- tbb-commits - lists.torproject.org

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.4.0esr-15.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 27 Oct '25

27 Oct '25

morgan pushed to branch mullvad-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 5aeceb7b by Pier Angelo Vendrame at 2025-10-27T16:29:49+00:00 fixup! Firefox preference overrides. BB 44270: Match Firefox's TLS fingerprint. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -155,10 +155,6 @@ pref("network.http.referer.hideOnionSource", true); // [4] https://www.ssllabs.com/ssl-pulse/ pref("security.ssl.require_safe_negotiation", true); -// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA) -// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437 -pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); -pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765 pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked); pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/5ae… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/5ae… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.4.0esr-15.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 27 Oct '25

27 Oct '25

morgan pushed to branch base-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 93a069d9 by Pier Angelo Vendrame at 2025-10-27T16:29:01+00:00 fixup! Firefox preference overrides. BB 44270: Match Firefox's TLS fingerprint. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -155,10 +155,6 @@ pref("network.http.referer.hideOnionSource", true); // [4] https://www.ssllabs.com/ssl-pulse/ pref("security.ssl.require_safe_negotiation", true); -// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA) -// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437 -pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); -pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765 pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked); pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/93a069d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/93a069d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.4.0esr-15.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 27 Oct '25

27 Oct '25

morgan pushed to branch tor-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 0134ec72 by Pier Angelo Vendrame at 2025-10-27T17:12:42+01:00 fixup! Firefox preference overrides. BB 44270: Match Firefox's TLS fingerprint. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -155,10 +155,6 @@ pref("network.http.referer.hideOnionSource", true); // [4] https://www.ssllabs.com/ssl-pulse/ pref("security.ssl.require_safe_negotiation", true); -// mullvad-browser#361: Disable TLS cyphersuites using SHA1 for signing (ECDSA) -// see https://bugzilla.mozilla.org/show_bug.cgi?id=1600437 -pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); -pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // lock those disabled by https://bugzilla.mozilla.org/show_bug.cgi?id=1036765 pref("security.ssl3.dhe_rsa_aes_128_sha", false, locked); pref("security.ssl3.dhe_rsa_aes_256_sha", false, locked); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0134ec7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/0134ec7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.4.0esr-15.0-1] 6 commits: Bug 1419501 - Part 1: Add `dom.security.framebusting_intervention.enabled` pref, r=maltejur
by ma1 (＠ma1) 27 Oct '25

27 Oct '25

ma1 pushed to branch mullvad-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 4c23bcda by Maurice Dauer at 2025-10-27T10:59:38+01:00 Bug 1419501 - Part 1: Add `dom.security.framebusting_intervention.enabled` pref, r=maltejur Differential Revision: https://phabricator.services.mozilla.com/D254677 - - - - - 7ce0fc57 by Maurice Dauer at 2025-10-27T10:59:39+01:00 Bug 1419501 - Part 2: Rename existing user-facing popup related strings, r=fluent-reviewers,bolsson,Gijs Differential Revision: https://phabricator.services.mozilla.com/D254678 - - - - - 761bfc4c by Maurice Dauer at 2025-10-27T10:59:41+01:00 Bug 1419501 - Part 3: Introduce `RedirectBlockedEvent`, r=maltejur,webidl,frontend-codestyle-reviewers,smaug Differential Revision: https://phabricator.services.mozilla.com/D254679 - - - - - 4c11c990 by Maurice Dauer at 2025-10-27T10:59:43+01:00 Bug 1419501 - Part 4: Implement framebusting intervention, r=fluent-reviewers,desktop-theme-reviewers,tabbrowser-reviewers,bolsson,edgar,mstriemer,sfoster,sthompson,emz Differential Revision: https://phabricator.services.mozilla.com/D254680 - - - - - cf17000f by Maurice Dauer at 2025-10-27T10:59:44+01:00 Bug 1419501 - Part 5: Framebusting intervention browser tests, r=maltejur,frontend-codestyle-reviewers Differential Revision: https://phabricator.services.mozilla.com/D259046 - - - - - 1386ba38 by Malte Jürgens at 2025-10-27T10:59:46+01:00 Bug 1419501 - Expand web-platform tests for preventing iframes from navigating their top window r=mdauer Differential Revision: https://phabricator.services.mozilla.com/D251179 - - - - - 73 changed files: - browser/base/content/browser-init.js - browser/base/content/browser-sitePermissionPanel.js - browser/base/content/browser.js - browser/base/content/browser.js.globals - browser/base/content/main-popupset.inc.xhtml - browser/base/content/navigator-toolbox.inc.xhtml - + browser/base/content/test/framebusting/browser.toml - + browser/base/content/test/framebusting/browser_framebusting_identity.js - + browser/base/content/test/framebusting/browser_framebusting_notification.js - + browser/base/content/test/framebusting/framebusting_intervention_frame.html - + browser/base/content/test/framebusting/framebusting_intervention_parent.html - + browser/base/content/test/framebusting/head.js - browser/base/moz.build - browser/components/enterprisepolicies/content/aboutPolicies.js - browser/components/preferences/dialogs/permissions.js - browser/components/preferences/privacy.inc.xhtml - browser/components/tabbrowser/content/tabbrowser.js - browser/locales/en-US/browser/browser.ftl - browser/locales/en-US/browser/policies/policies-descriptions.ftl - browser/locales/en-US/browser/preferences/permissions.ftl - browser/locales/en-US/browser/preferences/preferences.ftl - browser/locales/en-US/browser/sitePermissions.ftl - browser/locales/en-US/chrome/browser/sitePermissions.properties - + browser/modules/PopupAndRedirectBlockerObserver.sys.mjs - − browser/modules/PopupBlockerObserver.sys.mjs - browser/modules/SitePermissions.sys.mjs - browser/modules/moz.build - browser/modules/test/browser/browser_SitePermissions.js - browser/themes/shared/controlcenter/panel.css - docshell/base/BrowsingContext.cpp - docshell/base/BrowsingContext.h - docshell/base/nsDocShell.cpp - dom/base/Document.h - dom/base/nsGlobalWindowOuter.cpp - dom/base/nsGlobalWindowOuter.h - dom/base/nsPIDOMWindow.h - + dom/chrome-webidl/RedirectBlockedEvent.webidl - dom/chrome-webidl/moz.build - eslint-test-paths.config.mjs - modules/libpref/init/StaticPrefList.yaml - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture_after_failure.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_nested_same_site.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_same_site.tentative.html.ini - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation-manual.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_with_user_gesture.html - testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture_after_failure.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_nested_same_site.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_same_site.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child-with-user-gesture-after-failure.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child-with-user-gesture.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-grandparent.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-same-site.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-sandbox.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture-after-failure.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture-with-sandbox.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent.sub.html - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-without-user-gesture-failed.html - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation.html - testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/navigation-changed-iframe.html - + toolkit/actors/PopupAndRedirectBlockingChild.sys.mjs - + toolkit/actors/PopupAndRedirectBlockingParent.sys.mjs - − toolkit/actors/PopupBlockingChild.sys.mjs - − toolkit/actors/PopupBlockingParent.sys.mjs - toolkit/actors/moz.build - toolkit/content/widgets/browser-custom-element.mjs - toolkit/modules/ActorManagerParent.sys.mjs The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/10… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/10… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.4.0esr-15.0-1] 6 commits: Bug 1419501 - Part 1: Add `dom.security.framebusting_intervention.enabled` pref, r=maltejur
by ma1 (＠ma1) 27 Oct '25

27 Oct '25

ma1 pushed to branch base-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 83c8580e by Maurice Dauer at 2025-10-27T10:52:44+01:00 Bug 1419501 - Part 1: Add `dom.security.framebusting_intervention.enabled` pref, r=maltejur Differential Revision: https://phabricator.services.mozilla.com/D254677 - - - - - 3cf0d42a by Maurice Dauer at 2025-10-27T10:52:46+01:00 Bug 1419501 - Part 2: Rename existing user-facing popup related strings, r=fluent-reviewers,bolsson,Gijs Differential Revision: https://phabricator.services.mozilla.com/D254678 - - - - - aaff7995 by Maurice Dauer at 2025-10-27T10:52:47+01:00 Bug 1419501 - Part 3: Introduce `RedirectBlockedEvent`, r=maltejur,webidl,frontend-codestyle-reviewers,smaug Differential Revision: https://phabricator.services.mozilla.com/D254679 - - - - - 8e86d38d by Maurice Dauer at 2025-10-27T10:52:53+01:00 Bug 1419501 - Part 4: Implement framebusting intervention, r=fluent-reviewers,desktop-theme-reviewers,tabbrowser-reviewers,bolsson,edgar,mstriemer,sfoster,sthompson,emz Differential Revision: https://phabricator.services.mozilla.com/D254680 - - - - - 401f84cd by Maurice Dauer at 2025-10-27T10:52:58+01:00 Bug 1419501 - Part 5: Framebusting intervention browser tests, r=maltejur,frontend-codestyle-reviewers Differential Revision: https://phabricator.services.mozilla.com/D259046 - - - - - 1c2b0bcb by Malte Jürgens at 2025-10-27T10:53:02+01:00 Bug 1419501 - Expand web-platform tests for preventing iframes from navigating their top window r=mdauer Differential Revision: https://phabricator.services.mozilla.com/D251179 - - - - - 73 changed files: - browser/base/content/browser-init.js - browser/base/content/browser-sitePermissionPanel.js - browser/base/content/browser.js - browser/base/content/browser.js.globals - browser/base/content/main-popupset.inc.xhtml - browser/base/content/navigator-toolbox.inc.xhtml - + browser/base/content/test/framebusting/browser.toml - + browser/base/content/test/framebusting/browser_framebusting_identity.js - + browser/base/content/test/framebusting/browser_framebusting_notification.js - + browser/base/content/test/framebusting/framebusting_intervention_frame.html - + browser/base/content/test/framebusting/framebusting_intervention_parent.html - + browser/base/content/test/framebusting/head.js - browser/base/moz.build - browser/components/enterprisepolicies/content/aboutPolicies.js - browser/components/preferences/dialogs/permissions.js - browser/components/preferences/privacy.inc.xhtml - browser/components/tabbrowser/content/tabbrowser.js - browser/locales/en-US/browser/browser.ftl - browser/locales/en-US/browser/policies/policies-descriptions.ftl - browser/locales/en-US/browser/preferences/permissions.ftl - browser/locales/en-US/browser/preferences/preferences.ftl - browser/locales/en-US/browser/sitePermissions.ftl - browser/locales/en-US/chrome/browser/sitePermissions.properties - + browser/modules/PopupAndRedirectBlockerObserver.sys.mjs - − browser/modules/PopupBlockerObserver.sys.mjs - browser/modules/SitePermissions.sys.mjs - browser/modules/moz.build - browser/modules/test/browser/browser_SitePermissions.js - browser/themes/shared/controlcenter/panel.css - docshell/base/BrowsingContext.cpp - docshell/base/BrowsingContext.h - docshell/base/nsDocShell.cpp - dom/base/Document.h - dom/base/nsGlobalWindowOuter.cpp - dom/base/nsGlobalWindowOuter.h - dom/base/nsPIDOMWindow.h - + dom/chrome-webidl/RedirectBlockedEvent.webidl - dom/chrome-webidl/moz.build - eslint-test-paths.config.mjs - modules/libpref/init/StaticPrefList.yaml - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture_after_failure.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_nested_same_site.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_same_site.tentative.html.ini - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation-manual.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_with_user_gesture.html - testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture_after_failure.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_nested_same_site.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_same_site.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child-with-user-gesture-after-failure.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child-with-user-gesture.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-grandparent.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-same-site.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-sandbox.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture-after-failure.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture-with-sandbox.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent.sub.html - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-without-user-gesture-failed.html - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation.html - testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/navigation-changed-iframe.html - + toolkit/actors/PopupAndRedirectBlockingChild.sys.mjs - + toolkit/actors/PopupAndRedirectBlockingParent.sys.mjs - − toolkit/actors/PopupBlockingChild.sys.mjs - − toolkit/actors/PopupBlockingParent.sys.mjs - toolkit/actors/moz.build - toolkit/content/widgets/browser-custom-element.mjs - toolkit/modules/ActorManagerParent.sys.mjs The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/64a7d7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/64a7d7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.4.0esr-15.0-1] 6 commits: Bug 1419501 - Part 1: Add `dom.security.framebusting_intervention.enabled` pref, r=maltejur
by ma1 (＠ma1) 27 Oct '25

27 Oct '25

ma1 pushed to branch tor-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 83662ea5 by Maurice Dauer at 2025-10-26T23:32:00+01:00 Bug 1419501 - Part 1: Add `dom.security.framebusting_intervention.enabled` pref, r=maltejur Differential Revision: https://phabricator.services.mozilla.com/D254677 - - - - - 2f6bde7a by Maurice Dauer at 2025-10-26T23:33:06+01:00 Bug 1419501 - Part 2: Rename existing user-facing popup related strings, r=fluent-reviewers,bolsson,Gijs Differential Revision: https://phabricator.services.mozilla.com/D254678 - - - - - 053a859a by Maurice Dauer at 2025-10-27T09:26:13+01:00 Bug 1419501 - Part 3: Introduce `RedirectBlockedEvent`, r=maltejur,webidl,frontend-codestyle-reviewers,smaug Differential Revision: https://phabricator.services.mozilla.com/D254679 - - - - - 9880cffa by Maurice Dauer at 2025-10-27T09:26:28+01:00 Bug 1419501 - Part 4: Implement framebusting intervention, r=fluent-reviewers,desktop-theme-reviewers,tabbrowser-reviewers,bolsson,edgar,mstriemer,sfoster,sthompson,emz Differential Revision: https://phabricator.services.mozilla.com/D254680 - - - - - 5790ec50 by Maurice Dauer at 2025-10-27T09:26:30+01:00 Bug 1419501 - Part 5: Framebusting intervention browser tests, r=maltejur,frontend-codestyle-reviewers Differential Revision: https://phabricator.services.mozilla.com/D259046 - - - - - 02ba45e3 by Malte Jürgens at 2025-10-27T09:26:31+01:00 Bug 1419501 - Expand web-platform tests for preventing iframes from navigating their top window r=mdauer Differential Revision: https://phabricator.services.mozilla.com/D251179 - - - - - 73 changed files: - browser/base/content/browser-init.js - browser/base/content/browser-sitePermissionPanel.js - browser/base/content/browser.js - browser/base/content/browser.js.globals - browser/base/content/main-popupset.inc.xhtml - browser/base/content/navigator-toolbox.inc.xhtml - + browser/base/content/test/framebusting/browser.toml - + browser/base/content/test/framebusting/browser_framebusting_identity.js - + browser/base/content/test/framebusting/browser_framebusting_notification.js - + browser/base/content/test/framebusting/framebusting_intervention_frame.html - + browser/base/content/test/framebusting/framebusting_intervention_parent.html - + browser/base/content/test/framebusting/head.js - browser/base/moz.build - browser/components/enterprisepolicies/content/aboutPolicies.js - browser/components/preferences/dialogs/permissions.js - browser/components/preferences/privacy.inc.xhtml - browser/components/tabbrowser/content/tabbrowser.js - browser/locales/en-US/browser/browser.ftl - browser/locales/en-US/browser/policies/policies-descriptions.ftl - browser/locales/en-US/browser/preferences/permissions.ftl - browser/locales/en-US/browser/preferences/preferences.ftl - browser/locales/en-US/browser/sitePermissions.ftl - browser/locales/en-US/chrome/browser/sitePermissions.properties - + browser/modules/PopupAndRedirectBlockerObserver.sys.mjs - − browser/modules/PopupBlockerObserver.sys.mjs - browser/modules/SitePermissions.sys.mjs - browser/modules/moz.build - browser/modules/test/browser/browser_SitePermissions.js - browser/themes/shared/controlcenter/panel.css - docshell/base/BrowsingContext.cpp - docshell/base/BrowsingContext.h - docshell/base/nsDocShell.cpp - dom/base/Document.h - dom/base/nsGlobalWindowOuter.cpp - dom/base/nsGlobalWindowOuter.h - dom/base/nsPIDOMWindow.h - + dom/chrome-webidl/RedirectBlockedEvent.webidl - dom/chrome-webidl/moz.build - eslint-test-paths.config.mjs - modules/libpref/init/StaticPrefList.yaml - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture_after_failure.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_nested_same_site.tentative.html.ini - + testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_same_site.tentative.html.ini - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation-manual.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_with_user_gesture.html - testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_allow_top_navigation_by_user_activation_without_user_gesture.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_with_user_gesture_after_failure.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_nested_same_site.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_top_navigation_without_user_gesture_same_site.tentative.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child-with-user-gesture-after-failure.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child-with-user-gesture.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-child.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-grandparent.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-same-site.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-sandbox.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture-after-failure.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture-with-sandbox.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent-with-user-gesture.sub.html - + testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-parent.sub.html - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation-without-user-gesture-failed.html - − testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/iframe-that-performs-top-navigation.html - testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/support/navigation-changed-iframe.html - + toolkit/actors/PopupAndRedirectBlockingChild.sys.mjs - + toolkit/actors/PopupAndRedirectBlockingParent.sys.mjs - − toolkit/actors/PopupBlockingChild.sys.mjs - − toolkit/actors/PopupBlockingParent.sys.mjs - toolkit/actors/moz.build - toolkit/content/widgets/browser-custom-element.mjs - toolkit/modules/ActorManagerParent.sys.mjs The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/3195d9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/3195d9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.4.0esr-15.0-1] fixup! [android] Disable features and functionality
by clairehurst (＠clairehurst) 23 Oct '25

23 Oct '25

clairehurst pushed to branch tor-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 3195d965 by Dan Ballard at 2025-10-23T11:53:51-06:00 fixup! [android] Disable features and functionality Bug 43757: Disable setting for trending search - - - - - 1 changed file: - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/utils/Settings.kt Changes: ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/utils/Settings.kt ===================================== @@ -2098,7 +2098,7 @@ class Settings(private val appContext: Context) : PreferencesHolder { */ var isTrendingSearchesVisible by lazyFeatureFlagPreference( key = appContext.getPreferenceKey(R.string.pref_key_enable_trending_searches), - default = { FxNimbus.features.trendingSearches.value().enabled }, + default = { false }, featureFlag = true, ) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3195d96… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3195d96… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.4.0esr-15.0-1] [android] bug_44196 Persistent notification sometimes does not clear
by Dan Ballard (＠dan) 23 Oct '25

23 Oct '25

Dan Ballard pushed to branch tor-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 2c2a065e by clairehurst at 2025-10-23T10:48:15-07:00 [android] bug_44196 Persistent notification sometimes does not clear - - - - - 1 changed file: - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt Changes: ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt ===================================== @@ -1583,6 +1583,8 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity, TorAn } fun shutDown() : Nothing { + // If we don't manually stop the service, the persistent "close tabs" notification sometimes does not clear + applicationContext.stopService(Intent(applicationContext, PrivateNotificationService::class.java)) finishAndRemoveTask() exitProcess(0) } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/2c2a065… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/2c2a065… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41614: Update tools/signing/linux-signer-gpg-sign to sign aab files
by boklm (＠boklm) 23 Oct '25

23 Oct '25

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 99bc1230 by Nicolas Vigier at 2025-10-23T12:56:20+02:00 Bug 41614: Update tools/signing/linux-signer-gpg-sign to sign aab files - - - - - 1 changed file: - tools/signing/linux-signer-gpg-sign Changes: ===================================== tools/signing/linux-signer-gpg-sign ===================================== @@ -11,7 +11,7 @@ test -n "$GPG_PASS" || read -sp "Enter gpg passphrase: " GPG_PASS currentdir=$(pwd) for i in `find . -name "*.dmg" -o -name "*.exe" -o -name "*.tar.xz" \ -o -name "*.txt" -o -name "*.zip" -o -name "*.tar.gz" -o -name "*.apk" \ - -o -name "*.deb" -o -name "*.rpm" | sort` + -o -name "*.deb" -o -name "*.rpm" -o -name "*.aab" | sort` do if test -f "$i.asc" then View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-15.0] MB 466: Automate the release process / replace the new build email
by ma1 (＠ma1) 23 Oct '25

23 Oct '25

ma1 pushed to branch maint-15.0 at The Tor Project / Applications / tor-browser-build Commits: 2f4e7f76 by hackademix at 2025-10-23T11:59:47+02:00 MB 466: Automate the release process / replace the new build email - - - - - 3 changed files: - .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md - .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md - tools/signing/publish-github.mullvadbrowser Changes: ===================================== .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md ===================================== @@ -168,6 +168,7 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch ``` ### mullvad-browser (GitHub): https://github.com/mullvad/mullvad-browser/ +This step will send the relevant branches, tags (including a tag named after the release version, e.g. `16.0a1`) and the signed build for QA to Mullvad's github repository. - [ ] Assign this issue to someone with mullvad commit access, one of: - boklm - ma1 @@ -177,40 +178,10 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch ```bash cd tor-browser-build/tools/signing/ && ./publish-github.mullvadbrowser ``` - </details> <details> <summary>Communications</summary> - -### Mullvad -- [ ] Email Mullvad with release information: - - **Recipients** - - Mullvad support alias: support(a)mullvadvpn.net - - Rui Hildt: rui(a)mullvad.net - ``` - support(a)mullvadvpn.net, rui(a)mullvad.net, - ``` - - **Subject** - ``` - New build: Mullvad Browser ${MULLVAD_BROWSER_VERSION} (signed) - ``` - - **Body** - ``` - Hello, - - Branch+Tags have been pushed to Mullvad's GitHub repo. - - - signed builds: https://dist.torproject.org/mullvadbrowser/${MULLVAD_BROWSER_VERSION} - - update_response hashes: ${MULLVAD_UPDATE_RESPONSES_HASH} - - * https://gitlab.torproject.org/tpo/applications/mullvad-browser-update-respo… - - changelog: - # paste changelog as quote here - ... - ``` - ### packagers - [ ] **(Optional, Once Packages are pushed to GitHub)** - **NOTE**: This is an optional step and only necessary close a major release/transition from alpha to stable, or if there are major packing changes these developers need to be aware of ===================================== .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md ===================================== @@ -171,6 +171,7 @@ Mullvad Browser Stable is on the `maint-${MULLVAD_BROWSER_MAJOR}.${MULLVAD_BROWS ``` ### mullvad-browser (GitHub): https://github.com/mullvad/mullvad-browser/ +This step will send the relevant branches, tags (including a tag named after the release version, e.g. `15.0`) and the signed build for QA to Mullvad's github repository. - [ ] Assign this issue to someone with mullvad commit access, one of: - boklm - ma1 @@ -180,40 +181,14 @@ Mullvad Browser Stable is on the `maint-${MULLVAD_BROWSER_MAJOR}.${MULLVAD_BROWS ```bash cd tor-browser-build/tools/signing/ && ./publish-github.mullvadbrowser ``` - + - **NOTE**: if you need the release version tag to be suffixed someway, e.g. because it's a release candidate (`15.0rc1` instead of `15.0`), just add the fix as the first argument of the script: + ```bash + ./publish-github.mullvadbrowser rc1 + ``` </details> <details> <summary>Communications</summary> - -### Mullvad -- [ ] Email Mullvad with release information: - - **Recipients** - - Mullvad support alias: support(a)mullvadvpn.net - - Rui Hildt: rui(a)mullvad.net - ``` - support(a)mullvadvpn.net, rui(a)mullvad.net - ``` - - **Subject** - ``` - New build: Mullvad Browser ${MULLVAD_BROWSER_VERSION} (signed) - ``` - - **Body** - ``` - Hello, - - Branch+Tags have been pushed to Mullvad's GitHub repo. - - - signed builds: https://dist.torproject.org/mullvadbrowser/${MULLVAD_BROWSER_VERSION} - - update_response hashes: ${MULLVAD_UPDATE_RESPONSES_HASH}* - - * https://gitlab.torproject.org/tpo/applications/mullvad-browser-update-respo… - - changelog: - # paste changelog as quote here - ... - ``` - ### packagers - [ ] **(Once Packages are pushed to GitHub)** - **Recipients** ===================================== tools/signing/publish-github.mullvadbrowser ===================================== @@ -4,6 +4,17 @@ TBB_DIR="$SCRIPT_DIR/../.." function showconf { "$TBB_DIR/rbm/rbm" showconf $@ } + +# we may want to add a suffix to the release tag, e.g. rc1 +mbrtag_suffix="$1" +github_token=$(showconf release buildconf/devmole_auth_token2 2>/dev/null) +if ! [[ $github_token ]]; then + echo >&2 "Github token (buildconf/devmole_auth_token) missing!" + exit 1 +fi + +set -e + GL_REMOTE=git@gitlab.torproject.org:tpo/applications/mullvad-browser.git GH_REMOTE=git@github.com:mullvad/mullvad-browser.git CLONE_DIR="$TBB_DIR/git_clones/firefox" @@ -13,17 +24,19 @@ MB_TAG=$(showconf firefox git_hash $TARGET) MB_BRANCH=${MB_TAG//-build[0-9]*/} BB_BRANCH=${MB_BRANCH//mullvad-/base-} ESR_VERSION=$(showconf firefox var/firefox_version $TARGET) -RELEASE_VERSION=$(showconf release var/torbrowser_version $TARGET) +BASE_VERSION=$(showconf release var/torbrowser_version $TARGET) +RELEASE_VERSION="${BASE_VERSION}${mbrtag_suffix}" pushd >/dev/null ../../git_clones/firefox echo "Fetching $MB_BRANCH and tags..." git fetch --tags "$GL_REMOTE" "$MB_BRANCH" BB_TAG=$(git tag -l "$BB_BRANCH-build*" | tail -n1) FX_TAG=$(git tag -l "FIREFOX_${ESR_VERSION//\./_}*" | tail -n1) +echo "QA build version: $BASE_VERSION" echo "MB tag: $MB_TAG" echo "BB tag: $BB_TAG" echo "FX tag: $FX_TAG" echo "Mullvad release tag: $RELEASE_VERSION" -read -p "Do you want to tag mullvad $RELEASE_VERSION and push everything to ${GH_REMOTE}? (y/N) " -n 1 -r +read -p "Do you want to tag mullvad $RELEASE_VERSION and push tags/branches/QA build to ${GH_REMOTE}? (y/N) " -n 1 -r echo if ! [[ $REPLY =~ ^[Yy]$ ]]; then echo >&2 "Operation cancelled" @@ -37,3 +50,22 @@ git push "$GH_REMOTE" "$FX_TAG" git push "$GH_REMOTE" "$BB_TAG" git push "$GH_REMOTE" "$RELEASE_VERSION" popd >/dev/null + +# Call Mullvad's github workflow for new releases (mullvad-browser#466) + +version=$BASE_VERSION +response=$(curl -L \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $github_token" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "https://api.github.com/repos/mullvad/mullvad-browser/actions/workflows/new_…" \ + -d "{\"ref\":\"main\",\"inputs\":{\"version\":\"$version\"}}") + +if ! [ $response ]; then + echo "Build $BASE_VERSION submitted." +else + echo >&2 "Something went wrong with build submission:" + echo >&2 $response + exit 3 +fi View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] MB 466: Automate the release process / replace the new build email
by ma1 (＠ma1) 23 Oct '25

23 Oct '25

ma1 pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 48420e15 by hackademix at 2025-10-23T11:55:15+02:00 MB 466: Automate the release process / replace the new build email - - - - - 3 changed files: - .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md - .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md - tools/signing/publish-github.mullvadbrowser Changes: ===================================== .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md ===================================== @@ -168,6 +168,7 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch ``` ### mullvad-browser (GitHub): https://github.com/mullvad/mullvad-browser/ +This step will send the relevant branches, tags (including a tag named after the release version, e.g. `16.0a1`) and the signed build for QA to Mullvad's github repository. - [ ] Assign this issue to someone with mullvad commit access, one of: - boklm - ma1 @@ -177,40 +178,10 @@ Mullvad Browser Alpha (and Nightly) are on the `main` branch ```bash cd tor-browser-build/tools/signing/ && ./publish-github.mullvadbrowser ``` - </details> <details> <summary>Communications</summary> - -### Mullvad -- [ ] Email Mullvad with release information: - - **Recipients** - - Mullvad support alias: support(a)mullvadvpn.net - - Rui Hildt: rui(a)mullvad.net - ``` - support(a)mullvadvpn.net, rui(a)mullvad.net, - ``` - - **Subject** - ``` - New build: Mullvad Browser ${MULLVAD_BROWSER_VERSION} (signed) - ``` - - **Body** - ``` - Hello, - - Branch+Tags have been pushed to Mullvad's GitHub repo. - - - signed builds: https://dist.torproject.org/mullvadbrowser/${MULLVAD_BROWSER_VERSION} - - update_response hashes: ${MULLVAD_UPDATE_RESPONSES_HASH} - - * https://gitlab.torproject.org/tpo/applications/mullvad-browser-update-respo… - - changelog: - # paste changelog as quote here - ... - ``` - ### packagers - [ ] **(Optional, Once Packages are pushed to GitHub)** - **NOTE**: This is an optional step and only necessary close a major release/transition from alpha to stable, or if there are major packing changes these developers need to be aware of ===================================== .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md ===================================== @@ -171,6 +171,7 @@ Mullvad Browser Stable is on the `maint-${MULLVAD_BROWSER_MAJOR}.${MULLVAD_BROWS ``` ### mullvad-browser (GitHub): https://github.com/mullvad/mullvad-browser/ +This step will send the relevant branches, tags (including a tag named after the release version, e.g. `15.0`) and the signed build for QA to Mullvad's github repository. - [ ] Assign this issue to someone with mullvad commit access, one of: - boklm - ma1 @@ -180,40 +181,14 @@ Mullvad Browser Stable is on the `maint-${MULLVAD_BROWSER_MAJOR}.${MULLVAD_BROWS ```bash cd tor-browser-build/tools/signing/ && ./publish-github.mullvadbrowser ``` - + - **NOTE**: if you need the release version tag to be suffixed someway, e.g. because it's a release candidate (`15.0rc1` instead of `15.0`), just add the fix as the first argument of the script: + ```bash + ./publish-github.mullvadbrowser rc1 + ``` </details> <details> <summary>Communications</summary> - -### Mullvad -- [ ] Email Mullvad with release information: - - **Recipients** - - Mullvad support alias: support(a)mullvadvpn.net - - Rui Hildt: rui(a)mullvad.net - ``` - support(a)mullvadvpn.net, rui(a)mullvad.net - ``` - - **Subject** - ``` - New build: Mullvad Browser ${MULLVAD_BROWSER_VERSION} (signed) - ``` - - **Body** - ``` - Hello, - - Branch+Tags have been pushed to Mullvad's GitHub repo. - - - signed builds: https://dist.torproject.org/mullvadbrowser/${MULLVAD_BROWSER_VERSION} - - update_response hashes: ${MULLVAD_UPDATE_RESPONSES_HASH}* - - * https://gitlab.torproject.org/tpo/applications/mullvad-browser-update-respo… - - changelog: - # paste changelog as quote here - ... - ``` - ### packagers - [ ] **(Once Packages are pushed to GitHub)** - **Recipients** ===================================== tools/signing/publish-github.mullvadbrowser ===================================== @@ -4,6 +4,17 @@ TBB_DIR="$SCRIPT_DIR/../.." function showconf { "$TBB_DIR/rbm/rbm" showconf $@ } + +# we may want to add a suffix to the release tag, e.g. rc1 +mbrtag_suffix="$1" +github_token=$(showconf release buildconf/devmole_auth_token2 2>/dev/null) +if ! [[ $github_token ]]; then + echo >&2 "Github token (buildconf/devmole_auth_token) missing!" + exit 1 +fi + +set -e + GL_REMOTE=git@gitlab.torproject.org:tpo/applications/mullvad-browser.git GH_REMOTE=git@github.com:mullvad/mullvad-browser.git CLONE_DIR="$TBB_DIR/git_clones/firefox" @@ -13,17 +24,19 @@ MB_TAG=$(showconf firefox git_hash $TARGET) MB_BRANCH=${MB_TAG//-build[0-9]*/} BB_BRANCH=${MB_BRANCH//mullvad-/base-} ESR_VERSION=$(showconf firefox var/firefox_version $TARGET) -RELEASE_VERSION=$(showconf release var/torbrowser_version $TARGET) +BASE_VERSION=$(showconf release var/torbrowser_version $TARGET) +RELEASE_VERSION="${BASE_VERSION}${mbrtag_suffix}" pushd >/dev/null ../../git_clones/firefox echo "Fetching $MB_BRANCH and tags..." git fetch --tags "$GL_REMOTE" "$MB_BRANCH" BB_TAG=$(git tag -l "$BB_BRANCH-build*" | tail -n1) FX_TAG=$(git tag -l "FIREFOX_${ESR_VERSION//\./_}*" | tail -n1) +echo "QA build version: $BASE_VERSION" echo "MB tag: $MB_TAG" echo "BB tag: $BB_TAG" echo "FX tag: $FX_TAG" echo "Mullvad release tag: $RELEASE_VERSION" -read -p "Do you want to tag mullvad $RELEASE_VERSION and push everything to ${GH_REMOTE}? (y/N) " -n 1 -r +read -p "Do you want to tag mullvad $RELEASE_VERSION and push tags/branches/QA build to ${GH_REMOTE}? (y/N) " -n 1 -r echo if ! [[ $REPLY =~ ^[Yy]$ ]]; then echo >&2 "Operation cancelled" @@ -37,3 +50,22 @@ git push "$GH_REMOTE" "$FX_TAG" git push "$GH_REMOTE" "$BB_TAG" git push "$GH_REMOTE" "$RELEASE_VERSION" popd >/dev/null + +# Call Mullvad's github workflow for new releases (mullvad-browser#466) + +version=$BASE_VERSION +response=$(curl -L \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $github_token" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "https://api.github.com/repos/mullvad/mullvad-browser/actions/workflows/new_…" \ + -d "{\"ref\":\"main\",\"inputs\":{\"version\":\"$version\"}}") + +if ! [ $response ]; then + echo "Build $BASE_VERSION submitted." +else + echo >&2 "Something went wrong with build submission:" + echo >&2 $response + exit 3 +fi View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.4.0esr-15.0-1] fixup! BB 43140: Tighten up fonts on Linux.
by Pier Angelo Vendrame (＠pierov) 23 Oct '25

23 Oct '25

Pier Angelo Vendrame pushed to branch base-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 64a7d742 by Pier Angelo Vendrame at 2025-10-23T09:42:28+02:00 fixup! BB 43140: Tighten up fonts on Linux. BB 44286: Hardcode GTK system font. - - - - - 1 changed file: - widget/gtk/nsLookAndFeel.cpp Changes: ===================================== widget/gtk/nsLookAndFeel.cpp ===================================== @@ -1235,6 +1235,13 @@ static void GetSystemFontInfo(GtkStyleContext* aStyle, nsString* aFontName, gfxFontStyle* aFontStyle) { aFontStyle->style = FontSlantStyle::NORMAL; +#ifdef BASE_BROWSER_VERSION + *aFontName = u"\"Arimo\""; + aFontStyle->systemFont = true; + aFontStyle->weight = FontWeight::NORMAL; + aFontStyle->stretch = FontStretch::NORMAL; + aFontStyle->size = 14; +#else // As in // https://git.gnome.org/browse/gtk+/tree/gtk/gtkwidget.c?h=3.22.19#n10333 PangoFontDescription* desc; @@ -1269,6 +1276,7 @@ static void GetSystemFontInfo(GtkStyleContext* aStyle, nsString* aFontName, aFontStyle->size = size; pango_font_description_free(desc); +#endif } bool nsLookAndFeel::NativeGetFont(FontID aID, nsString& aFontName, View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/64a7d74… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/64a7d74… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.4.0esr-15.0-1] fixup! BB 43140: Tighten up fonts on Linux.
by Pier Angelo Vendrame (＠pierov) 23 Oct '25

23 Oct '25

Pier Angelo Vendrame pushed to branch mullvad-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 1007972e by Pier Angelo Vendrame at 2025-10-23T09:41:59+02:00 fixup! BB 43140: Tighten up fonts on Linux. BB 44286: Hardcode GTK system font. - - - - - 1 changed file: - widget/gtk/nsLookAndFeel.cpp Changes: ===================================== widget/gtk/nsLookAndFeel.cpp ===================================== @@ -1235,6 +1235,13 @@ static void GetSystemFontInfo(GtkStyleContext* aStyle, nsString* aFontName, gfxFontStyle* aFontStyle) { aFontStyle->style = FontSlantStyle::NORMAL; +#ifdef BASE_BROWSER_VERSION + *aFontName = u"\"Arimo\""; + aFontStyle->systemFont = true; + aFontStyle->weight = FontWeight::NORMAL; + aFontStyle->stretch = FontStretch::NORMAL; + aFontStyle->size = 14; +#else // As in // https://git.gnome.org/browse/gtk+/tree/gtk/gtkwidget.c?h=3.22.19#n10333 PangoFontDescription* desc; @@ -1269,6 +1276,7 @@ static void GetSystemFontInfo(GtkStyleContext* aStyle, nsString* aFontName, aFontStyle->size = size; pango_font_description_free(desc); +#endif } bool nsLookAndFeel::NativeGetFont(FontID aID, nsString& aFontName, View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/100… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/100… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.4.0esr-15.0-1] fixup! BB 43140: Tighten up fonts on Linux.
by Pier Angelo Vendrame (＠pierov) 23 Oct '25

23 Oct '25

Pier Angelo Vendrame pushed to branch tor-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 3c4a8e9f by Pier Angelo Vendrame at 2025-10-22T19:37:13+02:00 fixup! BB 43140: Tighten up fonts on Linux. BB 44286: Hardcode GTK system font. - - - - - 1 changed file: - widget/gtk/nsLookAndFeel.cpp Changes: ===================================== widget/gtk/nsLookAndFeel.cpp ===================================== @@ -1235,6 +1235,13 @@ static void GetSystemFontInfo(GtkStyleContext* aStyle, nsString* aFontName, gfxFontStyle* aFontStyle) { aFontStyle->style = FontSlantStyle::NORMAL; +#ifdef BASE_BROWSER_VERSION + *aFontName = u"\"Arimo\""; + aFontStyle->systemFont = true; + aFontStyle->weight = FontWeight::NORMAL; + aFontStyle->stretch = FontStretch::NORMAL; + aFontStyle->size = 14; +#else // As in // https://git.gnome.org/browse/gtk+/tree/gtk/gtkwidget.c?h=3.22.19#n10333 PangoFontDescription* desc; @@ -1269,6 +1276,7 @@ static void GetSystemFontInfo(GtkStyleContext* aStyle, nsString* aFontName, aFontStyle->size = size; pango_font_description_free(desc); +#endif } bool nsLookAndFeel::NativeGetFont(FontID aID, nsString& aFontName, View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3c4a8e9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3c4a8e9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-15.0] Bug 41609: Use new CDN77 fronts for snowflake
by morgan (＠morgan) 22 Oct '25

22 Oct '25

morgan pushed to branch maint-15.0 at The Tor Project / Applications / tor-browser-build Commits: f318cb64 by Cecylia Bocovich at 2025-10-22T17:27:13+00:00 Bug 41609: Use new CDN77 fronts for snowflake - - - - - 1 changed file: - projects/tor-expert-bundle/pt_config.json Changes: ===================================== projects/tor-expert-bundle/pt_config.json ===================================== @@ -23,8 +23,8 @@ "obfs4 51.222.13.177:80 5EDAC3B810E12B01F6FD8050D2FD3E277B289A08 cert=2uplIpLQ0q9+0qMFrK5pkaYRDOe460LL9WHBvatgkuRr/SL31wBOEupaMMJ6koRE6Ld0ew iat-mode=0" ], "snowflake" : [ - "snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://voluble-torrone-fc39bf.netlify.app/ fronts=vuejs.org ice=stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn", - "snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://voluble-torrone-fc39bf.netlify.app/ fronts=vuejs.org ice=stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn" + "snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://1098762253.rsc.cdn77.org/ fronts=app.datapacket.com,www.datapacket.com ice=stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn", + "snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://1098762253.rsc.cdn77.org/ fronts=app.datapacket.com,www.datapacket.com ice=stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn" ] } } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41609: Use new CDN77 fronts for snowflake
by morgan (＠morgan) 22 Oct '25

22 Oct '25

morgan pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 923359a0 by Cecylia Bocovich at 2025-10-22T17:24:54+00:00 Bug 41609: Use new CDN77 fronts for snowflake - - - - - 1 changed file: - projects/tor-expert-bundle/pt_config.json Changes: ===================================== projects/tor-expert-bundle/pt_config.json ===================================== @@ -23,8 +23,8 @@ "obfs4 51.222.13.177:80 5EDAC3B810E12B01F6FD8050D2FD3E277B289A08 cert=2uplIpLQ0q9+0qMFrK5pkaYRDOe460LL9WHBvatgkuRr/SL31wBOEupaMMJ6koRE6Ld0ew iat-mode=0" ], "snowflake" : [ - "snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://voluble-torrone-fc39bf.netlify.app/ fronts=vuejs.org ice=stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn", - "snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://voluble-torrone-fc39bf.netlify.app/ fronts=vuejs.org ice=stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn" + "snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://1098762253.rsc.cdn77.org/ fronts=app.datapacket.com,www.datapacket.com ice=stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn", + "snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://1098762253.rsc.cdn77.org/ fronts=app.datapacket.com,www.datapacket.com ice=stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn" ] } } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41609: Use new CDN77 fronts for snowflake
by morgan (＠morgan) 22 Oct '25

22 Oct '25

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: b77d601e by Cecylia Bocovich at 2025-10-22T16:44:49+00:00 Bug 41609: Use new CDN77 fronts for snowflake - - - - - 1 changed file: - projects/tor-expert-bundle/pt_config.json Changes: ===================================== projects/tor-expert-bundle/pt_config.json ===================================== @@ -23,8 +23,8 @@ "obfs4 51.222.13.177:80 5EDAC3B810E12B01F6FD8050D2FD3E277B289A08 cert=2uplIpLQ0q9+0qMFrK5pkaYRDOe460LL9WHBvatgkuRr/SL31wBOEupaMMJ6koRE6Ld0ew iat-mode=0" ], "snowflake" : [ - "snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://voluble-torrone-fc39bf.netlify.app/ fronts=vuejs.org ice=stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn", - "snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://voluble-torrone-fc39bf.netlify.app/ fronts=vuejs.org ice=stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn" + "snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://1098762253.rsc.cdn77.org/ fronts=app.datapacket.com,www.datapacket.com ice=stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn", + "snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://1098762253.rsc.cdn77.org/ fronts=app.datapacket.com,www.datapacket.com ice=stun:stun.epygi.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.mixvoip.com:3478,stun:stun.nextcloud.com:3478,stun:stun.bethesda.net:3478,stun:stun.nextcloud.com:443 utls-imitate=hellorandomizedalpn" ] } } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.4.0esr-15.0-1] Bug 1977787 - Match storage limit to common value/desktop for RFP in Android. r=timhuang
by Pier Angelo Vendrame (＠pierov) 22 Oct '25

22 Oct '25

Pier Angelo Vendrame pushed to branch mullvad-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 45f2b655 by Fatih Kilic at 2025-10-22T14:57:24+02:00 Bug 1977787 - Match storage limit to common value/desktop for RFP in Android. r=timhuang Differential Revision: https://phabricator.services.mozilla.com/D257850 - - - - - 2 changed files: - dom/quota/test/xpcshell/test_temporaryStorageRFP.js - toolkit/components/resistfingerprinting/nsRFPService.cpp Changes: ===================================== dom/quota/test/xpcshell/test_temporaryStorageRFP.js ===================================== @@ -36,10 +36,7 @@ async function testSteps() { request = reset(); await requestFinished(request); - let spoofedLimitBytes = 50 * GiB; - if (AppConstants.platform == "android") { - spoofedLimitBytes = 32 * GiB; - } + const spoofedLimitBytes = 50 * GiB; Services.prefs.setBoolPref("privacy.resistFingerprinting", true); ===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -2672,12 +2672,7 @@ CSSIntRect nsRFPService::GetSpoofedScreenAvailSize(const nsRect& aRect, /* static */ uint64_t nsRFPService::GetSpoofedStorageLimit() { - uint64_t gib = 1024ULL * 1024ULL * 1024ULL; // 1 GiB -#ifdef ANDROID - uint64_t limit = 32ULL * gib; // 32 GiB -#else - uint64_t limit = 50ULL * gib; // 50 GiB -#endif + uint64_t limit = 50ULL * 1024ULL * 1024ULL * 1024ULL; // 50 GiB MOZ_ASSERT(limit / 5 == dom::quota::QuotaManager::GetGroupLimitForLimit(limit)); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/45f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/45f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.4.0esr-15.0-1] Bug 1977787 - Match storage limit to common value/desktop for RFP in Android. r=timhuang
by Pier Angelo Vendrame (＠pierov) 22 Oct '25

22 Oct '25

Pier Angelo Vendrame pushed to branch base-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: e71d2634 by Fatih Kilic at 2025-10-22T14:56:30+02:00 Bug 1977787 - Match storage limit to common value/desktop for RFP in Android. r=timhuang Differential Revision: https://phabricator.services.mozilla.com/D257850 - - - - - 2 changed files: - dom/quota/test/xpcshell/test_temporaryStorageRFP.js - toolkit/components/resistfingerprinting/nsRFPService.cpp Changes: ===================================== dom/quota/test/xpcshell/test_temporaryStorageRFP.js ===================================== @@ -36,10 +36,7 @@ async function testSteps() { request = reset(); await requestFinished(request); - let spoofedLimitBytes = 50 * GiB; - if (AppConstants.platform == "android") { - spoofedLimitBytes = 32 * GiB; - } + const spoofedLimitBytes = 50 * GiB; Services.prefs.setBoolPref("privacy.resistFingerprinting", true); ===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -2672,12 +2672,7 @@ CSSIntRect nsRFPService::GetSpoofedScreenAvailSize(const nsRect& aRect, /* static */ uint64_t nsRFPService::GetSpoofedStorageLimit() { - uint64_t gib = 1024ULL * 1024ULL * 1024ULL; // 1 GiB -#ifdef ANDROID - uint64_t limit = 32ULL * gib; // 32 GiB -#else - uint64_t limit = 50ULL * gib; // 50 GiB -#endif + uint64_t limit = 50ULL * 1024ULL * 1024ULL * 1024ULL; // 50 GiB MOZ_ASSERT(limit / 5 == dom::quota::QuotaManager::GetGroupLimitForLimit(limit)); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e71d263… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e71d263… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.4.0esr-15.0-1] Bug 1977787 - Match storage limit to common value/desktop for RFP in Android. r=timhuang
by Pier Angelo Vendrame (＠pierov) 22 Oct '25

22 Oct '25

Pier Angelo Vendrame pushed to branch tor-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 632e2baa by Fatih Kilic at 2025-10-22T14:37:33+02:00 Bug 1977787 - Match storage limit to common value/desktop for RFP in Android. r=timhuang Differential Revision: https://phabricator.services.mozilla.com/D257850 - - - - - 2 changed files: - dom/quota/test/xpcshell/test_temporaryStorageRFP.js - toolkit/components/resistfingerprinting/nsRFPService.cpp Changes: ===================================== dom/quota/test/xpcshell/test_temporaryStorageRFP.js ===================================== @@ -36,10 +36,7 @@ async function testSteps() { request = reset(); await requestFinished(request); - let spoofedLimitBytes = 50 * GiB; - if (AppConstants.platform == "android") { - spoofedLimitBytes = 32 * GiB; - } + const spoofedLimitBytes = 50 * GiB; Services.prefs.setBoolPref("privacy.resistFingerprinting", true); ===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -2679,12 +2679,7 @@ CSSIntRect nsRFPService::GetSpoofedScreenAvailSize(const nsRect& aRect, /* static */ uint64_t nsRFPService::GetSpoofedStorageLimit() { - uint64_t gib = 1024ULL * 1024ULL * 1024ULL; // 1 GiB -#ifdef ANDROID - uint64_t limit = 32ULL * gib; // 32 GiB -#else - uint64_t limit = 50ULL * gib; // 50 GiB -#endif + uint64_t limit = 50ULL * 1024ULL * 1024ULL * 1024ULL; // 50 GiB MOZ_ASSERT(limit / 5 == dom::quota::QuotaManager::GetGroupLimitForLimit(limit)); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/632e2ba… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/632e2ba… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser-update-responses][main] 4 commits: release: new version, 15.0 (linux-x86_64)
by ma1 (＠ma1) 22 Oct '25

22 Oct '25

ma1 pushed to branch main at The Tor Project / Applications / mullvad-browser-update-responses Commits: 80855a3e by hackademix at 2025-10-22T13:15:27+02:00 release: new version, 15.0 (linux-x86_64) - - - - - 01635e1e by hackademix at 2025-10-22T13:15:27+02:00 release: new version, 15.0 (macos) - - - - - 3c859b1c by hackademix at 2025-10-22T13:15:28+02:00 release: new version, 15.0 (windows-x86_64) - - - - - 86d16720 by hackademix at 2025-10-22T13:15:28+02:00 release: new version, 15.0 - - - - - 31 changed files: - update_1/release/download-linux-x86_64.json - update_1/release/download-macos.json - update_1/release/download-windows-x86_64.json - update_1/release/downloads.json - update_1/release/linux-x86_64/.htaccess - − update_1/release/linux-x86_64/update-14.5.5-14.5.8-linux-x86_64.xml - − update_1/release/linux-x86_64/update-14.5.6-14.5.8-linux-x86_64.xml - + update_1/release/linux-x86_64/update-14.5.6-15.0-linux-x86_64.xml - − update_1/release/linux-x86_64/update-14.5.7-14.5.8-linux-x86_64.xml - + update_1/release/linux-x86_64/update-14.5.7-15.0-linux-x86_64.xml - + update_1/release/linux-x86_64/update-14.5.8-15.0-linux-x86_64.xml - − update_1/release/linux-x86_64/update-14.5.8-linux-x86_64.xml - + update_1/release/linux-x86_64/update-15.0-linux-x86_64.xml - update_1/release/macos/.htaccess - − update_1/release/macos/update-14.5.5-14.5.8-macos.xml - − update_1/release/macos/update-14.5.6-14.5.8-macos.xml - + update_1/release/macos/update-14.5.6-15.0-macos.xml - − update_1/release/macos/update-14.5.7-14.5.8-macos.xml - + update_1/release/macos/update-14.5.7-15.0-macos.xml - + update_1/release/macos/update-14.5.8-15.0-macos.xml - − update_1/release/macos/update-14.5.8-macos.xml - + update_1/release/macos/update-15.0-macos.xml - update_1/release/windows-x86_64/.htaccess - − update_1/release/windows-x86_64/update-14.5.5-14.5.8-windows-x86_64.xml - − update_1/release/windows-x86_64/update-14.5.6-14.5.8-windows-x86_64.xml - + update_1/release/windows-x86_64/update-14.5.6-15.0-windows-x86_64.xml - − update_1/release/windows-x86_64/update-14.5.7-14.5.8-windows-x86_64.xml - + update_1/release/windows-x86_64/update-14.5.7-15.0-windows-x86_64.xml - + update_1/release/windows-x86_64/update-14.5.8-15.0-windows-x86_64.xml - − update_1/release/windows-x86_64/update-14.5.8-windows-x86_64.xml - + update_1/release/windows-x86_64/update-15.0-windows-x86_64.xml The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser-update-respo… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser-update-respo… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.4.0esr-15.0-1] fixup! BB 40925: Implemented the Security Level component
by ma1 (＠ma1) 22 Oct '25

22 Oct '25

ma1 pushed to branch mullvad-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: bfc262ff by hackademix at 2025-10-22T13:03:23+02:00 fixup! BB 40925: Implemented the Security Level component BB 44275: Reduce console noise on security level guessing - - - - - 1 changed file: - toolkit/components/securitylevel/SecurityLevel.sys.mjs Changes: ===================================== toolkit/components/securitylevel/SecurityLevel.sys.mjs ===================================== @@ -350,14 +350,14 @@ var read_setting_from_prefs = function (prefNames) { const actual = Services.prefs.getBoolPref(prefName); if (wanted !== actual) { possibleSetting = false; - logger.info( + logger.debug( `${prefName} does not match level ${settingIndex}: ${actual}, should be ${wanted}!` ); break; } } if (possibleSetting) { - // We have a match! + logger.debug(`Preferences match level ${settingIndex}.`); return settingIndex; } } View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/bfc… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/bfc… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.4.0esr-15.0-1] fixup! BB 40925: Implemented the Security Level component
by ma1 (＠ma1) 22 Oct '25

22 Oct '25

ma1 pushed to branch base-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 290bf297 by hackademix at 2025-10-22T13:03:18+02:00 fixup! BB 40925: Implemented the Security Level component BB 44275: Reduce console noise on security level guessing - - - - - 1 changed file: - toolkit/components/securitylevel/SecurityLevel.sys.mjs Changes: ===================================== toolkit/components/securitylevel/SecurityLevel.sys.mjs ===================================== @@ -338,14 +338,14 @@ var read_setting_from_prefs = function (prefNames) { const actual = Services.prefs.getBoolPref(prefName); if (wanted !== actual) { possibleSetting = false; - logger.info( + logger.debug( `${prefName} does not match level ${settingIndex}: ${actual}, should be ${wanted}!` ); break; } } if (possibleSetting) { - // We have a match! + logger.debug(`Preferences match level ${settingIndex}.`); return settingIndex; } } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/290bf29… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/290bf29… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.4.0esr-15.0-1] fixup! BB 40925: Implemented the Security Level component
by ma1 (＠ma1) 22 Oct '25

22 Oct '25

ma1 pushed to branch tor-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 33251a1e by hackademix at 2025-10-22T11:43:47+02:00 fixup! BB 40925: Implemented the Security Level component BB 44275: Reduce console noise on security level guessing - - - - - 1 changed file: - toolkit/components/securitylevel/SecurityLevel.sys.mjs Changes: ===================================== toolkit/components/securitylevel/SecurityLevel.sys.mjs ===================================== @@ -338,14 +338,14 @@ var read_setting_from_prefs = function (prefNames) { const actual = Services.prefs.getBoolPref(prefName); if (wanted !== actual) { possibleSetting = false; - logger.info( + logger.debug( `${prefName} does not match level ${settingIndex}: ${actual}, should be ${wanted}!` ); break; } } if (possibleSetting) { - // We have a match! + logger.debug(`Preferences match level ${settingIndex}.`); return settingIndex; } } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/33251a1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/33251a1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.4.0esr-15.0-1] fixup! TB 43817: Add tests for Tor Browser
by Pier Angelo Vendrame (＠pierov) 22 Oct '25

22 Oct '25

Pier Angelo Vendrame pushed to branch tor-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 78327397 by Pier Angelo Vendrame at 2025-10-22T11:10:54+02:00 fixup! TB 43817: Add tests for Tor Browser TB 44280: Test stream isolation. - - - - - 2 changed files: - testing/tor/marionette.toml - + testing/tor/test_circuit_isolation.py Changes: ===================================== testing/tor/marionette.toml ===================================== @@ -1,3 +1,4 @@ [DEFAULT] +["test_circuit_isolation.py"] ["test_network_check.py"] ===================================== testing/tor/test_circuit_isolation.py ===================================== @@ -0,0 +1,98 @@ +from ipaddress import ip_address + +from marionette_driver import By +from marionette_driver.errors import NoSuchElementException +from marionette_harness import MarionetteTestCase + +TOR_BOOTSTRAP_TIMEOUT = 30000 # 30s + + +class TestCircuitIsolation(MarionetteTestCase): + + def bootstrap(self): + with self.marionette.using_context("chrome"): + self.marionette.execute_async_script( + """ + const { TorConnect, TorConnectTopics } = ChromeUtils.importESModule( + "resource://gre/modules/TorConnect.sys.mjs" + ); + const [resolve] = arguments; + + function waitForBootstrap() { + const topic = TorConnectTopics.BootstrapComplete; + Services.obs.addObserver(function observer() { + Services.obs.removeObserver(observer, topic); + resolve(); + }, topic); + TorConnect.beginBootstrapping(); + } + + const stageTopic = TorConnectTopics.StageChange; + function stageObserver() { + if (TorConnect.canBeginNormalBootstrap) { + Services.obs.removeObserver(stageObserver, stageTopic); + waitForBootstrap(); + } + } + Services.obs.addObserver(stageObserver, stageTopic); + stageObserver(); + """, + script_timeout=TOR_BOOTSTRAP_TIMEOUT, + ) + + def extract_from_check_tpo(self): + # Fetch the IP from check.torproject.org. + # In addition to that, since we are loading this page, we + # perform some additional sanity checks. + self.marionette.navigate("https://check.torproject.org/") + # When check.tpo's check succeed (i.e., it thinks we're + # connecting through tor), we should be able to find a h1.on, + # with some message... + on = self.marionette.find_element(By.CLASS_NAME, "on") + self.assertIsNotNone( + on, + "h1.on not found, you might not be connected through tor", + ) + # ... but if it fails, the message is inside a h1.off. We want + # to make sure we do not find that either (even though there is + # no reason for both of the h1 to be outputted at the moment). + self.assertRaises( + NoSuchElementException, + self.marionette.find_element, + By.CLASS_NAME, + "off", + ) + ip = self.marionette.find_element(By.TAG_NAME, "strong") + return ip_address(ip.text.strip()) + + def extract_generic(self, url): + # Fetch the IP address from any generic page that only contains + # the address. + self.marionette.navigate(url) + return ip_address( + self.marionette.execute_script( + "return document.documentElement.textContent" + ).strip() + ) + + def test_circuit_isolation(self): + self.bootstrap() + ips = [ + self.extract_from_check_tpo(), + self.extract_generic("https://am.i.mullvad.net/ip"), + self.extract_generic("https://test1.ifconfig.me/ip"), + ] + self.logger.info(f"Found the following IP addresses: {ips}") + unique_ips = set(ips) + self.logger.info(f"Found the following unique IP addresses: {unique_ips}") + self.assertEqual( + len(ips), + len(unique_ips), + "Some of the IP addresses we got are not unique.", + ) + duplicate = self.extract_generic("https://test2.ifconfig.me/ip") + self.assertEqual( + ips[-1], + duplicate, + "Two IPs that were expected to be equal are different, we might be over isolating!", + ) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7832739… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7832739… You're receiving this email because of your account on gitlab.torproject.org.

1 0