + this.proxy.password = settings.proxy.password; + } + } + + if ("firewall" in settings) { + this.firewall.enabled = !!settings.firewall.enabled; + if (this.firewall.enabled) { + this.firewall.allowed_ports = settings.firewall.allowed_ports; + } + } } catch (ex) { // Restore the old settings without any new notifications generated from // the above code. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/afe1be7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/afe1be7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.5-1] fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.
by richard (＠richard) 09 Jan '24

09 Jan '24

richard pushed to branch tor-browser-115.6.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 0ee68de7 by Pier Angelo Vendrame at 2024-01-09T12:39:59+01:00 fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain. Bug 42338: Make TorDomainIsolator.newCircuitForDomain public again - - - - - 1 changed file: - toolkit/components/tor-launcher/TorDomainIsolator.sys.mjs Changes: ===================================== toolkit/components/tor-launcher/TorDomainIsolator.sys.mjs ===================================== @@ -224,7 +224,7 @@ class TorDomainIsolatorImpl { newCircuitForBrowser(globalBrowser) { const browser = globalBrowser.selectedBrowser; const firstPartyDomain = getDomainForBrowser(browser); - this.#newCircuitForDomain(firstPartyDomain); + this.newCircuitForDomain(firstPartyDomain); const { username, password } = this.#getSocksProxyCredentials( firstPartyDomain, browser.contentPrincipal.originAttributes.userContextId @@ -329,7 +329,7 @@ class TorDomainIsolatorImpl { logger.info( "tor catchall circuit has reached its maximum lifetime. Rotating." ); - this.#newCircuitForDomain(CATCHALL_DOMAIN); + this.newCircuitForDomain(CATCHALL_DOMAIN); } } const { username, password } = this.#getSocksProxyCredentials( @@ -437,7 +437,7 @@ class TorDomainIsolatorImpl { * @param {string?} domain The first-party domain to re-create the nonce for. * If empty or null, the catchall domain will be used. */ - #newCircuitForDomain(domain) { + newCircuitForDomain(domain) { if (!domain) { domain = CATCHALL_DOMAIN; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0ee68de… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0ee68de… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] 2 commits: Bug 41016: Switch from bullseye to bookworm on macOS+Windows.
by Pier Angelo Vendrame (＠pierov) 09 Jan '24

09 Jan '24

Pier Angelo Vendrame pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 2dc972fd by Pier Angelo Vendrame at 2024-01-09T14:33:16+01:00 Bug 41016: Switch from bullseye to bookworm on macOS+Windows. Debian bookworm became the new stable in June 2023, so we should update our containers to use it. On macOS the update did not cause any issue, and just updating the suite name worked. On Windows, it caused some problems where we used the strip provided by the OS (only for tor, it seems), because the new version of strip seems to update the timestamps by default. We are delaying the process for Android because there are still a couple of projects that require Java 11, which is not available on bookworm. - - - - - d5376ce1 by Pier Angelo Vendrame at 2024-01-09T14:33:18+01:00 Bug 41015: Enable std::filesystem on libc++ on Windows We need to do some path manipulation in some Firefox code that is run before initializing XPCOM. So, the alternatives are either Path* functions from shlwapi, or std::filesystem, which is disabled in Firefox 115. Mozilla enabled it starting from 116, but we have been told it is okay to enable it also in 115, so we do it with this patch. - - - - - 6 changed files: - projects/manual/config - projects/mingw-w64-clang/build - projects/mmdebstrap-image/config - projects/mmdebstrap/config - projects/tor/build - rbm.conf Changes: ===================================== projects/manual/config ===================================== @@ -13,7 +13,7 @@ compress_tar: 'gz' var: container: - suite: bullseye + suite: bookworm arch: amd64 deps: - python3 ===================================== projects/mingw-w64-clang/build ===================================== @@ -175,7 +175,7 @@ EOF -DLIBCXX_SUPPORTS_STD_EQ_CXX11_FLAG=TRUE \ -DLIBCXX_HAVE_CXX_ATOMICS_WITHOUT_LIB=TRUE \ -DLIBCXX_ENABLE_EXPERIMENTAL_LIBRARY=OFF \ - -DLIBCXX_ENABLE_FILESYSTEM=OFF \ + -DLIBCXX_ENABLE_FILESYSTEM=ON \ -DLIBCXX_ENABLE_STATIC_ABI_LIBRARY=TRUE \ -DLIBCXX_CXX_ABI=libcxxabi \ -DLIBCXX_CXX_ABI_INCLUDE_PATHS=$builddir/clang-source/libcxxabi/include \ ===================================== projects/mmdebstrap-image/config ===================================== @@ -7,7 +7,7 @@ container: use_container: 1 var: - ubuntu_version: 22.04.2 + ubuntu_version: 22.04.3 pre: | #!/bin/sh @@ -50,9 +50,16 @@ targets: suite: bullseye arch: amd64 + bookworm-amd64: + var: + minimal_apt_version: 2.6.1 + container: + suite: bookworm + arch: amd64 + input_files: - project: mmdebstrap name: mmdebstrap - URL: 'https://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz' filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz' - sha256sum: 373f064df30519adc3344a08d774f437caabd1479d846fa2ca6fed727ea7a53d + sha256sum: ad33b7ae47b75c92c2e2fe21fd4612e15357e67679d8751d6ce892a475be24fe ===================================== projects/mmdebstrap/config ===================================== @@ -1,6 +1,6 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-src-[% c("version") %]-[% c("var/build_id") %].tar.gz' -version: 0.8.6 +version: 1.4.0 git_hash: '[% c("version") %]' git_url: https://gitlab.mister-muffin.de/josch/mmdebstrap.git gpg_keyring: mmdebstrap.gpg ===================================== projects/tor/build ===================================== @@ -97,8 +97,9 @@ cp $distdir/share/tor/geoip6 "$TORDATADIR" cd $distdir [% IF c("var/windows") %] - install -s $distdir/bin/tor.exe "$TORBINDIR" - install -s $distdir/bin/tor-gencert.exe "$TORBINDIR" + # With Debian bookworm strip changes the date time, llvm-strip doesn't do it. + install -s --strip-program=llvm-strip $distdir/bin/tor.exe "$TORBINDIR" + install -s --strip-program=llvm-strip $distdir/bin/tor-gencert.exe "$TORBINDIR" [% END %] [% IF c("var/linux") %] ===================================== rbm.conf ===================================== @@ -578,7 +578,7 @@ targets: windows: 1 platform: windows container: - suite: bullseye + suite: bookworm arch: amd64 configure_opt: '--host=[% c("arch") %]-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]" [% c("var/configure_opt_project") %]' CFLAGS: '-fstack-protector-strong -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security [% c("var/flag_mwindows") %]' @@ -661,7 +661,7 @@ targets: platform: macos osname: macos container: - suite: bullseye + suite: bookworm arch: amd64 compiler: 'macosx-toolchain' configure_opt: '--host=[% c("var/build_target") %] CC="[% c("var/build_target") %]-clang [% c("var/FLAGS") %]" CXX="[% c("var/build_target") %]-clang++ [% c("var/FLAGS") %]" [% c("var/configure_opt_project") %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.6.0esr-13.0-1] 2 commits: Bug 1865238 - Use One UI Sans KR VF for Korean sans-serif font on Android r=jfkthame
by Pier Angelo Vendrame (＠pierov) 09 Jan '24

09 Jan '24

Pier Angelo Vendrame pushed to branch mullvad-browser-115.6.0esr-13.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 4f0e3266 by Kagami Sascha Rosylight at 2024-01-09T14:28:40+01:00 Bug 1865238 - Use One UI Sans KR VF for Korean sans-serif font on Android r=jfkthame Per /etc/fonts.xml, there are now only two `<family lang="ko">` nodes there: * OneUISansKRVF series * SECCJK series (but no KR postfix anymore?) This patch uses One UI Sans KR VF as the replacement as this is newer and is a variable font (tested with https://codepen.io/SaschaNaz/pen/ExrdYXJ) Differential Revision: https://phabricator.services.mozilla.com/D195078 - - - - - e99bdee9 by Pier Angelo Vendrame at 2024-01-09T14:28:42+01:00 Bug 1860020 - Remove the assertion on the value of toolkit.telemetry.enabled. r=KrisWright,chutten Bug 1444275 introduced an assertion on the parent process to check that the value of toolkit.telemetry.enabled is the expected one. However, this expected value could be different from the one set and locked e.g. in some forks. Therefore, the assertion prevented debug builds from working in these cases. Differential Revision: https://phabricator.services.mozilla.com/D195080 - - - - - 2 changed files: - modules/libpref/Preferences.cpp - modules/libpref/init/all.js Changes: ===================================== modules/libpref/Preferences.cpp ===================================== @@ -3637,16 +3637,6 @@ void Preferences::SetupTelemetryPref() { Preferences::Lock(kTelemetryPref); } -static void CheckTelemetryPref() { - MOZ_ASSERT(!XRE_IsParentProcess()); - - // Make sure the children got passed the right telemetry pref details. - DebugOnly<bool> value; - MOZ_ASSERT(NS_SUCCEEDED(Preferences::GetBool(kTelemetryPref, &value)) && - value == TelemetryPrefValue()); - MOZ_ASSERT(Preferences::IsLocked(kTelemetryPref)); -} - #endif // MOZ_WIDGET_ANDROID /* static */ @@ -3687,11 +3677,6 @@ already_AddRefed<Preferences> Preferences::GetInstanceForService() { Preferences::SetPreference(gChangedDomPrefs->ElementAt(i)); } gChangedDomPrefs = nullptr; - -#ifndef MOZ_WIDGET_ANDROID - CheckTelemetryPref(); -#endif - } else { // Check if there is a deployment configuration file. If so, set up the // pref config machinery, which will actually read the file. ===================================== modules/libpref/init/all.js ===================================== @@ -3053,7 +3053,7 @@ pref("font.size.monospace.x-math", 13); pref("font.name-list.monospace.ja", "MotoyaLMaru, MotoyaLCedar, Noto Sans Mono CJK JP, SEC Mono CJK JP, Droid Sans Mono"); pref("font.name-list.serif.ko", "Charis SIL Compact, Noto Serif CJK KR, Noto Serif, Droid Serif, HYSerif"); - pref("font.name-list.sans-serif.ko", "Roboto, Google Sans, SmartGothic, NanumGothic, Noto Sans KR, Noto Sans CJK KR, SamsungKorean_v2.0, SEC CJK KR, DroidSansFallback, Droid Sans Fallback"); + pref("font.name-list.sans-serif.ko", "Roboto, Google Sans, SmartGothic, NanumGothic, Noto Sans KR, Noto Sans CJK KR, One UI Sans KR VF, SamsungKorean_v2.0, SEC CJK KR, DroidSansFallback, Droid Sans Fallback"); pref("font.name-list.monospace.ko", "Droid Sans Mono, Noto Sans Mono CJK KR, SEC Mono CJK KR"); pref("font.name-list.serif.th", "Charis SIL Compact, Noto Serif, Noto Serif Thai, Droid Serif"); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/65… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/65… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.6.0esr-13.0-1] Bug 1860020 - Remove the assertion on the value of toolkit.telemetry.enabled. r=KrisWright, chutten
by Pier Angelo Vendrame (＠pierov) 09 Jan '24

09 Jan '24

Pier Angelo Vendrame pushed to branch tor-browser-115.6.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 4c246c84 by Pier Angelo Vendrame at 2024-01-09T14:27:30+01:00 Bug 1860020 - Remove the assertion on the value of toolkit.telemetry.enabled. r=KrisWright,chutten Bug 1444275 introduced an assertion on the parent process to check that the value of toolkit.telemetry.enabled is the expected one. However, this expected value could be different from the one set and locked e.g. in some forks. Therefore, the assertion prevented debug builds from working in these cases. Differential Revision: https://phabricator.services.mozilla.com/D195080 - - - - - 1 changed file: - modules/libpref/Preferences.cpp Changes: ===================================== modules/libpref/Preferences.cpp ===================================== @@ -3637,16 +3637,6 @@ void Preferences::SetupTelemetryPref() { Preferences::Lock(kTelemetryPref); } -static void CheckTelemetryPref() { - MOZ_ASSERT(!XRE_IsParentProcess()); - - // Make sure the children got passed the right telemetry pref details. - DebugOnly<bool> value; - MOZ_ASSERT(NS_SUCCEEDED(Preferences::GetBool(kTelemetryPref, &value)) && - value == TelemetryPrefValue()); - MOZ_ASSERT(Preferences::IsLocked(kTelemetryPref)); -} - #endif // MOZ_WIDGET_ANDROID /* static */ @@ -3687,11 +3677,6 @@ already_AddRefed<Preferences> Preferences::GetInstanceForService() { Preferences::SetPreference(gChangedDomPrefs->ElementAt(i)); } gChangedDomPrefs = nullptr; - -#ifndef MOZ_WIDGET_ANDROID - CheckTelemetryPref(); -#endif - } else { // Check if there is a deployment configuration file. If so, set up the // pref config machinery, which will actually read the file. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4c246c8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4c246c8… You're receiving this email because of your account on gitlab.torproject.org.

1 0