- tbb-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build][maint-13.0] 2 commits: Bug 40884: add upload-sha256sums make target and release script
by Pier Angelo Vendrame (＠pierov) 05 Dec '23

05 Dec '23

Pier Angelo Vendrame pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 744d13bf by Dan Ballard at 2023-12-05T08:46:28+01:00 Bug 40884: add upload-sha256sums make target and release script - - - - - bfc545e4 by Pier Angelo Vendrame at 2023-12-05T08:46:45+01:00 Bug 41026: Use a relative target_dir in upload_sha256sums ~/ is expanded by the shell issuing the command, so it results in the local home directory, not the remote one. However, since we are using a path that is relative to the home, we can simply use a relative one. - - - - - 4 changed files: - Makefile - projects/release/config - + projects/release/upload_sha256sums - rbm.local.conf.example Changes: ===================================== Makefile ===================================== @@ -668,12 +668,28 @@ cargo_vendor-rcodesign: submodule-update submodule-update: git submodule update --init +# requires tpo_user variable be set in rbm.local.conf +torbrowser-upload-sha256sums-release: submodule-update + $(rbm) build release --step upload_sha256sums --target release --target torbrowser + +# requires tpo_user variable be set in rbm.local.conf +torbrowser-upload-sha256sums-alpha: submodule-update + $(rbm) build release --step upload_sha256sums --target alpha --target torbrowser + torbrowser-signtag-release: submodule-update $(rbm) build release --step signtag --target release --target torbrowser torbrowser-signtag-alpha: submodule-update $(rbm) build release --step signtag --target alpha --target torbrowser +# requires tpo_user variable be set in rbm.local.conf +mullvadbrowser-upload-sha256sums-release: submodule-update + $(rbm) build release --step upload_sha256sums --target release --target mullvadbrowser + +# requires tpo_user variable be set in rbm.local.conf +mullvadbrowser-upload-sha256sums-alpha: submodule-update + $(rbm) build release --step upload_sha256sums --target alpha --target mullvadbrowser + mullvadbrowser-signtag-release: submodule-update $(rbm) build release --step signtag --target release --target mullvadbrowser ===================================== projects/release/config ===================================== @@ -258,6 +258,11 @@ steps: debug: 0 input_files: [] dmg2mar: '[% INCLUDE dmg2mar %]' + upload_sha256sums: + build_log: '-' + debug: 0 + input_files: [] + upload_sha256sums: '[% INCLUDE upload_sha256sums %]' compare_windows_signed_unsigned_exe: build_log: '-' debug: 0 ===================================== projects/release/upload_sha256sums ===================================== @@ -0,0 +1,34 @@ +#!/bin/sh +# Tool to sign sha256sums of builds and upload them to where signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo expects them to be + +version=[% c("version") %]-[% c("var/torbrowser_build") %] +signed=[% c("var/signed_status") %] +channel=[% c("var/build_target") %] +browser=[% c("var/browser_type") %] + +src_dir=[% shell_quote(path(dest_dir)) %]/$signed/$version + +target_dir=public_html/builds/$browser/$channel/$version/ + +echo "browser:$browser channel:$channel signed:$signed version:$version" + +if [ ! -d $src_dir ]; then + echo "ERROR: $src_dir does not exist!" + exit +fi + +cd $src_dir +for i in sha256sums*.txt; do + if [ ! -f $i.asc ] ; then + gpg -abs [% c("var/sign_build_gpg_opts") %] $i; + fi +done + +if [ -z '[% c("var/tpo_user") %]' ]; then + print "tpo_user variable unset, required to upload to people.torproject.org. Please set in rbm.local.conf" + exit +fi + +ssh [% c("var/tpo_user") %](a)people.torproject.org "mkdir -p $target_dir" +rsync sha256sums*.* [% c("var/tpo_user") %]@people.torproject.org:$target_dir +echo "Synced sha256sums to https://people.torproject.org/~[% c("var/tpo_user") %]/builds/$browser/$channel/$version/" ===================================== rbm.local.conf.example ===================================== @@ -55,6 +55,11 @@ var: ### and sha256sums-unsigned-build.incrementals.txt files. #sign_build_gpg_opts: '--local-user XXXXXXXX' + ### The var/tpo_user option is used on the release upload_sha256sums step + ### and is the user on people.torproject.org that ssh/rsync will try to + ### upload the files to + #tpo_user: username + ### The clean configuration is used by the cleaning script to find the ### branches and build targets you are using, to compute the list of ### files that should be kept. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag mb-13.0.6-build1
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed new tag mb-13.0.6-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/mb-… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-13.0.6-build1
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed new tag tbb-13.0.6-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 41009, 41018: Prepare Tor+Mullvad Browser Stable 13.0.6
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 7e8b7279 by hackademix at 2023-12-04T17:40:53+01:00 Bug 41009,41018: Prepare Tor+Mullvad Browser Stable 13.0.6 - - - - - 9 changed files: - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/allowed_addons.json - projects/browser/config - projects/firefox/config - projects/geckoview/config - projects/manual/config - projects/translation/config - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -1,3 +1,50 @@ +Mullvad Browser 13.0.6 - December 04 2023 + * All Platforms + * Bug 42288: Allow language spoofing in status messages [tor-browser] + * Updated uBlock Origin to 1.54.0 + * Linux + * Bug 17560: Downloaded URLs disk leak on Linux [tor-browser] + * Bug 42306: Tor Browser crashes when extensions popups are opened with Wayland enabled [tor-browser] + * Bug 41017: Disable Nvidia shader cache [tor-browser-build] + * Build System + * All Platforms + * Bug 41027: Remove tb-build-04 and tb-build-05 from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo [tor-browser-build] + * Bug 40936: Revert tor-browser-build#40933 [tor-browser-build] + * Bug 40970: Missing symlink create-blog-post.torbrowser -> create-blog-post symlink [tor-browser-build] + * Bug 40995: Use cdn.stagemole.eu instead of cdn.devmole.eu in download-unsigned-sha256sums-gpg-signatures-from-people-tpo [tor-browser-build] + * Bug 40063: RBM's chroot fails in Fedora [rbm] + * Bug 40064: Using exec on project with no git_url/hg_url is causing warning [rbm] + * Windows + macOS + Linux + * Bug 41031: Add command to unsign .mar files and compare with sha256sums-unsigned-build.txt [tor-browser-build] + * Windows + * Bug 41030: Add command to unsign .exe files and compare with sha256sums-unsigned-build.txt [tor-browser-build] + +Mullvad Browser 13.5a2 - November 27 2023 + * All Platforms + * Updated Firefox to 115.5.0esr + * Updated uBlock Origin to 1.54.0 + * Bug 250: Enable storage.sync to fix broken webextensions [mullvad-browser] + * Bug 254: Rebase Mullvad Browser Alpha to 115.5.0esr [mullvad-browser] + * Bug 42153: Drop dom.enable_resource_timing = false preference [tor-browser] + * Bug 42194: Blank Net Error page on name resolution failure [tor-browser] + * Bug 42276: Rebase Browsers Alpha to 115.5.0esr [tor-browser] + * Bug 42288: Allow language spoofing in status messages [tor-browser] + * Linux + * Bug 17560: Downloaded URLs disk leak on Linux [tor-browser] + * Bug 41017: Disable Nvidia shader cache [tor-browser-build] + * Build System + * All Platforms + * Bug 40884: Script to automate uploading sha256s and signatures to location signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo expects them to be [tor-browser-build] + * Bug 40970: Missing symlink create-blog-post.torbrowser -> create-blog-post symlink [tor-browser-build] + * Bug 41006: Fix typo in finished-signing-clean-linux signer [tor-browser-build] + * Bug 40063: RBM's chroot fails in Fedora [rbm] + * Bug 40064: Using exec on project with no git_url/hg_url is causing warning [rbm] + * macOS + * Bug 41005: Unpack macOS bundle to /var/tmp instead of /tmp in rcodesign-notary-submit step [tor-browser-build] + * Bug 41007: gatekeeper-bundling.sh refers to old .tar.gz archive [tor-browser-build] + * Bug 41014: Update libdmg-hfsplus to drop the OpenSSL patch [tor-browser-build] + * Bug 41020: Opening MacOS dmg file is causing a warning, since 13.0 [tor-browser-build] + Mullvad Browser 13.0.4 - November 16 2023 * All Platforms * Updated Firefox to 115.5.0esr ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,72 @@ +Tor Browser 13.0.6 - December 04 2023 + * All Platforms + * Bug 42288: Allow language spoofing in status messages [tor-browser] + * Windows + macOS + Linux + * Bug 42302: The allowed ports string contains a typo [tor-browser] + * Bug 42231: Improve the network monitor patch for http onion resources [tor-browser] + * Bug 42299: After adding incorrect bridge addres on user cannot go back to the Connection page [tor-browser] + * Linux + * Bug 17560: Downloaded URLs disk leak on Linux [tor-browser] + * Bug 42306: Tor Browser crashes when extensions popups are opened with Wayland enabled [tor-browser] + * Bug 41017: Disable Nvidia shader cache [tor-browser-build] + * Build System + * All Platforms + * Bug 41027: Remove tb-build-04 and tb-build-05 from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo [tor-browser-build] + * Bug 40936: Revert tor-browser-build#40933 [tor-browser-build] + * Bug 40995: Use cdn.stagemole.eu instead of cdn.devmole.eu in download-unsigned-sha256sums-gpg-signatures-from-people-tpo [tor-browser-build] + * Bug 40064: Using exec on project with no git_url/hg_url is causing warning [rbm] + * Windows + macOS + Linux + * Bug 41031: Add command to unsign .mar files and compare with sha256sums-unsigned-build.txt [tor-browser-build] + * Windows + * Bug 41030: Add command to unsign .exe files and compare with sha256sums-unsigned-build.txt [tor-browser-build] + * Android + * Bug 41024: Fix android filenames in Release Prep issue templates [tor-browser-build] + +Tor Browser 13.5a2 - November 27 2023 + * All Platforms + * Updated tor to 0.4.8.9 + * Bug 42153: Drop dom.enable_resource_timing = false preference [tor-browser] + * Bug 42246: Migrate tor connection stuff from browser to toolkit [tor-browser] + * Bug 42261: Update the icon of Startpage search engine [tor-browser] + * Bug 42276: Rebase Browsers Alpha to 115.5.0esr [tor-browser] + * Bug 42277: Enable storage.sync to fix broken webextensions [tor-browser] + * Bug 42288: Allow language spoofing in status messages [tor-browser] + * Bug 42302: The allowed ports string contains a typo [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 115.5.0esr + * Bug 42231: Improve the network monitor patch for http onion resources [tor-browser] + * Bug 42072: YEC 2023 Takeover for Desktop Stable [tor-browser] + * Bug 42188: Donations are asked repeatedly when I click New identity button [tor-browser] + * Bug 42194: Blank Net Error page on name resolution failure [tor-browser] + * Linux + * Bug 17560: Downloaded URLs disk leak on Linux [tor-browser] + * Bug 41017: Disable Nvidia shader cache [tor-browser-build] + * Android + * Updated GeckoView to 115.5.0esr + * Bug 41846: firefox-android esr 115 introduced new nimbus use: they need to be disabled [tor-browser] + * Bug 42074: YEC 2023 Takeover for Android Stable [tor-browser] + * Bug 42258: Replace the current boring "fiery android" icon we use for dev with the cool nightly icon [tor-browser] + * Bug 42259: Remove unused firefox branding from Tor Browser for Android [tor-browser] + * Bug 42260: Add TBB artifacts to .gitignore [tor-browser] + * Bug 42285: Update the gitignore to use the correct paths for tor stuff [tor-browser] + * Bug 42287: Backport security fixes (Android & wontfix) from Firefox 120 to 115.5 - based Tor Browser [tor-browser] + * Build System + * All Platforms + * Update Go to 1.21.4 + * Bug 40884: Script to automate uploading sha256s and signatures to location signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo expects them to be [tor-browser-build] + * Bug 40970: Missing symlink create-blog-post.torbrowser -> create-blog-post symlink [tor-browser-build] + * Bug 41006: Fix typo in finished-signing-clean-linux signer [tor-browser-build] + * Bug 41023: Update lead.png symlink and blog post template in tools/signing/create-blog-post [tor-browser-build] + * Bug 40063: RBM's chroot fails in Fedora [rbm] + * Bug 40064: Using exec on project with no git_url/hg_url is causing warning [rbm] + * macOS + * Bug 41005: Unpack macOS bundle to /var/tmp instead of /tmp in rcodesign-notary-submit step [tor-browser-build] + * Bug 41007: gatekeeper-bundling.sh refers to old .tar.gz archive [tor-browser-build] + * Bug 41014: Update libdmg-hfsplus to drop the OpenSSL patch [tor-browser-build] + * Bug 41020: Opening MacOS dmg file is causing a warning, since 13.0 [tor-browser-build] + * Android + * Bug 41024: Fix android filenames in Release Prep issue templates [tor-browser-build] + Tor Browser 13.0.5 - November 22 2023 * Windows + macOS + Linux * Bug 42072: YEC 2023 Takeover for Desktop Stable [tor-browser] ===================================== projects/browser/allowed_addons.json ===================================== @@ -17,21 +17,18 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/34/9734/13299734/13299734.pn…" } ], - "average_daily_users": 1069317, + "average_daily_users": 1101501, "categories": { - "android": [ - "experimental", - "user-interface" - ], "firefox": [ + "web-development", "appearance", - "web-development" + "other" ] }, "contributions_url": "https://opencollective.com/darkreader?utm_content=product-page-contribute&u…", "created": "2017-09-19T07:03:00Z", "current_version": { - "id": 5650180, + "id": 5654228, "compatibility": { "firefox": { "min": "54.0", @@ -42,7 +39,7 @@ "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/darkreader/versions/56501…", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/darkreader/versions/56542…", "is_strict_compatibility_enabled": false, "license": { "id": 22, @@ -53,22 +50,22 @@ "url": "http://www.opensource.org/license/mit" }, "release_notes": { - "en-US": "- Fixed for Reddit (incorrect CSS comment handling).\n- Fixed working on domains containing `constructor` part.\n- Users' fixes for websites." + "en-US": "- Separated Enabled and Disabled site lists.\n- Regular expressions support in Site List.\n- Fixed automation after computer waking up.\n- Users' fixes for websites." }, - "reviewed": "2023-11-15T18:44:00Z", - "version": "4.9.68", + "reviewed": "2023-11-27T09:24:35Z", + "version": "4.9.70", "files": [ { - "id": 4194520, - "created": "2023-11-13T16:59:09Z", - "hash": "sha256:009b35e2b5e3ad787cc5f5cd75cf995119baaddfd45a00bd045c2098a99cff85", + "id": 4198549, + "created": "2023-11-22T13:10:25Z", + "hash": "sha256:3ccbe247031dd4fcc3d9bd840872ed38e9843729709f92803c234041070588a7", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 676616, + "size": 679785, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4194520/darkreader-4.9.68…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4198549/darkreader-4.9.70…", "permissions": [ "alarms", "contextMenus", @@ -146,7 +143,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-11-15T18:44:00Z", + "last_updated": "2023-11-27T09:24:35Z", "name": { "ar": "Dark Reader", "bn": "Dark Reader", @@ -221,10 +218,10 @@ "category": "recommended" }, "ratings": { - "average": 4.5559, - "bayesian_average": 4.554766454205969, - "count": 5233, - "text_count": 1642 + "average": 4.554, + "bayesian_average": 4.552870632911627, + "count": 5271, + "text_count": 1653 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/reviews/", "requires_payment": false, @@ -321,7 +318,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/versions/", - "weekly_downloads": 39666 + "weekly_downloads": 44692 }, "notes": null }, @@ -337,11 +334,8 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/56/7656/6937656/6937656.png?…" } ], - "average_daily_users": 262050, + "average_daily_users": 264243, "categories": { - "android": [ - "security-privacy" - ], "firefox": [ "privacy-security" ] @@ -553,10 +547,10 @@ "category": "recommended" }, "ratings": { - "average": 4.8089, - "bayesian_average": 4.804287877831421, - "count": 1371, - "text_count": 243 + "average": 4.8061, + "bayesian_average": 4.801493388841497, + "count": 1377, + "text_count": 244 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/reviews/", "requires_payment": false, @@ -641,7 +635,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/versions/", - "weekly_downloads": 4465 + "weekly_downloads": 4281 }, "notes": null }, @@ -657,11 +651,8 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/73/4073/5474073/5474073.png?…" } ], - "average_daily_users": 1180120, + "average_daily_users": 1193283, "categories": { - "android": [ - "security-privacy" - ], "firefox": [ "privacy-security" ] @@ -1181,9 +1172,9 @@ "category": "recommended" }, "ratings": { - "average": 4.7946, - "bayesian_average": 4.7918968335591, - "count": 2332, + "average": 4.7971, + "bayesian_average": 4.794394568610204, + "count": 2341, "text_count": 444 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/reviews/", @@ -1208,7 +1199,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/versions/", - "weekly_downloads": 20900 + "weekly_downloads": 28584 }, "notes": null }, @@ -1224,11 +1215,8 @@ "picture_url": null } ], - "average_daily_users": 7140277, + "average_daily_users": 7361738, "categories": { - "android": [ - "security-privacy" - ], "firefox": [ "privacy-security" ] @@ -1236,7 +1224,7 @@ "contributions_url": "", "created": "2015-04-25T07:26:22Z", "current_version": { - "id": 5644148, + "id": 5654508, "compatibility": { "firefox": { "min": "78.0", @@ -1247,7 +1235,7 @@ "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/ublock-origin/versions/56…", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/ublock-origin/versions/56…", "is_strict_compatibility_enabled": false, "license": { "id": 6, @@ -1258,22 +1246,22 @@ "url": "http://www.gnu.org/licenses/gpl-3.0.html" }, "release_notes": { - "en-US": "See complete release notes for <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/8e97e4fad4a9080cacd692…" rel=\"nofollow\">1.53.0</a>.\n\nFixes / changes\n\n<ul><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/04dc7add7ba2b97b2c9b89…" rel=\"nofollow\">Improve google-ima shim script</a> (by @kzar)</li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/b4a71c78d84ca82dd6abd1…" rel=\"nofollow\">Match <code>type</code> exactly in <code>prevent-addEventListener</code> scriptlet</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/ff70ef00dfe5f67a6928e7…" rel=\"nofollow\">Add filtering expressions for logger output</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/02bf9ee4e085caa28d989f…" rel=\"nofollow\">Add warning against adding custom filters from untrusted sources</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/6c4da5a1939b3db01c9ee3…" rel=\"nofollow\">Consider My filters an untrusted source by default</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/ca1700dc2ee0250b8cf6d8…" rel=\"nofollow\">Add <code>trusted-prune-inbound-object</code> scriptlet</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/ba6f6721dda39f05a31f17…" rel=\"nofollow\">Add <code>dontOverwrite</code> vararg to <code>(trusted-)set-cookie</code> scriptlets</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/35c49cd46c6ee8f6de39a9…" rel=\"nofollow\">Add \"on\" and \"off\" values to set-cookie</a> (by @peace2000)</li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/4927397ea80a4a61cc940c…" rel=\"nofollow\">Fine tune <code>set-local-storage-item</code> as per feedback</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/7fa8961d810dcba3ee585c…" rel=\"nofollow\">Support AdGuard's <code>[trusted-]set-cookie-reload</code> scriptlets</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/349cef9dc278896ca7daa7…" rel=\"nofollow\">Ignore assets older than cached version when fetching from CDNs</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/b0dea07b330af0f97e32e2…" rel=\"nofollow\">Support quoting scriptlet parameters with backticks</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/5d764bfef4a34dddcc078f…" rel=\"nofollow\">Add new static network filter option: <code>urltransform</code></a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/5169835229aef5279e13d7…" rel=\"nofollow\">Support pane: mark lists as obsolete only when update button is clicked</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/3f93ea8084165631352752…" rel=\"nofollow\">Bring <code>header=</code> filter option out of experimental status</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/6f0c547fbe7e39c23f4e0d…" rel=\"nofollow\">Add <code>trusted-click-element</code> scriptlet</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/396bbf79d31a089d9396f0…" rel=\"nofollow\">Add ability to update lists through links with specifically crafted URLs</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/da3831d0dd386383b7c063…" rel=\"nofollow\">Fix overzealous matching in <code>(remove|replace)-node-text</code> scriptlets</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/106e2566988d1f7f89ef4a…" rel=\"nofollow\">Fix <code>no-xhr-if</code> scriptlet for Firefox</a></li><li>[More ...]\n\n<a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/d8295679b79e096909c47f…" rel=\"nofollow\">Commits history since last version</a>.</li></ul>" + "en-US": "See complete release notes for <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/4c736806dc9702f9496c1c…" rel=\"nofollow\">1.54.0</a>.\n\nFixes / changes\n\n<ul><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/30ee045a42c04a557ec92d…" rel=\"nofollow\">Enable path for native <code>has()</code> selector in Firefox</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/26aaa3263afd1e6e450a7f…" rel=\"nofollow\">Allow scriptlets to be injected in <code>about:blank</code></a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/5967388a2432967ee63e77…" rel=\"nofollow\">Fix faulty <code>as</code> vararg in <code>set-constant</code> scriptlet</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/b9a3ce2fd67895cc3fd06f…" rel=\"nofollow\">Add support to redirect to <code>noop.json</code></a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/1a7fcce826cb83449490e3…" rel=\"nofollow\">More improvements to the <code>google-ima</code> shim script</a> (by @kzar)</li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/56d921f7e251fb313a4be0…" rel=\"nofollow\">All exceptions filters are exempt from requiring a trusted source</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/b3b9c520dd7fef26a4f129…" rel=\"nofollow\">Add <code>trusted-set-session-storage-item</code> scriptlet</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/5f347a4a217555ac7ff920…" rel=\"nofollow\">Allow the use of quotes in <code>set-cookie</code> scriptlet </a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/fe9490248b43262e2613b2…" rel=\"nofollow\">Allow the use of quotes in <code>set-(local|session)-storage-item</code></a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/92d58a934e2392a346a587…" rel=\"nofollow\">Add ability to trigger cookie removal on specific events</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/23e952e408915752c90dc3…" rel=\"nofollow\">Ensure CSSTree does not hold a reference onto last parsed string</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/302676f334820cdfe567f7…" rel=\"nofollow\">Lower minimum Expires value to 4h</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/03ac48dee7ecbf33ac2dd4…" rel=\"nofollow\">Properly reset needle length in unserialized buffer</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/d4babab0e0c4b624992f8f…" rel=\"nofollow\">Add additional flags to regional lists</a> (by @DandelionSprout)</li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/a09bd04e017892dd0b0d12…" rel=\"nofollow\">Harden scriptlets which need to serialize function code into string</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/1a5be5c8aa0baa49879f92…" rel=\"nofollow\">Reset <code>g</code> regexes before use in <code>rmnt</code>/<code>rpnt</code> scriptlets</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/f2e3dd373c3a474ca27bad…" rel=\"nofollow\">Apply response filtering according to mime type</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/12cfcbade6a208e02352fd…" rel=\"nofollow\">Add t/f to set-cookie</a> (by @ryanbr)</li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/7856310df6fe39bff4e1b0…" rel=\"nofollow\">Have <code>urltransform=</code> use the same syntax as <code>replace=</code></a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/520b2f8c295d638b0c72f5…" rel=\"nofollow\">Implement network filter option <code>replace=</code></a></li><li>...</li></ul>\n<a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/3f4f5634b3bdd26c8e335f…" rel=\"nofollow\">Commits history since last version</a>" }, - "reviewed": "2023-11-02T12:31:33Z", - "version": "1.53.0", + "reviewed": "2023-11-27T08:08:01Z", + "version": "1.54.0", "files": [ { - "id": 4188488, - "created": "2023-10-31T12:35:52Z", - "hash": "sha256:5403474101f753b5d38c09135e40d82a115afcd01310d78133a4af363462194b", + "id": 4198829, + "created": "2023-11-22T16:24:35Z", + "hash": "sha256:9797160908191710ff0858536ba6dc29ecad9923c30b2ad6d3e5e371d759e44d", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 3593021, + "size": 3630690, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4188488/ublock_origin-1.5…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4198829/ublock_origin-1.5…", "permissions": [ "dns", "menus", @@ -1392,7 +1380,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-11-14T23:15:40Z", + "last_updated": "2023-12-03T21:40:39Z", "name": { "ar": "uBlock Origin", "bg": "uBlock Origin", @@ -1537,10 +1525,10 @@ "category": "recommended" }, "ratings": { - "average": 4.7847, - "bayesian_average": 4.7843208303981575, - "count": 16602, - "text_count": 4329 + "average": 4.7859, + "bayesian_average": 4.785523327278846, + "count": 16777, + "text_count": 4370 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/reviews/", "requires_payment": false, @@ -1603,7 +1591,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/versions/", - "weekly_downloads": 252376 + "weekly_downloads": 215425 }, "notes": null }, @@ -1619,14 +1607,11 @@ "picture_url": null } ], - "average_daily_users": 173964, + "average_daily_users": 175242, "categories": { - "android": [ - "photos-media" - ], "firefox": [ - "games-entertainment", - "photos-music-videos" + "photos-music-videos", + "games-entertainment" ] }, "contributions_url": "", @@ -1718,10 +1703,10 @@ "category": "recommended" }, "ratings": { - "average": 4.4904, - "bayesian_average": 4.485326875429083, - "count": 1146, - "text_count": 428 + "average": 4.4827, + "bayesian_average": 4.477648647741963, + "count": 1154, + "text_count": 431 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/re…", "requires_payment": false, @@ -1743,7 +1728,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/ve…", - "weekly_downloads": 371 + "weekly_downloads": 395 }, "notes": null }, @@ -1759,14 +1744,11 @@ "picture_url": null } ], - "average_daily_users": 87714, + "average_daily_users": 87541, "categories": { - "android": [ - "experimental", - "security-privacy" - ], "firefox": [ - "privacy-security" + "privacy-security", + "other" ] }, "contributions_url": "", @@ -1897,7 +1879,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/versions/", - "weekly_downloads": 1865 + "weekly_downloads": 1612 }, "notes": null }, @@ -1913,15 +1895,12 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/64/9064/12929064/12929064.pn…" } ], - "average_daily_users": 281546, + "average_daily_users": 286382, "categories": { - "android": [ - "photos-media", - "user-interface" - ], "firefox": [ - "photos-music-videos", - "search-tools" + "search-tools", + "appearance", + "photos-music-videos" ] }, "contributions_url": "https://www.paypal.com/donate?hosted_button_id=GLL4UNSNU6SQN&utm_content=pr…", @@ -2133,10 +2112,10 @@ "category": "recommended" }, "ratings": { - "average": 4.655, - "bayesian_average": 4.65048814198261, - "count": 1348, - "text_count": 258 + "average": 4.6517, + "bayesian_average": 4.6472069802370894, + "count": 1358, + "text_count": 262 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/reviews/", "requires_payment": false, @@ -2157,7 +2136,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/versions/", - "weekly_downloads": 5130 + "weekly_downloads": 7018 }, "notes": null }, @@ -2180,13 +2159,11 @@ "picture_url": null } ], - "average_daily_users": 116182, + "average_daily_users": 118255, "categories": { - "android": [ - "other" - ], "firefox": [ - "search-tools" + "search-tools", + "other" ] }, "contributions_url": "", @@ -2463,10 +2440,10 @@ "category": "recommended" }, "ratings": { - "average": 4.3666, - "bayesian_average": 4.362179866443754, - "count": 1271, - "text_count": 356 + "average": 4.3682, + "bayesian_average": 4.363792783638318, + "count": 1282, + "text_count": 360 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/reviews/", "requires_payment": false, @@ -2486,7 +2463,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/versions/", - "weekly_downloads": 32 + "weekly_downloads": 76 }, "notes": null }, @@ -2502,15 +2479,12 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/43/0143/143/143.png?modified…" } ], - "average_daily_users": 313357, + "average_daily_users": 314489, "categories": { - "android": [ - "performance", - "security-privacy" - ], "firefox": [ + "web-development", "privacy-security", - "web-development" + "other" ] }, "contributions_url": "https://www.paypal.com/donate/?hosted_button_id=9ERKTU5MBH4EW&utm_content=p…", @@ -2692,10 +2666,10 @@ "category": "recommended" }, "ratings": { - "average": 4.3968, - "bayesian_average": 4.394142112372486, - "count": 2137, - "text_count": 828 + "average": 4.3987, + "bayesian_average": 4.3960429536167975, + "count": 2147, + "text_count": 830 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/reviews/", "requires_payment": false, @@ -2739,7 +2713,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/", - "weekly_downloads": 8490 + "weekly_downloads": 8814 }, "notes": null }, @@ -2755,15 +2729,12 @@ "picture_url": null } ], - "average_daily_users": 156584, + "average_daily_users": 158614, "categories": { - "android": [ - "performance", - "photos-media" - ], "firefox": [ - "games-entertainment", - "photos-music-videos" + "photos-music-videos", + "other", + "games-entertainment" ] }, "contributions_url": "", @@ -2867,9 +2838,9 @@ "category": "recommended" }, "ratings": { - "average": 3.8631, - "bayesian_average": 3.8590398415336518, - "count": 1191, + "average": 3.8686, + "bayesian_average": 3.8645267887251755, + "count": 1195, "text_count": 432 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/revi…", @@ -2889,7 +2860,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/vers…", - "weekly_downloads": 2791 + "weekly_downloads": 2376 }, "notes": null } ===================================== projects/browser/config ===================================== @@ -91,9 +91,9 @@ input_files: - URL: https://addons.mozilla.org/firefox/downloads/file/4178438/noscript-11.4.28.… name: noscript sha256sum: 54d076b3226d454216117547f6441d2f95af3057d20f726e55d94b0f22573c14 - - URL: https://addons.mozilla.org/firefox/downloads/file/4188488/ublock_origin-1.5… + - URL: https://addons.mozilla.org/firefox/downloads/file/4198829/ublock_origin-1.5… name: ublock-origin - sha256sum: 5403474101f753b5d38c09135e40d82a115afcd01310d78133a4af363462194b + sha256sum: 9797160908191710ff0858536ba6dc29ecad9923c30b2ad6d3e5e371d759e44d enable: '[% c("var/mullvad-browser") %]' - URL: https://cdn.mullvad.net/browser-extension/0.8.4/mullvad-browser-extension-0… name: mullvad-extension ===================================== projects/firefox/config ===================================== @@ -18,7 +18,7 @@ var: firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '13.0' browser_branch: '[% c("var/browser_series") %]-1' - browser_build: 3 + browser_build: 4 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' @@ -86,7 +86,7 @@ targets: mullvadbrowser: git_url: https://gitlab.torproject.org/tpo/applications/mullvad-browser.git var: - browser_build: 2 + browser_build: 3 branding_directory_prefix: 'mb' gitlab_project: https://gitlab.torproject.org/tpo/applications/mullvad-browser updater_url: 'https://cdn.mullvad.net/browser/update_responses/update_1/' ===================================== projects/geckoview/config ===================================== @@ -16,7 +16,7 @@ container: var: geckoview_version: 115.5.0esr browser_branch: 13.0-1 - browser_build: 2 + browser_build: 4 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' ===================================== projects/manual/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 # To update, see doc/how-to-update-the-manual.txt # Remember to update also the package's hash, with the version! -version: 120105 +version: 122062 filename: 'manual-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: ebcf66a4a8f8d0801234203d8e2b8d46744f6c2f + git_hash: d4772b91cee02fffc2a01db61e45311fad4ad767 targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: 94f2dbd69095270431df2d44f5573fc9c68ad240 + git_hash: 677b5d8b72447ef40cd437296802f04894ce9df6 targets: nightly: git_hash: 'tor-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: dfe9edb319cdaf311c11103f3a0efa44ebc95cb4 + git_hash: 76fd869e48f0bd3cb1c7da321ce9e15a482f2a2c compress_tar: 'zst' targets: nightly: ===================================== rbm.conf ===================================== @@ -81,10 +81,10 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '13.0.5' + torbrowser_version: '13.0.6' torbrowser_build: 'build1' torbrowser_incremental_from: - - '13.0.4' + - '13.0.5' - '13.0.1' - '13.0' updater_enabled: 1 @@ -304,6 +304,10 @@ targets: - tr - zh-CN - zh-TW + torbrowser_incremental_from: + - '13.0.4' + - '13.0.1' + - '13.0' torbrowser-testbuild: - testbuild View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-115.5.0esr-13.0-1-build3
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed new tag mullvad-browser-115.5.0esr-13.0-1-build3 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.5.0esr-13.0-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed to branch mullvad-browser-115.5.0esr-13.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 81d88620 by hackademix at 2023-12-04T13:34:12+01:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42306: Prevent crashes and actually clear the clipboard on Wayland - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -155,12 +155,17 @@ const ClipboardPrivacy = { _globalActivation: false, _isPrivateClipboard: false, _hasher: null, + _shuttingDown: false, - _computeClipboardHash(win = Services.ww.activeWindow) { + _createTransferable() { const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( Ci.nsITransferable ); - trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + trans.init(null); + return trans; + }, + _computeClipboardHash() { + const trans = this._createTransferable(); ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); try { Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); @@ -199,16 +204,26 @@ const ClipboardPrivacy = { this._globalActivation = !Services.focus.activeWindow; }, 100); } - const clipboardHash = this._computeClipboardHash(win); - if (clipboardHash !== this._lastClipboardHash) { - this._isPrivateClipboard = - !activation && - (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - lazy.PrivateBrowsingUtils.isWindowPrivate(win)); - this._lastClipboardHash = clipboardHash; - console.log( - `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` - ); + + const checkClipboardContent = () => { + const clipboardHash = this._computeClipboardHash(); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + + if (win.closed) { + checkClipboardContent(); + } else { + // defer clipboard access on DOM events to work-around tor-browser#42306 + lazy.setTimeout(checkClipboardContent, 0); } }; const focusListener = e => @@ -231,18 +246,28 @@ const ClipboardPrivacy = { if ( this._isPrivateClipboard && lazy.PrivateBrowsingUtils.isWindowPrivate(win) && - !( - lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - Array.from(Services.ww.getWindowEnumerator()).find(w => - lazy.PrivateBrowsingUtils.isWindowPrivate(w) - ) - ) + (this._shuttingDown || + !Array.from(Services.ww.getWindowEnumerator()).find( + w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) && + // We need to filter out the HIDDEN WebExtensions window, + // which might be private as well but is not UI-relevant. + !w.location.href.startsWith("chrome://extensions/") + )) ) { // no more private windows, empty private content if needed this.emptyPrivate(); } } }); + + lazy.AsyncShutdown.quitApplicationGranted.addBlocker( + "ClipboardPrivacy: removing private data", + () => { + this._shuttingDown = true; + this.emptyPrivate(); + } + ); }, emptyPrivate() { if ( @@ -253,7 +278,20 @@ const ClipboardPrivacy = { ) && this._lastClipboardHash === this._computeClipboardHash() ) { - Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + // nsIClipboard.emptyClipboard() does nothing in Wayland: + // we'll set an empty string as a work-around. + const trans = this._createTransferable(); + const flavor = "text/plain"; + trans.addDataFlavor(flavor); + const emptyString = Cc["@mozilla.org/supports-string;1"].createInstance( + Ci.nsISupportsString + ); + emptyString.data = ""; + trans.setTransferData(flavor, emptyString); + const { clipboard } = Services, + { kGlobalClipboard } = clipboard; + clipboard.setData(trans, null, kGlobalClipboard); + clipboard.emptyClipboard(kGlobalClipboard); this._lastClipboardHash = null; this._isPrivateClipboard = false; console.log("Private clipboard emptied."); @@ -1994,7 +2032,6 @@ BrowserGlue.prototype = { lazy.UpdateListener.reset(); } }, - () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/81d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/81d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.5.0esr-13.5-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed to branch mullvad-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 1ff67dd6 by hackademix at 2023-12-04T13:31:29+01:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42306: Prevent crashes and actually clear the clipboard on Wayland - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -155,12 +155,17 @@ const ClipboardPrivacy = { _globalActivation: false, _isPrivateClipboard: false, _hasher: null, + _shuttingDown: false, - _computeClipboardHash(win = Services.ww.activeWindow) { + _createTransferable() { const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( Ci.nsITransferable ); - trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + trans.init(null); + return trans; + }, + _computeClipboardHash() { + const trans = this._createTransferable(); ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); try { Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); @@ -199,16 +204,26 @@ const ClipboardPrivacy = { this._globalActivation = !Services.focus.activeWindow; }, 100); } - const clipboardHash = this._computeClipboardHash(win); - if (clipboardHash !== this._lastClipboardHash) { - this._isPrivateClipboard = - !activation && - (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - lazy.PrivateBrowsingUtils.isWindowPrivate(win)); - this._lastClipboardHash = clipboardHash; - console.log( - `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` - ); + + const checkClipboardContent = () => { + const clipboardHash = this._computeClipboardHash(); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + + if (win.closed) { + checkClipboardContent(); + } else { + // defer clipboard access on DOM events to work-around tor-browser#42306 + lazy.setTimeout(checkClipboardContent, 0); } }; const focusListener = e => @@ -231,18 +246,28 @@ const ClipboardPrivacy = { if ( this._isPrivateClipboard && lazy.PrivateBrowsingUtils.isWindowPrivate(win) && - !( - lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - Array.from(Services.ww.getWindowEnumerator()).find(w => - lazy.PrivateBrowsingUtils.isWindowPrivate(w) - ) - ) + (this._shuttingDown || + !Array.from(Services.ww.getWindowEnumerator()).find( + w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) && + // We need to filter out the HIDDEN WebExtensions window, + // which might be private as well but is not UI-relevant. + !w.location.href.startsWith("chrome://extensions/") + )) ) { // no more private windows, empty private content if needed this.emptyPrivate(); } } }); + + lazy.AsyncShutdown.quitApplicationGranted.addBlocker( + "ClipboardPrivacy: removing private data", + () => { + this._shuttingDown = true; + this.emptyPrivate(); + } + ); }, emptyPrivate() { if ( @@ -253,7 +278,20 @@ const ClipboardPrivacy = { ) && this._lastClipboardHash === this._computeClipboardHash() ) { - Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + // nsIClipboard.emptyClipboard() does nothing in Wayland: + // we'll set an empty string as a work-around. + const trans = this._createTransferable(); + const flavor = "text/plain"; + trans.addDataFlavor(flavor); + const emptyString = Cc["@mozilla.org/supports-string;1"].createInstance( + Ci.nsISupportsString + ); + emptyString.data = ""; + trans.setTransferData(flavor, emptyString); + const { clipboard } = Services, + { kGlobalClipboard } = clipboard; + clipboard.setData(trans, null, kGlobalClipboard); + clipboard.emptyClipboard(kGlobalClipboard); this._lastClipboardHash = null; this._isPrivateClipboard = false; console.log("Private clipboard emptied."); @@ -1994,7 +2032,6 @@ BrowserGlue.prototype = { lazy.UpdateListener.reset(); } }, - () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/1ff… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/1ff… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.5.0esr-13.0-1-build4
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed new tag tor-browser-115.5.0esr-13.0-1-build4 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.0-1] fixup! Bug 23247: Communicating security expectations for .onion
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed to branch tor-browser-115.5.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 91e057ca by cypherpunks1 at 2023-12-04T13:06:55+01:00 fixup! Bug 23247: Communicating security expectations for .onion Bug 42231: Improve the network monitor patch for http onion resources - - - - - 2 changed files: - devtools/client/netmonitor/src/components/SecurityState.js - devtools/shared/network-observer/NetworkHelper.sys.mjs Changes: ===================================== devtools/client/netmonitor/src/components/SecurityState.js ===================================== @@ -41,7 +41,7 @@ class SecurityState extends Component { const { securityState, - urlDetails: { isLocal }, + urlDetails: { host, isLocal }, } = item; const iconClassList = ["requests-security-state-icon"]; @@ -50,7 +50,11 @@ class SecurityState extends Component { // Locally delivered files such as http://localhost and file:// paths // are considered to have been delivered securely. - if (isLocal) { + if ( + isLocal || + (host?.endsWith(".onion") && + Services.prefs.getBoolPref("dom.securecontext.allowlist_onions", false)) + ) { realSecurityState = "secure"; } ===================================== devtools/shared/network-observer/NetworkHelper.sys.mjs ===================================== @@ -596,9 +596,6 @@ export var NetworkHelper = { // The request did not contain any security info. if (!securityInfo) { - if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) { - info.state = "secure"; - } return info; } @@ -650,11 +647,7 @@ export var NetworkHelper = { // schemes other than https and wss are subject to // downgrade/etc at the scheme level and should always be // considered insecure - if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) { - info.state = "secure"; - } else { - info.state = "insecure"; - } + info.state = "insecure"; } else if (state & wpl.STATE_IS_SECURE) { // The connection is secure if the scheme is sufficient info.state = "secure"; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/91e057c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/91e057c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 41017: Tell Nvidia drivers not to create the shader cache.
by Pier Angelo Vendrame (＠pierov) 04 Dec '23

04 Dec '23

Pier Angelo Vendrame pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 6a9aac2c by Pier Angelo Vendrame at 2023-12-04T13:03:03+01:00 Bug 41017: Tell Nvidia drivers not to create the shader cache. Nvidia drivers create a shader cache in $HOME/.cache/nvidia by default. However, it can be easily disabled with an environment variable. - - - - - 1 changed file: - projects/browser/RelativeLink/start-browser Changes: ===================================== projects/browser/RelativeLink/start-browser ===================================== @@ -367,6 +367,10 @@ rm -Rf "${HOME}/TorBrowser/Data/fontconfig" # Avoid overwriting user's dconf values. Fixes #27903. export GSETTINGS_BACKEND=memory +# tor-browser-build#41017: Nvidia drivers create a shader cache by default in +# $HOME/.cache/nvidia. We we can easily disable it. +export __GL_SHADER_DISK_CACHE=0 + cd "${HOME}" # We pass all additional command-line arguments we get to Firefox. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.0-1] fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in...
by Pier Angelo Vendrame (＠pierov) 04 Dec '23

04 Dec '23

Pier Angelo Vendrame pushed to branch tor-browser-115.5.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 92139ee5 by Pier Angelo Vendrame at 2023-12-04T12:57:25+01:00 fixup! Bug 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection Bug 42299: Unbreak about:preferences#connection when invalid bridge lines are supplied We switched to a shared bridge line parser. It might throw if an invalid bridge line is passed, but we do not handle the exception in connectionPane.js. As a result, the page breaks. As a workaround, we can simply ignore the errors, but a better solution would warn the user about that. A bridge card rework is expected to happen in the 13.5 cycle, so I think we can defer a proper fix to that moment. (This should also be the UX of 11.5, 12.0 and 12.5). - - - - - 1 changed file: - browser/components/torpreferences/content/connectionPane.js Changes: ===================================== browser/components/torpreferences/content/connectionPane.js ===================================== @@ -398,7 +398,7 @@ const gConnectionPane = (function () { bridgeSwitch.addEventListener("toggle", () => { TorSettings.bridges.enabled = bridgeSwitch.pressed; TorSettings.saveToPrefs(); - TorSettings.applySettings().then(result => { + TorSettings.applySettings().finally(() => { this._populateBridgeCards(); }); }); @@ -486,7 +486,12 @@ const gConnectionPane = (function () { }); const idString = TorStrings.settings.bridgeId; const id = card.querySelector(selectors.bridges.cardId); - const details = TorParsers.parseBridgeLine(bridgeString); + let details; + try { + details = TorParsers.parseBridgeLine(bridgeString); + } catch (e) { + console.error(`Detected invalid bridge line: ${bridgeString}`, e); + } if (details && details.id !== undefined) { card.setAttribute("data-bridge-id", details.id); } @@ -529,7 +534,7 @@ const gConnectionPane = (function () { bridgeSwitch.pressed && !!strings.length; TorSettings.bridges.bridge_strings = strings.join("\n"); TorSettings.saveToPrefs(); - TorSettings.applySettings().then(result => { + TorSettings.applySettings().finally(() => { this._populateBridgeCards(); }); }); @@ -1021,7 +1026,7 @@ const gConnectionPane = (function () { TorSettings.bridges.builtin_type = ""; } TorSettings.saveToPrefs(); - TorSettings.applySettings().then(result => { + TorSettings.applySettings().finally(() => { this._populateBridgeCards(); }); }, @@ -1036,8 +1041,12 @@ const gConnectionPane = (function () { async saveBridgeSettings(connect) { TorSettings.saveToPrefs(); // FIXME: This can throw if the user adds a bridge manually with invalid - // content. Should be addressed by tor-browser#40552. - await TorSettings.applySettings(); + // content. Should be addressed by tor-browser#41913. + try { + await TorSettings.applySettings(); + } catch (e) { + console.error("Applying settings failed", e); + } this._populateBridgeCards(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/92139ee… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/92139ee… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.5.0esr-13.0-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed to branch base-browser-115.5.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: d101548d by hackademix at 2023-12-04T12:20:50+01:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42306: Prevent crashes and actually clear the clipboard on Wayland - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -155,12 +155,17 @@ const ClipboardPrivacy = { _globalActivation: false, _isPrivateClipboard: false, _hasher: null, + _shuttingDown: false, - _computeClipboardHash(win = Services.ww.activeWindow) { + _createTransferable() { const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( Ci.nsITransferable ); - trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + trans.init(null); + return trans; + }, + _computeClipboardHash() { + const trans = this._createTransferable(); ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); try { Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); @@ -199,16 +204,26 @@ const ClipboardPrivacy = { this._globalActivation = !Services.focus.activeWindow; }, 100); } - const clipboardHash = this._computeClipboardHash(win); - if (clipboardHash !== this._lastClipboardHash) { - this._isPrivateClipboard = - !activation && - (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - lazy.PrivateBrowsingUtils.isWindowPrivate(win)); - this._lastClipboardHash = clipboardHash; - console.log( - `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` - ); + + const checkClipboardContent = () => { + const clipboardHash = this._computeClipboardHash(); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + + if (win.closed) { + checkClipboardContent(); + } else { + // defer clipboard access on DOM events to work-around tor-browser#42306 + lazy.setTimeout(checkClipboardContent, 0); } }; const focusListener = e => @@ -231,18 +246,28 @@ const ClipboardPrivacy = { if ( this._isPrivateClipboard && lazy.PrivateBrowsingUtils.isWindowPrivate(win) && - !( - lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - Array.from(Services.ww.getWindowEnumerator()).find(w => - lazy.PrivateBrowsingUtils.isWindowPrivate(w) - ) - ) + (this._shuttingDown || + !Array.from(Services.ww.getWindowEnumerator()).find( + w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) && + // We need to filter out the HIDDEN WebExtensions window, + // which might be private as well but is not UI-relevant. + !w.location.href.startsWith("chrome://extensions/") + )) ) { // no more private windows, empty private content if needed this.emptyPrivate(); } } }); + + lazy.AsyncShutdown.quitApplicationGranted.addBlocker( + "ClipboardPrivacy: removing private data", + () => { + this._shuttingDown = true; + this.emptyPrivate(); + } + ); }, emptyPrivate() { if ( @@ -253,7 +278,20 @@ const ClipboardPrivacy = { ) && this._lastClipboardHash === this._computeClipboardHash() ) { - Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + // nsIClipboard.emptyClipboard() does nothing in Wayland: + // we'll set an empty string as a work-around. + const trans = this._createTransferable(); + const flavor = "text/plain"; + trans.addDataFlavor(flavor); + const emptyString = Cc["@mozilla.org/supports-string;1"].createInstance( + Ci.nsISupportsString + ); + emptyString.data = ""; + trans.setTransferData(flavor, emptyString); + const { clipboard } = Services, + { kGlobalClipboard } = clipboard; + clipboard.setData(trans, null, kGlobalClipboard); + clipboard.emptyClipboard(kGlobalClipboard); this._lastClipboardHash = null; this._isPrivateClipboard = false; console.log("Private clipboard emptied."); @@ -2027,7 +2065,6 @@ BrowserGlue.prototype = { lazy.UpdateListener.reset(); } }, - () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d101548… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d101548… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.5.0esr-13.5-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed to branch base-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 2a4e21db by hackademix at 2023-12-04T12:18:52+01:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42306: Prevent crashes and actually clear the clipboard on Wayland - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -155,12 +155,17 @@ const ClipboardPrivacy = { _globalActivation: false, _isPrivateClipboard: false, _hasher: null, + _shuttingDown: false, - _computeClipboardHash(win = Services.ww.activeWindow) { + _createTransferable() { const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( Ci.nsITransferable ); - trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + trans.init(null); + return trans; + }, + _computeClipboardHash() { + const trans = this._createTransferable(); ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); try { Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); @@ -199,16 +204,26 @@ const ClipboardPrivacy = { this._globalActivation = !Services.focus.activeWindow; }, 100); } - const clipboardHash = this._computeClipboardHash(win); - if (clipboardHash !== this._lastClipboardHash) { - this._isPrivateClipboard = - !activation && - (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - lazy.PrivateBrowsingUtils.isWindowPrivate(win)); - this._lastClipboardHash = clipboardHash; - console.log( - `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` - ); + + const checkClipboardContent = () => { + const clipboardHash = this._computeClipboardHash(); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + + if (win.closed) { + checkClipboardContent(); + } else { + // defer clipboard access on DOM events to work-around tor-browser#42306 + lazy.setTimeout(checkClipboardContent, 0); } }; const focusListener = e => @@ -231,18 +246,28 @@ const ClipboardPrivacy = { if ( this._isPrivateClipboard && lazy.PrivateBrowsingUtils.isWindowPrivate(win) && - !( - lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - Array.from(Services.ww.getWindowEnumerator()).find(w => - lazy.PrivateBrowsingUtils.isWindowPrivate(w) - ) - ) + (this._shuttingDown || + !Array.from(Services.ww.getWindowEnumerator()).find( + w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) && + // We need to filter out the HIDDEN WebExtensions window, + // which might be private as well but is not UI-relevant. + !w.location.href.startsWith("chrome://extensions/") + )) ) { // no more private windows, empty private content if needed this.emptyPrivate(); } } }); + + lazy.AsyncShutdown.quitApplicationGranted.addBlocker( + "ClipboardPrivacy: removing private data", + () => { + this._shuttingDown = true; + this.emptyPrivate(); + } + ); }, emptyPrivate() { if ( @@ -253,7 +278,20 @@ const ClipboardPrivacy = { ) && this._lastClipboardHash === this._computeClipboardHash() ) { - Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + // nsIClipboard.emptyClipboard() does nothing in Wayland: + // we'll set an empty string as a work-around. + const trans = this._createTransferable(); + const flavor = "text/plain"; + trans.addDataFlavor(flavor); + const emptyString = Cc["@mozilla.org/supports-string;1"].createInstance( + Ci.nsISupportsString + ); + emptyString.data = ""; + trans.setTransferData(flavor, emptyString); + const { clipboard } = Services, + { kGlobalClipboard } = clipboard; + clipboard.setData(trans, null, kGlobalClipboard); + clipboard.emptyClipboard(kGlobalClipboard); this._lastClipboardHash = null; this._isPrivateClipboard = false; console.log("Private clipboard emptied."); @@ -2027,7 +2065,6 @@ BrowserGlue.prototype = { lazy.UpdateListener.reset(); } }, - () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/2a4e21d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/2a4e21d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.0-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed to branch tor-browser-115.5.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 1a9bf95b by hackademix at 2023-12-04T12:13:55+01:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42306: Prevent crashes and actually clear the clipboard on Wayland - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -157,12 +157,17 @@ const ClipboardPrivacy = { _globalActivation: false, _isPrivateClipboard: false, _hasher: null, + _shuttingDown: false, - _computeClipboardHash(win = Services.ww.activeWindow) { + _createTransferable() { const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( Ci.nsITransferable ); - trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + trans.init(null); + return trans; + }, + _computeClipboardHash() { + const trans = this._createTransferable(); ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); try { Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); @@ -201,16 +206,26 @@ const ClipboardPrivacy = { this._globalActivation = !Services.focus.activeWindow; }, 100); } - const clipboardHash = this._computeClipboardHash(win); - if (clipboardHash !== this._lastClipboardHash) { - this._isPrivateClipboard = - !activation && - (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - lazy.PrivateBrowsingUtils.isWindowPrivate(win)); - this._lastClipboardHash = clipboardHash; - console.log( - `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` - ); + + const checkClipboardContent = () => { + const clipboardHash = this._computeClipboardHash(); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + + if (win.closed) { + checkClipboardContent(); + } else { + // defer clipboard access on DOM events to work-around tor-browser#42306 + lazy.setTimeout(checkClipboardContent, 0); } }; const focusListener = e => @@ -233,18 +248,28 @@ const ClipboardPrivacy = { if ( this._isPrivateClipboard && lazy.PrivateBrowsingUtils.isWindowPrivate(win) && - !( - lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - Array.from(Services.ww.getWindowEnumerator()).find(w => - lazy.PrivateBrowsingUtils.isWindowPrivate(w) - ) - ) + (this._shuttingDown || + !Array.from(Services.ww.getWindowEnumerator()).find( + w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) && + // We need to filter out the HIDDEN WebExtensions window, + // which might be private as well but is not UI-relevant. + !w.location.href.startsWith("chrome://extensions/") + )) ) { // no more private windows, empty private content if needed this.emptyPrivate(); } } }); + + lazy.AsyncShutdown.quitApplicationGranted.addBlocker( + "ClipboardPrivacy: removing private data", + () => { + this._shuttingDown = true; + this.emptyPrivate(); + } + ); }, emptyPrivate() { if ( @@ -255,7 +280,20 @@ const ClipboardPrivacy = { ) && this._lastClipboardHash === this._computeClipboardHash() ) { - Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + // nsIClipboard.emptyClipboard() does nothing in Wayland: + // we'll set an empty string as a work-around. + const trans = this._createTransferable(); + const flavor = "text/plain"; + trans.addDataFlavor(flavor); + const emptyString = Cc["@mozilla.org/supports-string;1"].createInstance( + Ci.nsISupportsString + ); + emptyString.data = ""; + trans.setTransferData(flavor, emptyString); + const { clipboard } = Services, + { kGlobalClipboard } = clipboard; + clipboard.setData(trans, null, kGlobalClipboard); + clipboard.emptyClipboard(kGlobalClipboard); this._lastClipboardHash = null; this._isPrivateClipboard = false; console.log("Private clipboard emptied."); @@ -2130,7 +2168,6 @@ BrowserGlue.prototype = { } }, () => lazy.OnionAliasStore.uninit(), - () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1a9bf95… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/1a9bf95… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 04 Dec '23

04 Dec '23

ma1 pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 410b9a4c by hackademix at 2023-12-04T11:02:42+01:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42306: Prevent crashes and actually clear the clipboard on Wayland - - - - - 1 changed file: - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -159,12 +159,17 @@ const ClipboardPrivacy = { _globalActivation: false, _isPrivateClipboard: false, _hasher: null, + _shuttingDown: false, - _computeClipboardHash(win = Services.ww.activeWindow) { + _createTransferable() { const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( Ci.nsITransferable ); - trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + trans.init(null); + return trans; + }, + _computeClipboardHash() { + const trans = this._createTransferable(); ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); try { Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); @@ -203,16 +208,26 @@ const ClipboardPrivacy = { this._globalActivation = !Services.focus.activeWindow; }, 100); } - const clipboardHash = this._computeClipboardHash(win); - if (clipboardHash !== this._lastClipboardHash) { - this._isPrivateClipboard = - !activation && - (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - lazy.PrivateBrowsingUtils.isWindowPrivate(win)); - this._lastClipboardHash = clipboardHash; - console.log( - `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` - ); + + const checkClipboardContent = () => { + const clipboardHash = this._computeClipboardHash(); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + + if (win.closed) { + checkClipboardContent(); + } else { + // defer clipboard access on DOM events to work-around tor-browser#42306 + lazy.setTimeout(checkClipboardContent, 0); } }; const focusListener = e => @@ -235,18 +250,28 @@ const ClipboardPrivacy = { if ( this._isPrivateClipboard && lazy.PrivateBrowsingUtils.isWindowPrivate(win) && - !( - lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || - Array.from(Services.ww.getWindowEnumerator()).find(w => - lazy.PrivateBrowsingUtils.isWindowPrivate(w) - ) - ) + (this._shuttingDown || + !Array.from(Services.ww.getWindowEnumerator()).find( + w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) && + // We need to filter out the HIDDEN WebExtensions window, + // which might be private as well but is not UI-relevant. + !w.location.href.startsWith("chrome://extensions/") + )) ) { // no more private windows, empty private content if needed this.emptyPrivate(); } } }); + + lazy.AsyncShutdown.quitApplicationGranted.addBlocker( + "ClipboardPrivacy: removing private data", + () => { + this._shuttingDown = true; + this.emptyPrivate(); + } + ); }, emptyPrivate() { if ( @@ -257,7 +282,20 @@ const ClipboardPrivacy = { ) && this._lastClipboardHash === this._computeClipboardHash() ) { - Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + // nsIClipboard.emptyClipboard() does nothing in Wayland: + // we'll set an empty string as a work-around. + const trans = this._createTransferable(); + const flavor = "text/plain"; + trans.addDataFlavor(flavor); + const emptyString = Cc["@mozilla.org/supports-string;1"].createInstance( + Ci.nsISupportsString + ); + emptyString.data = ""; + trans.setTransferData(flavor, emptyString); + const { clipboard } = Services, + { kGlobalClipboard } = clipboard; + clipboard.setData(trans, null, kGlobalClipboard); + clipboard.emptyClipboard(kGlobalClipboard); this._lastClipboardHash = null; this._isPrivateClipboard = false; console.log("Private clipboard emptied."); @@ -2118,7 +2156,6 @@ BrowserGlue.prototype = { } }, () => lazy.OnionAliasStore.uninit(), - () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/410b9a4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/410b9a4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Revert "Bug 40933: Add symlinks to have incrementals between 12.5.x and 13.0"
by boklm (＠boklm) 01 Dec '23

01 Dec '23

boklm pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: e0f8b589 by Richard Pospesel at 2023-11-30T14:41:29+00:00 Revert "Bug 40933: Add symlinks to have incrementals between 12.5.x and 13.0" This reverts commit a21969281d18941b69a94b994b0797f8b88ad45f. Bug 40936: We are no longer building incrementals from the 12.5 series so its time for this patch to go - - - - - 3 changed files: - Makefile - projects/release/config - − projects/release/link_old_mar_filenames Changes: ===================================== Makefile ===================================== @@ -183,7 +183,6 @@ torbrowser-testbuild-src: submodule-update torbrowser-incrementals-release: submodule-update $(rbm) build release --step update_responses_config --target release --target create_unsigned_incrementals --target torbrowser tools/update-responses/download_missing_versions release - $(rbm) build release --step link_old_mar_filenames --target release --target torbrowser tools/update-responses/gen_incrementals release $(rbm) build release --step hash_incrementals --target release --target torbrowser @@ -196,7 +195,6 @@ torbrowser-incrementals-release-unsigned: submodule-update torbrowser-incrementals-alpha: submodule-update $(rbm) build release --step update_responses_config --target alpha --target create_unsigned_incrementals --target torbrowser tools/update-responses/download_missing_versions alpha - $(rbm) build release --step link_old_mar_filenames --target alpha --target torbrowser tools/update-responses/gen_incrementals alpha $(rbm) build release --step hash_incrementals --target alpha --target torbrowser @@ -223,14 +221,12 @@ torbrowser-dmg2mar-release: submodule-update $(rbm) build release --step update_responses_config --target release --target signed --target torbrowser $(rbm) build release --step dmg2mar --target release --target signed --target torbrowser tools/update-responses/download_missing_versions release - $(rbm) build release --step link_old_mar_filenames --target release --target torbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals release torbrowser-dmg2mar-alpha: submodule-update $(rbm) build release --step update_responses_config --target alpha --target signed --target torbrowser $(rbm) build release --step dmg2mar --target alpha --target signed --target torbrowser tools/update-responses/download_missing_versions alpha - $(rbm) build release --step link_old_mar_filenames --target alpha --target torbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha torbrowser-compare-windows-signed-unsigned-release: submodule-update @@ -527,7 +523,6 @@ mullvadbrowser-testbuild-src: submodule-update mullvadbrowser-incrementals-release: submodule-update $(rbm) build release --step update_responses_config --target release --target create_unsigned_incrementals --target mullvadbrowser tools/update-responses/download_missing_versions release - $(rbm) build release --step link_old_mar_filenames --target release --target mullvadbrowser tools/update-responses/gen_incrementals release $(rbm) build release --step hash_incrementals --target release --target mullvadbrowser @@ -540,7 +535,6 @@ mullvadbrowser-incrementals-release-unsigned: submodule-update mullvadbrowser-incrementals-alpha: submodule-update $(rbm) build release --step update_responses_config --target alpha --target create_unsigned_incrementals --target mullvadbrowser tools/update-responses/download_missing_versions alpha - $(rbm) build release --step link_old_mar_filenames --target alpha --target mullvadbrowser tools/update-responses/gen_incrementals alpha $(rbm) build release --step hash_incrementals --target alpha --target mullvadbrowser @@ -567,14 +561,12 @@ mullvadbrowser-dmg2mar-release: submodule-update $(rbm) build release --step update_responses_config --target release --target signed --target mullvadbrowser $(rbm) build release --step dmg2mar --target release --target signed --target mullvadbrowser tools/update-responses/download_missing_versions release - $(rbm) build release --step link_old_mar_filenames --target release --target mullvadbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals release mullvadbrowser-dmg2mar-alpha: submodule-update $(rbm) build release --step update_responses_config --target alpha --target signed --target mullvadbrowser $(rbm) build release --step dmg2mar --target alpha --target signed --target mullvadbrowser tools/update-responses/download_missing_versions alpha - $(rbm) build release --step link_old_mar_filenames --target alpha --target mullvadbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update ===================================== projects/release/config ===================================== @@ -243,11 +243,6 @@ steps: debug: 0 input_files: [] update_responses_config: '[% INCLUDE update_responses_config %]' - link_old_mar_filenames: - build_log: '-' - debug: 0 - input_files: [] - link_old_mar_filenames: '[% INCLUDE link_old_mar_filenames %]' create_update_responses_tar: build_log: '-' debug: 0 ===================================== projects/release/link_old_mar_filenames deleted ===================================== @@ -1,19 +0,0 @@ -#!/bin/bash -[% c("var/set_default_env") -%] -# This script is for #40933: -# Fix generating incrementals between 12.5.x and 13.0 -[% FOREACH version = c("var/torbrowser_incremental_from") %] - cd [% shell_quote(path(dest_dir)) %]/[% IF c("var/unsigned_releases_dir") %]un[% END %]signed/[% version %] - test -e [% c("var/project-name") %]-linux-i686-[% version %]_ALL.mar || \ - ln -s [% c("var/project-name") %]-linux32-[% version %]_ALL.mar \ - [% c("var/project-name") %]-linux-i686-[% version %]_ALL.mar - test -e [% c("var/project-name") %]-linux-x86_64-[% version %]_ALL.mar || \ - ln -s [% c("var/project-name") %]-linux64-[% version %]_ALL.mar \ - [% c("var/project-name") %]-linux-x86_64-[% version %]_ALL.mar - test -e [% c("var/project-name") %]-windows-i686-[% version %]_ALL.mar || \ - ln -s [% c("var/project-name") %]-win32-[% version %]_ALL.mar \ - [% c("var/project-name") %]-windows-i686-[% version %]_ALL.mar - test -e [% c("var/project-name") %]-windows-x86_64-[% version %]_ALL.mar || \ - ln -s [% c("var/project-name") %]-win64-[% version %]_ALL.mar \ - [% c("var/project-name") %]-windows-x86_64-[% version %]_ALL.mar -[% END -%] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] fixup! Bug 41649: Create rebase and security backport gitlab issue templates
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: fac50006 by Pier Angelo Vendrame at 2023-11-30T14:13:06+00:00 fixup! Bug 41649: Create rebase and security backport gitlab issue templates Add the step to update tor-browser-build's main after alpha rebases. - - - - - 1 changed file: - .gitlab/issue_templates/Rebase Browser - Alpha.md Changes: ===================================== .gitlab/issue_templates/Rebase Browser - Alpha.md ===================================== @@ -138,3 +138,10 @@ - **Tag**: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1` - **Message**: `Tagging build1 for $(ESR_VERSION)esr-based alpha` - [ ] Push tag to `upstream` +- [ ] Update tor-browser-build's main (no MR required, you can just push it if you have the permissions) + - [ ] Update `projects/firefox/config` + - [ ] Update `firefox_platform_version` + - [ ] Set `browser_build` to 1 (to prevent failures in alpha testbuilds) + - [ ] Update `projects/geckoview/config` + - [ ] Update `geckoview_version` + - [ ] Set `browser_build` to 1 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fac5000… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fac5000… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] fixup! Adding issue and merge request templates
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: a084de1d by Pier Angelo Vendrame at 2023-11-30T14:03:08+00:00 fixup! Adding issue and merge request templates Add the step to update tor-browser-build's main after alpha rebases. - - - - - 1 changed file: - .gitlab/issue_templates/Rebase Browser - Alpha.md Changes: ===================================== .gitlab/issue_templates/Rebase Browser - Alpha.md ===================================== @@ -138,3 +138,10 @@ - **Tag**: `base-browser-$(ESR_VERSION)esr-$(BROWSER_MAJOR).$(BROWSER_MINOR)-1-build1` - **Message**: `Tagging build1 for $(ESR_VERSION)esr-based alpha` - [ ] Push tag to `upstream` +- [ ] Update tor-browser-build's main (no MR required, you can just push it if you have the permissions) + - [ ] Update `projects/firefox/config` + - [ ] Update `firefox_platform_version` + - [ ] Set `browser_build` to 1 (to prevent failures in alpha testbuilds) + - [ ] Update `projects/geckoview/config` + - [ ] Update `geckoview_version` + - [ ] Set `browser_build` to 1 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a084de1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a084de1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 41031: Add make targets to unsign and compare mar files
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: ae9e3999 by Nicolas Vigier at 2023-11-30T13:58:17+00:00 Bug 41031: Add make targets to unsign and compare mar files - - - - - 4 changed files: - Makefile - doc/MAKEFILE.txt - + projects/release/compare_mar_signed_unsigned - projects/release/config Changes: ===================================== Makefile ===================================== @@ -239,6 +239,12 @@ torbrowser-compare-windows-signed-unsigned-release: submodule-update torbrowser-compare-windows-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser +torbrowser-compare-mar-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target torbrowser + +torbrowser-compare-mar-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target torbrowser + ######################## # Base Browser Targets # @@ -577,6 +583,12 @@ mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser +mullvadbrowser-compare-mar-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target mullvadbrowser + +mullvadbrowser-compare-mar-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target mullvadbrowser + ############################ # Toolchain Update Targets # ===================================== doc/MAKEFILE.txt ===================================== @@ -141,3 +141,8 @@ torbrowser-compare-windows-signed-unsigned-{release,alpha} Unsign exe files from directory torbrowser/{release,alpha}/signed/$version and compare them with the checksum from sha256sums-unsigned-build.txt. +torbrowser-compare-mar-signed-unsigned-{release,alpha} +---------------------------------------------------------- +Unsign mar files from directory torbrowser/{release,alpha}/signed/$version +and compare them with the checksum from sha256sums-unsigned-build.txt. + ===================================== projects/release/compare_mar_signed_unsigned ===================================== @@ -0,0 +1,44 @@ +#!/bin/bash +[% c("var/set_default_env") -%] +[% IF c("var/nightly") -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("version") %] +[% ELSE -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %] +[% END -%] + +if ! test -d "$build_dir" +then + echo "Error: Directory $build_dir does not exist" 1>&2 + echo "You can download it with this command:" 1>&2 + echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2 + exit 1 +fi + +sha256sums_files=sha256sums-unsigned-build.txt +cd "$build_dir" +test -f sha256sums-unsigned-build.incrementals.txt \ + && sha256sums_files="$sha256sums_files sha256sums-unsigned-build.incrementals.txt" +cp -a -- $(ls -1 *.mar | grep -v -- -macos-) $sha256sums_files "$rootdir/" +cd "$rootdir" + +unzip -q "$rootdir/[% c('input_files_by_name/mar-tools') %]" +export PATH="$rootdir/mar-tools:$PATH" +export LD_LIBRARY_PATH="$rootdir/mar-tools" + +for file in *.mar +do + signmar -r "$file" "unsigned-$file" + mv -f "unsigned-$file" "$file" + echo "Unsigned $file" +done + +grep -h -- '\.mar$' $sha256sums_files | grep -v -- -macos- | sha256sum -c + +cat << 'EOF' +macOS mar files have been skipped as we don't yet have a good solution +to remove code signing from those files. +See https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… + +Windows and Linux unsigned mar files are matching with +sha256sums-unsigned-build.txt. +EOF ===================================== projects/release/config ===================================== @@ -271,3 +271,11 @@ steps: name: osslsigncode pkg_type: build compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]' + compare_mar_signed_unsigned: + build_log: '-' + debug: 0 + input_files: + - project: mar-tools + name: mar-tools + pkg_type: fetch_martools + compare_mar_signed_unsigned: '[% INCLUDE compare_mar_signed_unsigned %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41031: Add make targets to unsign and compare mar files
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 226e45d9 by Nicolas Vigier at 2023-11-30T12:31:54+01:00 Bug 41031: Add make targets to unsign and compare mar files - - - - - 4 changed files: - Makefile - doc/MAKEFILE.txt - + projects/release/compare_mar_signed_unsigned - projects/release/config Changes: ===================================== Makefile ===================================== @@ -235,6 +235,12 @@ torbrowser-compare-windows-signed-unsigned-release: submodule-update torbrowser-compare-windows-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser +torbrowser-compare-mar-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target torbrowser + +torbrowser-compare-mar-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target torbrowser + ######################## # Base Browser Targets # @@ -569,6 +575,12 @@ mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser +mullvadbrowser-compare-mar-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target release --target signed --target mullvadbrowser + +mullvadbrowser-compare-mar-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_mar_signed_unsigned --target alpha --target signed --target mullvadbrowser + ############################ # Toolchain Update Targets # ===================================== doc/MAKEFILE.txt ===================================== @@ -141,3 +141,8 @@ torbrowser-compare-windows-signed-unsigned-{release,alpha} Unsign exe files from directory torbrowser/{release,alpha}/signed/$version and compare them with the checksum from sha256sums-unsigned-build.txt. +torbrowser-compare-mar-signed-unsigned-{release,alpha} +---------------------------------------------------------- +Unsign mar files from directory torbrowser/{release,alpha}/signed/$version +and compare them with the checksum from sha256sums-unsigned-build.txt. + ===================================== projects/release/compare_mar_signed_unsigned ===================================== @@ -0,0 +1,44 @@ +#!/bin/bash +[% c("var/set_default_env") -%] +[% IF c("var/nightly") -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("version") %] +[% ELSE -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %] +[% END -%] + +if ! test -d "$build_dir" +then + echo "Error: Directory $build_dir does not exist" 1>&2 + echo "You can download it with this command:" 1>&2 + echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2 + exit 1 +fi + +sha256sums_files=sha256sums-unsigned-build.txt +cd "$build_dir" +test -f sha256sums-unsigned-build.incrementals.txt \ + && sha256sums_files="$sha256sums_files sha256sums-unsigned-build.incrementals.txt" +cp -a -- $(ls -1 *.mar | grep -v -- -macos-) $sha256sums_files "$rootdir/" +cd "$rootdir" + +unzip -q "$rootdir/[% c('input_files_by_name/mar-tools') %]" +export PATH="$rootdir/mar-tools:$PATH" +export LD_LIBRARY_PATH="$rootdir/mar-tools" + +for file in *.mar +do + signmar -r "$file" "unsigned-$file" + mv -f "unsigned-$file" "$file" + echo "Unsigned $file" +done + +grep -h -- '\.mar$' $sha256sums_files | grep -v -- -macos- | sha256sum -c + +cat << 'EOF' +macOS mar files have been skipped as we don't yet have a good solution +to remove code signing from those files. +See https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/4… + +Windows and Linux unsigned mar files are matching with +sha256sums-unsigned-build.txt. +EOF ===================================== projects/release/config ===================================== @@ -271,3 +271,11 @@ steps: name: osslsigncode pkg_type: build compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]' + compare_mar_signed_unsigned: + build_log: '-' + debug: 0 + input_files: + - project: mar-tools + name: mar-tools + pkg_type: fetch_martools + compare_mar_signed_unsigned: '[% INCLUDE compare_mar_signed_unsigned %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] 2 commits: Bug 41030: Add script to download a torbrowser/mullvadbrowser release
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 0f610931 by Nicolas Vigier at 2023-11-30T12:47:22+00:00 Bug 41030: Add script to download a torbrowser/mullvadbrowser release - - - - - 4dc9c81f by Nicolas Vigier at 2023-11-30T12:48:19+00:00 Bug 41030: Add make targets to unsign and compare exe files - - - - - 6 changed files: - Makefile - doc/MAKEFILE.txt - + projects/release/compare_windows_signed_unsigned_exe - projects/release/config - + tools/download-mullvadbrowser - + tools/download-torbrowser Changes: ===================================== Makefile ===================================== @@ -233,6 +233,12 @@ torbrowser-dmg2mar-alpha: submodule-update $(rbm) build release --step link_old_mar_filenames --target alpha --target torbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha +torbrowser-compare-windows-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target release --target signed --target torbrowser + +torbrowser-compare-windows-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser + ######################## # Base Browser Targets # @@ -565,6 +571,12 @@ mullvadbrowser-dmg2mar-alpha: submodule-update $(rbm) build release --step link_old_mar_filenames --target alpha --target mullvadbrowser CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha +mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target release --target signed --target mullvadbrowser + +mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser + ############################ # Toolchain Update Targets # ===================================== doc/MAKEFILE.txt ===================================== @@ -136,3 +136,8 @@ Create update responses xml files for a signed build in the release or alpha channel. The files can be found in a tar in the directory torbrowser/{release,alpha}/update-responses. +torbrowser-compare-windows-signed-unsigned-{release,alpha} +---------------------------------------------------------- +Unsign exe files from directory torbrowser/{release,alpha}/signed/$version +and compare them with the checksum from sha256sums-unsigned-build.txt. + ===================================== projects/release/compare_windows_signed_unsigned_exe ===================================== @@ -0,0 +1,30 @@ +#!/bin/bash +[% c("var/set_default_env") -%] +[% IF c("var/nightly") -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("version") %] +[% ELSE -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %] +[% END -%] + +if ! test -d "$build_dir" +then + echo "Error: Directory $build_dir does not exist" 1>&2 + echo "You can download it with this command:" 1>&2 + echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2 + exit 1 +fi + +cp -a "$build_dir"/*.exe "$build_dir"/sha256sums-unsigned-build.txt . + +tar -xf $rootdir/[% c('input_files_by_name/osslsigncode') %] + +for file in *.exe +do + ./osslsigncode/bin/osslsigncode remove-signature -in "$file" -out "unsigned-$file" > /dev/null + mv -f "unsigned-$file" "$file" + echo "Unsigned $file" +done + +grep '\.exe$' sha256sums-unsigned-build.txt | sha256sum -c + +echo "Unsigned exe files are matching with sha256sums-unsigned-build.txt" ===================================== projects/release/config ===================================== @@ -263,3 +263,11 @@ steps: debug: 0 input_files: [] dmg2mar: '[% INCLUDE dmg2mar %]' + compare_windows_signed_unsigned_exe: + build_log: '-' + debug: 0 + input_files: + - project: osslsigncode + name: osslsigncode + pkg_type: build + compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]' ===================================== tools/download-mullvadbrowser ===================================== @@ -0,0 +1 @@ +download-torbrowser \ No newline at end of file ===================================== tools/download-torbrowser ===================================== @@ -0,0 +1,100 @@ +#!/usr/bin/perl -w + +# This script downloads a torbrowser or mullvadbrowser release, checking +# its signature + +use strict; +use English; +use LWP::Simple; +use IO::CaptureOutput qw(capture_exec); +use File::Temp; +use File::Basename qw(fileparse); +use FindBin; +use File::Path qw(make_path); +use File::Copy; +use Path::Tiny; +use Digest::SHA qw(sha256_hex); + + +sub exit_error { + print STDERR "Error: ", $_[0], "\n"; + chdir '/'; + exit (exists $_[1] ? $_[1] : 1); +} + +sub gpg_verify_file { + my ($file) = @_; + if (system('gpg', '--no-default-keyring', '--keyring', + "$FindBin::Bin/../keyring/torbrowser.gpg", '--verify', + "$file.asc", + $file)) { + exit_error "Error checking gpg signature for file $file"; + } +} + +my $progname = fileparse($PROGRAM_NAME); +my ($projectname) = $progname =~ m/^download-(.+)$/; +if (@ARGV != 1) { + print STDERR "usage: $progname <version>\n"; + exit 1; +} + +my $version = $ARGV[0]; +my $version_type = $version =~ m/a/ ? 'alpha' : 'release'; +my $destdir = "$FindBin::Bin/../$projectname/$version_type/signed/$version"; +my $urldir = "https://archive.torproject.org/tor-package-archive/$projectname/$version"; + +make_path($destdir); +my $tmpdir = File::Temp->newdir(DIR => "$FindBin::Bin/../tmp"); + +foreach my $file (qw(sha256sums-signed-build.txt sha256sums-signed-build.txt.asc + sha256sums-unsigned-build.txt sha256sums-unsigned-build.txt.asc)) { + if (getstore("$urldir/$file", "$tmpdir/$file") != 200) { + exit_error "Error downloading $urldir/$file"; + } +} +gpg_verify_file("$tmpdir/sha256sums-signed-build.txt"); +move "$tmpdir/sha256sums-signed-build.txt.asc", "$destdir/sha256sums-signed-build.txt.asc"; +move "$tmpdir/sha256sums-signed-build.txt", "$destdir/sha256sums-signed-build.txt"; +gpg_verify_file("$tmpdir/sha256sums-unsigned-build.txt"); +move "$tmpdir/sha256sums-unsigned-build.txt.asc", "$destdir/sha256sums-unsigned-build.txt.asc"; +move "$tmpdir/sha256sums-unsigned-build.txt", "$destdir/sha256sums-unsigned-build.txt"; + +foreach my $file (qw(sha256sums-signed-build.incrementals.txt + sha256sums-signed-build.incrementals.txt.asc + sha256sums-unsigned-build.incrementals.txt + sha256sums-unsigned-build.incrementals.txt.asc)) { + if (getstore("$urldir/$file", "$tmpdir/$file") != 200) { + last; + } +} +if (-f "$tmpdir/sha256sums-signed-build.incrementals.txt.asc") { + gpg_verify_file("$tmpdir/sha256sums-signed-build.incrementals.txt"); + move "$tmpdir/sha256sums-signed-build.incrementals.txt.asc", "$destdir/sha256sums-signed-build.incrementals.txt.asc"; + move "$tmpdir/sha256sums-signed-build.incrementals.txt", "$destdir/sha256sums-signed-build.incrementals.txt"; +} +if (-f "$tmpdir/sha256sums-unsigned-build.incrementals.txt.asc") { + gpg_verify_file("$tmpdir/sha256sums-unsigned-build.incrementals.txt"); + move "$tmpdir/sha256sums-unsigned-build.incrementals.txt.asc", "$destdir/sha256sums-unsigned-build.incrementals.txt.asc"; + move "$tmpdir/sha256sums-unsigned-build.incrementals.txt", "$destdir/sha256sums-unsigned-build.incrementals.txt"; +} + +my @sha256_lines = path("$destdir/sha256sums-signed-build.txt")->lines; +push @sha256_lines, path("$destdir/sha256sums-signed-build.incrementals.txt")->lines + if -f "$destdir/sha256sums-signed-build.incrementals.txt"; +my %sums = map { chomp; reverse split ' ', $_ } @sha256_lines; + +foreach my $file (sort keys %sums) { + if (-f "$destdir/$file") { + print "Not downloading $file (already there)\n"; + next; + } + print "Downloading $file\n"; + exit_error "Error downloading $urldir/$file\n" + unless getstore("$urldir/$file", "$tmpdir/$file") == 200; + exit_error "Wrong checksum for $file" + unless $sums{$file} eq sha256_hex(path("$tmpdir/$file")->slurp); + move "$tmpdir/$file", "$destdir/$file"; +} + +print "Finished downloading $projectname $version in $destdir\n"; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 2 commits: Bug 41030: Add script to download a torbrowser/mullvadbrowser release
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 07898fd4 by Nicolas Vigier at 2023-11-30T11:59:45+01:00 Bug 41030: Add script to download a torbrowser/mullvadbrowser release - - - - - 93819f81 by Nicolas Vigier at 2023-11-30T11:59:49+01:00 Bug 41030: Add make targets to unsign and compare exe files - - - - - 6 changed files: - Makefile - doc/MAKEFILE.txt - + projects/release/compare_windows_signed_unsigned_exe - projects/release/config - + tools/download-mullvadbrowser - + tools/download-torbrowser Changes: ===================================== Makefile ===================================== @@ -229,6 +229,12 @@ torbrowser-dmg2mar-alpha: submodule-update tools/update-responses/download_missing_versions alpha CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha +torbrowser-compare-windows-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target release --target signed --target torbrowser + +torbrowser-compare-windows-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target torbrowser + ######################## # Base Browser Targets # @@ -557,6 +563,12 @@ mullvadbrowser-dmg2mar-alpha: submodule-update tools/update-responses/download_missing_versions alpha CHECK_CODESIGNATURE_EXISTS=1 MAR_SKIP_EXISTING=1 tools/update-responses/gen_incrementals alpha +mullvadbrowser-compare-windows-signed-unsigned-release: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target release --target signed --target mullvadbrowser + +mullvadbrowser-compare-windows-signed-unsigned-alpha: submodule-update + $(rbm) build release --step compare_windows_signed_unsigned_exe --target alpha --target signed --target mullvadbrowser + ############################ # Toolchain Update Targets # ===================================== doc/MAKEFILE.txt ===================================== @@ -136,3 +136,8 @@ Create update responses xml files for a signed build in the release or alpha channel. The files can be found in a tar in the directory torbrowser/{release,alpha}/update-responses. +torbrowser-compare-windows-signed-unsigned-{release,alpha} +---------------------------------------------------------- +Unsign exe files from directory torbrowser/{release,alpha}/signed/$version +and compare them with the checksum from sha256sums-unsigned-build.txt. + ===================================== projects/release/compare_windows_signed_unsigned_exe ===================================== @@ -0,0 +1,30 @@ +#!/bin/bash +[% c("var/set_default_env") -%] +[% IF c("var/nightly") -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("version") %] +[% ELSE -%] + build_dir=[% shell_quote(path(dest_dir)) %]/[% c("var/signed_status") %]/[% c("version") %] +[% END -%] + +if ! test -d "$build_dir" +then + echo "Error: Directory $build_dir does not exist" 1>&2 + echo "You can download it with this command:" 1>&2 + echo " ./tools/download-[% c("var/projectname") %] [% c("var/torbrowser_version") %]" 1>&2 + exit 1 +fi + +cp -a "$build_dir"/*.exe "$build_dir"/sha256sums-unsigned-build.txt . + +tar -xf $rootdir/[% c('input_files_by_name/osslsigncode') %] + +for file in *.exe +do + ./osslsigncode/bin/osslsigncode remove-signature -in "$file" -out "unsigned-$file" > /dev/null + mv -f "unsigned-$file" "$file" + echo "Unsigned $file" +done + +grep '\.exe$' sha256sums-unsigned-build.txt | sha256sum -c + +echo "Unsigned exe files are matching with sha256sums-unsigned-build.txt" ===================================== projects/release/config ===================================== @@ -263,3 +263,11 @@ steps: debug: 0 input_files: [] upload_sha256sums: '[% INCLUDE upload_sha256sums %]' + compare_windows_signed_unsigned_exe: + build_log: '-' + debug: 0 + input_files: + - project: osslsigncode + name: osslsigncode + pkg_type: build + compare_windows_signed_unsigned_exe: '[% INCLUDE compare_windows_signed_unsigned_exe %]' ===================================== tools/download-mullvadbrowser ===================================== @@ -0,0 +1 @@ +download-torbrowser \ No newline at end of file ===================================== tools/download-torbrowser ===================================== @@ -0,0 +1,100 @@ +#!/usr/bin/perl -w + +# This script downloads a torbrowser or mullvadbrowser release, checking +# its signature + +use strict; +use English; +use LWP::Simple; +use IO::CaptureOutput qw(capture_exec); +use File::Temp; +use File::Basename qw(fileparse); +use FindBin; +use File::Path qw(make_path); +use File::Copy; +use Path::Tiny; +use Digest::SHA qw(sha256_hex); + + +sub exit_error { + print STDERR "Error: ", $_[0], "\n"; + chdir '/'; + exit (exists $_[1] ? $_[1] : 1); +} + +sub gpg_verify_file { + my ($file) = @_; + if (system('gpg', '--no-default-keyring', '--keyring', + "$FindBin::Bin/../keyring/torbrowser.gpg", '--verify', + "$file.asc", + $file)) { + exit_error "Error checking gpg signature for file $file"; + } +} + +my $progname = fileparse($PROGRAM_NAME); +my ($projectname) = $progname =~ m/^download-(.+)$/; +if (@ARGV != 1) { + print STDERR "usage: $progname <version>\n"; + exit 1; +} + +my $version = $ARGV[0]; +my $version_type = $version =~ m/a/ ? 'alpha' : 'release'; +my $destdir = "$FindBin::Bin/../$projectname/$version_type/signed/$version"; +my $urldir = "https://archive.torproject.org/tor-package-archive/$projectname/$version"; + +make_path($destdir); +my $tmpdir = File::Temp->newdir(DIR => "$FindBin::Bin/../tmp"); + +foreach my $file (qw(sha256sums-signed-build.txt sha256sums-signed-build.txt.asc + sha256sums-unsigned-build.txt sha256sums-unsigned-build.txt.asc)) { + if (getstore("$urldir/$file", "$tmpdir/$file") != 200) { + exit_error "Error downloading $urldir/$file"; + } +} +gpg_verify_file("$tmpdir/sha256sums-signed-build.txt"); +move "$tmpdir/sha256sums-signed-build.txt.asc", "$destdir/sha256sums-signed-build.txt.asc"; +move "$tmpdir/sha256sums-signed-build.txt", "$destdir/sha256sums-signed-build.txt"; +gpg_verify_file("$tmpdir/sha256sums-unsigned-build.txt"); +move "$tmpdir/sha256sums-unsigned-build.txt.asc", "$destdir/sha256sums-unsigned-build.txt.asc"; +move "$tmpdir/sha256sums-unsigned-build.txt", "$destdir/sha256sums-unsigned-build.txt"; + +foreach my $file (qw(sha256sums-signed-build.incrementals.txt + sha256sums-signed-build.incrementals.txt.asc + sha256sums-unsigned-build.incrementals.txt + sha256sums-unsigned-build.incrementals.txt.asc)) { + if (getstore("$urldir/$file", "$tmpdir/$file") != 200) { + last; + } +} +if (-f "$tmpdir/sha256sums-signed-build.incrementals.txt.asc") { + gpg_verify_file("$tmpdir/sha256sums-signed-build.incrementals.txt"); + move "$tmpdir/sha256sums-signed-build.incrementals.txt.asc", "$destdir/sha256sums-signed-build.incrementals.txt.asc"; + move "$tmpdir/sha256sums-signed-build.incrementals.txt", "$destdir/sha256sums-signed-build.incrementals.txt"; +} +if (-f "$tmpdir/sha256sums-unsigned-build.incrementals.txt.asc") { + gpg_verify_file("$tmpdir/sha256sums-unsigned-build.incrementals.txt"); + move "$tmpdir/sha256sums-unsigned-build.incrementals.txt.asc", "$destdir/sha256sums-unsigned-build.incrementals.txt.asc"; + move "$tmpdir/sha256sums-unsigned-build.incrementals.txt", "$destdir/sha256sums-unsigned-build.incrementals.txt"; +} + +my @sha256_lines = path("$destdir/sha256sums-signed-build.txt")->lines; +push @sha256_lines, path("$destdir/sha256sums-signed-build.incrementals.txt")->lines + if -f "$destdir/sha256sums-signed-build.incrementals.txt"; +my %sums = map { chomp; reverse split ' ', $_ } @sha256_lines; + +foreach my $file (sort keys %sums) { + if (-f "$destdir/$file") { + print "Not downloading $file (already there)\n"; + next; + } + print "Downloading $file\n"; + exit_error "Error downloading $urldir/$file\n" + unless getstore("$urldir/$file", "$tmpdir/$file") == 200; + exit_error "Wrong checksum for $file" + unless $sums{$file} eq sha256_hex(path("$tmpdir/$file")->slurp); + move "$tmpdir/$file", "$destdir/$file"; +} + +print "Finished downloading $projectname $version in $destdir\n"; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.5.0esr-13.5-1] fixup! Bug 9173: Change the default Firefox profile directory to be relative.
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch mullvad-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: a601e164 by Pier Angelo Vendrame at 2023-11-30T12:29:05+00:00 fixup! Bug 9173: Change the default Firefox profile directory to be relative. Bug 42163: Make the DLL blocklist obey portable mode - - - - - 1 changed file: - toolkit/xre/LauncherRegistryInfo.cpp Changes: ===================================== toolkit/xre/LauncherRegistryInfo.cpp ===================================== @@ -17,6 +17,9 @@ #include <string> #include <type_traits> +// tor-browser#42163 +#include <filesystem> + #define EXPAND_STRING_MACRO2(t) t #define EXPAND_STRING_MACRO(t) EXPAND_STRING_MACRO2(t) @@ -586,6 +589,45 @@ LauncherRegistryInfo::GetBrowserStartTimestamp() { LauncherResult<std::wstring> LauncherRegistryInfo::BuildDefaultBlocklistFilename() { + // tor-browser#42163: Make the DLL blocklist obey portable mode + { + std::filesystem::path appDir; + { + mozilla::UniquePtr<wchar_t[]> appDirStr = GetFullBinaryPath(); + if (!appDirStr) { + return LAUNCHER_ERROR_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY); + } + appDir = std::filesystem::path(appDirStr.get()).parent_path(); + } + std::error_code ec; + const bool isPortable = + !std::filesystem::exists(appDir / L"system-install", ec); + if (ec) { + // exists is supposed not to set an error when a file does not exist + // (whereas other functions such as is_regular_file sets it). + // The standard is quite opaque about the meaning of the numeric codes. + // Moreover, we use libcxx on Windows, and it seems they created a sort of + // POSIX compatibility layer (e.g., for stat), see + // libcxx/src/filesystem/posix_compat.h. + // std::error_code has a message function, but all the various macro are + // specific to handle Windows errors, so we have to use the generic error. + // At least, at the moment the error is dropped eventually. + return LAUNCHER_ERROR_GENERIC(); + } + if (isPortable) { + // RELATIVE_DATA_DIR must have forward slashes, but weakly_canonical + // already changes them to backslashes. + const std::filesystem::path blocklistPath = + std::filesystem::weakly_canonical( + appDir / L"" RELATIVE_DATA_DIR / L"blocklist", ec); + if (ec) { + return LAUNCHER_ERROR_GENERIC(); + } + return blocklistPath.wstring(); + } + // Normal installation, continue on Mozilla's path + } + // These flags are chosen to avoid I/O, see bug 1363398. const DWORD flags = KF_FLAG_SIMPLE_IDLIST | KF_FLAG_DONT_VERIFY | KF_FLAG_NO_ALIAS; @@ -618,6 +660,8 @@ LauncherRegistryInfo::BuildDefaultBlocklistFilename() { } LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { + // tor-browser#42163: Make the DLL blocklist obey portable mode +#ifndef BASE_BROWSER_VERSION LauncherResult<Disposition> disposition = Open(); if (disposition.isErr()) { return disposition.propagateErr(); @@ -633,19 +677,19 @@ LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { UniquePtr<wchar_t[]> buf = readResult.unwrap(); return std::wstring(buf.get()); } - +#endif LauncherResult<std::wstring> defaultBlocklistPath = BuildDefaultBlocklistFilename(); if (defaultBlocklistPath.isErr()) { return defaultBlocklistPath.propagateErr(); } - +#ifndef BASE_BROWSER_VERSION LauncherVoidResult writeResult = WriteRegistryValueString( mRegKey, ResolveBlocklistValueName(), defaultBlocklistPath.inspect()); if (writeResult.isErr()) { return writeResult.propagateErr(); } - +#endif return defaultBlocklistPath; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/a60… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/a60… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.5.0esr-13.5-1] fixup! Bug 9173: Change the default Firefox profile directory to be relative.
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch base-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: c8b7532b by Pier Angelo Vendrame at 2023-11-30T12:27:17+00:00 fixup! Bug 9173: Change the default Firefox profile directory to be relative. Bug 42163: Make the DLL blocklist obey portable mode - - - - - 1 changed file: - toolkit/xre/LauncherRegistryInfo.cpp Changes: ===================================== toolkit/xre/LauncherRegistryInfo.cpp ===================================== @@ -17,6 +17,9 @@ #include <string> #include <type_traits> +// tor-browser#42163 +#include <filesystem> + #define EXPAND_STRING_MACRO2(t) t #define EXPAND_STRING_MACRO(t) EXPAND_STRING_MACRO2(t) @@ -586,6 +589,45 @@ LauncherRegistryInfo::GetBrowserStartTimestamp() { LauncherResult<std::wstring> LauncherRegistryInfo::BuildDefaultBlocklistFilename() { + // tor-browser#42163: Make the DLL blocklist obey portable mode + { + std::filesystem::path appDir; + { + mozilla::UniquePtr<wchar_t[]> appDirStr = GetFullBinaryPath(); + if (!appDirStr) { + return LAUNCHER_ERROR_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY); + } + appDir = std::filesystem::path(appDirStr.get()).parent_path(); + } + std::error_code ec; + const bool isPortable = + !std::filesystem::exists(appDir / L"system-install", ec); + if (ec) { + // exists is supposed not to set an error when a file does not exist + // (whereas other functions such as is_regular_file sets it). + // The standard is quite opaque about the meaning of the numeric codes. + // Moreover, we use libcxx on Windows, and it seems they created a sort of + // POSIX compatibility layer (e.g., for stat), see + // libcxx/src/filesystem/posix_compat.h. + // std::error_code has a message function, but all the various macro are + // specific to handle Windows errors, so we have to use the generic error. + // At least, at the moment the error is dropped eventually. + return LAUNCHER_ERROR_GENERIC(); + } + if (isPortable) { + // RELATIVE_DATA_DIR must have forward slashes, but weakly_canonical + // already changes them to backslashes. + const std::filesystem::path blocklistPath = + std::filesystem::weakly_canonical( + appDir / L"" RELATIVE_DATA_DIR / L"blocklist", ec); + if (ec) { + return LAUNCHER_ERROR_GENERIC(); + } + return blocklistPath.wstring(); + } + // Normal installation, continue on Mozilla's path + } + // These flags are chosen to avoid I/O, see bug 1363398. const DWORD flags = KF_FLAG_SIMPLE_IDLIST | KF_FLAG_DONT_VERIFY | KF_FLAG_NO_ALIAS; @@ -618,6 +660,8 @@ LauncherRegistryInfo::BuildDefaultBlocklistFilename() { } LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { + // tor-browser#42163: Make the DLL blocklist obey portable mode +#ifndef BASE_BROWSER_VERSION LauncherResult<Disposition> disposition = Open(); if (disposition.isErr()) { return disposition.propagateErr(); @@ -633,19 +677,19 @@ LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { UniquePtr<wchar_t[]> buf = readResult.unwrap(); return std::wstring(buf.get()); } - +#endif LauncherResult<std::wstring> defaultBlocklistPath = BuildDefaultBlocklistFilename(); if (defaultBlocklistPath.isErr()) { return defaultBlocklistPath.propagateErr(); } - +#ifndef BASE_BROWSER_VERSION LauncherVoidResult writeResult = WriteRegistryValueString( mRegKey, ResolveBlocklistValueName(), defaultBlocklistPath.inspect()); if (writeResult.isErr()) { return writeResult.propagateErr(); } - +#endif return defaultBlocklistPath; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c8b7532… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c8b7532… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.5.0esr-13.5-1] fixup! Bug 9173: Change the default Firefox profile directory to be relative.
by richard (＠richard) 30 Nov '23

30 Nov '23

richard pushed to branch tor-browser-115.5.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 9a352816 by Pier Angelo Vendrame at 2023-11-30T12:25:22+00:00 fixup! Bug 9173: Change the default Firefox profile directory to be relative. Bug 42163: Make the DLL blocklist obey portable mode - - - - - 1 changed file: - toolkit/xre/LauncherRegistryInfo.cpp Changes: ===================================== toolkit/xre/LauncherRegistryInfo.cpp ===================================== @@ -17,6 +17,9 @@ #include <string> #include <type_traits> +// tor-browser#42163 +#include <filesystem> + #define EXPAND_STRING_MACRO2(t) t #define EXPAND_STRING_MACRO(t) EXPAND_STRING_MACRO2(t) @@ -586,6 +589,45 @@ LauncherRegistryInfo::GetBrowserStartTimestamp() { LauncherResult<std::wstring> LauncherRegistryInfo::BuildDefaultBlocklistFilename() { + // tor-browser#42163: Make the DLL blocklist obey portable mode + { + std::filesystem::path appDir; + { + mozilla::UniquePtr<wchar_t[]> appDirStr = GetFullBinaryPath(); + if (!appDirStr) { + return LAUNCHER_ERROR_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY); + } + appDir = std::filesystem::path(appDirStr.get()).parent_path(); + } + std::error_code ec; + const bool isPortable = + !std::filesystem::exists(appDir / L"system-install", ec); + if (ec) { + // exists is supposed not to set an error when a file does not exist + // (whereas other functions such as is_regular_file sets it). + // The standard is quite opaque about the meaning of the numeric codes. + // Moreover, we use libcxx on Windows, and it seems they created a sort of + // POSIX compatibility layer (e.g., for stat), see + // libcxx/src/filesystem/posix_compat.h. + // std::error_code has a message function, but all the various macro are + // specific to handle Windows errors, so we have to use the generic error. + // At least, at the moment the error is dropped eventually. + return LAUNCHER_ERROR_GENERIC(); + } + if (isPortable) { + // RELATIVE_DATA_DIR must have forward slashes, but weakly_canonical + // already changes them to backslashes. + const std::filesystem::path blocklistPath = + std::filesystem::weakly_canonical( + appDir / L"" RELATIVE_DATA_DIR / L"blocklist", ec); + if (ec) { + return LAUNCHER_ERROR_GENERIC(); + } + return blocklistPath.wstring(); + } + // Normal installation, continue on Mozilla's path + } + // These flags are chosen to avoid I/O, see bug 1363398. const DWORD flags = KF_FLAG_SIMPLE_IDLIST | KF_FLAG_DONT_VERIFY | KF_FLAG_NO_ALIAS; @@ -618,6 +660,8 @@ LauncherRegistryInfo::BuildDefaultBlocklistFilename() { } LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { + // tor-browser#42163: Make the DLL blocklist obey portable mode +#ifndef BASE_BROWSER_VERSION LauncherResult<Disposition> disposition = Open(); if (disposition.isErr()) { return disposition.propagateErr(); @@ -633,19 +677,19 @@ LauncherResult<std::wstring> LauncherRegistryInfo::GetBlocklistFileName() { UniquePtr<wchar_t[]> buf = readResult.unwrap(); return std::wstring(buf.get()); } - +#endif LauncherResult<std::wstring> defaultBlocklistPath = BuildDefaultBlocklistFilename(); if (defaultBlocklistPath.isErr()) { return defaultBlocklistPath.propagateErr(); } - +#ifndef BASE_BROWSER_VERSION LauncherVoidResult writeResult = WriteRegistryValueString( mRegKey, ResolveBlocklistValueName(), defaultBlocklistPath.inspect()); if (writeResult.isErr()) { return writeResult.propagateErr(); } - +#endif return defaultBlocklistPath; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9a35281… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9a35281… You're receiving this email because of your account on gitlab.torproject.org.

1 0