- tbb-commits - lists.torproject.org

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-128.14.0esr-14.5-1-build5
by ma1 (＠ma1) 16 Sep '25

16 Sep '25

ma1 pushed new tag mullvad-browser-128.14.0esr-14.5-1-build5 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.14.0esr-14.5-1] fixup! Bug 1913773 - Ensure mCurrentShmem is valid. r=aosmond
by ma1 (＠ma1) 16 Sep '25

16 Sep '25

ma1 pushed to branch mullvad-browser-128.14.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser Commits: fe5d9712 by hackademix at 2025-09-16T07:00:40+02:00 fixup! Bug 1913773 - Ensure mCurrentShmem is valid. r=aosmond Correct capitalization of "memory" for SharedMemoryBasic. - - - - - 1 changed file: - gfx/layers/ipc/CanvasTranslator.h Changes: ===================================== gfx/layers/ipc/CanvasTranslator.h ===================================== @@ -364,7 +364,7 @@ class CanvasTranslator final : public gfx::InlineTranslator, if (!shmem) { return {nullptr, 0}; } - return {static_cast<char*>(shmem->Memory()), Size()}; + return {static_cast<char*>(shmem->memory()), Size()}; } }; std::queue<CanvasShmem> mCanvasShmems; View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/fe5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/fe5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-128.14.0esr-14.5-1-build5
by ma1 (＠ma1) 16 Sep '25

16 Sep '25

ma1 pushed new tag tor-browser-128.14.0esr-14.5-1-build5 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.14.0esr-14.5-1] fixup! Bug 1913773 - Ensure mCurrentShmem is valid. r=aosmond
by ma1 (＠ma1) 16 Sep '25

16 Sep '25

ma1 pushed to branch tor-browser-128.14.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: fdb40486 by hackademix at 2025-09-16T01:30:20+02:00 fixup! Bug 1913773 - Ensure mCurrentShmem is valid. r=aosmond Correct capitalization of "memory" for SharedMemoryBasic. - - - - - 1 changed file: - gfx/layers/ipc/CanvasTranslator.h Changes: ===================================== gfx/layers/ipc/CanvasTranslator.h ===================================== @@ -364,7 +364,7 @@ class CanvasTranslator final : public gfx::InlineTranslator, if (!shmem) { return {nullptr, 0}; } - return {static_cast<char*>(shmem->Memory()), Size()}; + return {static_cast<char*>(shmem->memory()), Size()}; } }; std::queue<CanvasShmem> mCanvasShmems; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fdb4048… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fdb4048… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-128.14.0esr-14.5-1-build4
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed new tag mullvad-browser-128.14.0esr-14.5-1-build4 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.14.0esr-14.5-1] 3 commits: Revert "Bug 1986185. r=aosmond a=RyanVM"
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed to branch mullvad-browser-128.14.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser Commits: fa6f4582 by hackademix at 2025-09-16T00:50:48+02:00 Revert "Bug 1986185. r=aosmond a=RyanVM" This reverts commit df081c6cbd02a1c25bf1582bff5295a17bcff49a. - - - - - b96034cc by Lee Salzman at 2025-09-16T00:50:49+02:00 Bug 1913773 - Ensure mCurrentShmem is valid. r=aosmond Adapted from esr140 to esr128 (tor-browser#44199) Differential Revision: https://phabricator.services.mozilla.com/D219832 - - - - - 51680c11 by Lee Salzman at 2025-09-16T00:50:51+02:00 Bug 1986185. r=aosmond a=RyanVM Backported manually to 128esr, see BB 44199 Differential Revision: https://phabricator.services.mozilla.com/D263287 - - - - - 2 changed files: - gfx/layers/ipc/CanvasTranslator.cpp - gfx/layers/ipc/CanvasTranslator.h Changes: ===================================== gfx/layers/ipc/CanvasTranslator.cpp ===================================== @@ -270,7 +270,7 @@ void CanvasTranslator::AddBuffer(ipc::SharedMemoryBasic::Handle&& aBufferHandle, CheckAndSignalWriter(); // Default sized buffers will have been queued for recycling. - if (mCurrentShmem.Size() == mDefaultBufferSize) { + if (mCurrentShmem.IsValid() && mCurrentShmem.Size() == mDefaultBufferSize) { mCanvasShmems.emplace(std::move(mCurrentShmem)); } ===================================== gfx/layers/ipc/CanvasTranslator.h ===================================== @@ -358,9 +358,13 @@ class CanvasTranslator final : public gfx::InlineTranslator, struct CanvasShmem { RefPtr<ipc::SharedMemoryBasic> shmem; - auto Size() { return shmem->Size(); } + bool IsValid() const { return !!shmem; } + auto Size() { return shmem ? shmem->Size() : 0; } gfx::MemReader CreateMemReader() { - return {static_cast<char*>(shmem->memory()), Size()}; + if (!shmem) { + return {nullptr, 0}; + } + return {static_cast<char*>(shmem->Memory()), Size()}; } }; std::queue<CanvasShmem> mCanvasShmems; View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/65… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/65… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-128.14.0esr-14.5-1-build4
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed new tag tor-browser-128.14.0esr-14.5-1-build4 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.14.0esr-14.5-1] 3 commits: Revert "Bug 1986185. r=aosmond a=RyanVM"
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed to branch tor-browser-128.14.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: a9aed021 by hackademix at 2025-09-16T00:19:57+02:00 Revert "Bug 1986185. r=aosmond a=RyanVM" This reverts commit df081c6cbd02a1c25bf1582bff5295a17bcff49a. - - - - - 33f78ee9 by Lee Salzman at 2025-09-16T00:37:31+02:00 Bug 1913773 - Ensure mCurrentShmem is valid. r=aosmond Adapted from esr140 to esr128 (tor-browser#44199) Differential Revision: https://phabricator.services.mozilla.com/D219832 - - - - - a9dbcd0a by Lee Salzman at 2025-09-16T00:43:30+02:00 Bug 1986185. r=aosmond a=RyanVM Backported manually to 128esr, see BB 44199 Differential Revision: https://phabricator.services.mozilla.com/D263287 - - - - - 2 changed files: - gfx/layers/ipc/CanvasTranslator.cpp - gfx/layers/ipc/CanvasTranslator.h Changes: ===================================== gfx/layers/ipc/CanvasTranslator.cpp ===================================== @@ -270,7 +270,7 @@ void CanvasTranslator::AddBuffer(ipc::SharedMemoryBasic::Handle&& aBufferHandle, CheckAndSignalWriter(); // Default sized buffers will have been queued for recycling. - if (mCurrentShmem.Size() == mDefaultBufferSize) { + if (mCurrentShmem.IsValid() && mCurrentShmem.Size() == mDefaultBufferSize) { mCanvasShmems.emplace(std::move(mCurrentShmem)); } ===================================== gfx/layers/ipc/CanvasTranslator.h ===================================== @@ -358,9 +358,13 @@ class CanvasTranslator final : public gfx::InlineTranslator, struct CanvasShmem { RefPtr<ipc::SharedMemoryBasic> shmem; - auto Size() { return shmem->Size(); } + bool IsValid() const { return !!shmem; } + auto Size() { return shmem ? shmem->Size() : 0; } gfx::MemReader CreateMemReader() { - return {static_cast<char*>(shmem->memory()), Size()}; + if (!shmem) { + return {nullptr, 0}; + } + return {static_cast<char*>(shmem->Memory()), Size()}; } }; std::queue<CanvasShmem> mCanvasShmems; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/df081c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/df081c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Fix rbm.conf.
by Pier Angelo Vendrame (＠pierov) 15 Sep '25

15 Sep '25

Pier Angelo Vendrame pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 0d927a93 by Pier Angelo Vendrame at 2025-09-16T00:16:58+02:00 Fix rbm.conf. - - - - - 1 changed file: - rbm.conf Changes: ===================================== rbm.conf ===================================== @@ -79,6 +79,7 @@ var: # to be reproducible, browser_release_date should always be in the past. browser_release_date: '2025/08/18 19:35:49' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' + browser_platforms: # is_android_release and is_desktop_release are used to quickly # enable/disable all android or desktop platforms. If you want to # check whether a release includes some android or desktop platforms View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 40994: Add support in signing scripts to sign release for some archs only
by Pier Angelo Vendrame (＠pierov) 15 Sep '25

15 Sep '25

Pier Angelo Vendrame pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: b8e3ec96 by Nicolas Vigier at 2025-09-16T00:09:22+02:00 Bug 40994: Add support in signing scripts to sign release for some archs only - - - - - 3 changed files: - rbm.conf - tools/signing/do-all-signing - tools/signing/functions Changes: ===================================== rbm.conf ===================================== @@ -79,6 +79,38 @@ var: # to be reproducible, browser_release_date should always be in the past. browser_release_date: '2025/08/18 19:35:49' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' + # is_android_release and is_desktop_release are used to quickly + # enable/disable all android or desktop platforms. If you want to + # check whether a release includes some android or desktop platforms + # see signing_android and signing_desktop below. + is_android_release: '[% c("var/tor-browser") %]' + is_desktop_release: '1' + + # signing_android is used in signing scripts to check if at least + # one android platform is being signed/published + signing_android: | + [%- + c("var/browser_platforms/android-armv7") || + c("var/browser_platforms/android-x86") || + c("var/browser_platforms/android-x86_64") || + c("var/browser_platforms/android-aarch64") + -%] + # signing_desktop is used in signing scripts to check if at least + # one desktop platform is being signed/published + signing_desktop: | + [%- + c("var/browser_platforms/linux-x86_64") || + c("var/browser_platforms/linux-i686") || + c("var/browser_platforms/linux-aarch64") || + c("var/browser_platforms/windows-i686") || + c("var/browser_platforms/windows-x86_64") || + c("var/browser_platforms/macos") + -%] + signing_windows: | + [%- + c("var/browser_platforms/windows-i686") || + c("var/browser_platforms/windows-x86_64") + -%] updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: ===================================== tools/signing/do-all-signing ===================================== @@ -19,38 +19,66 @@ if [[ $1 = "-p" ]]; then shift fi +function is_legacy { + [[ "$tbb_version" = 13.* ]] +} + +if is_legacy; then + platform_android= + platform_desktop=1 + platform_macos=1 + platform_windows=1 +else + platform_android=$(rbm_showconf_boolean var/browser_platforms/signing_android) + platform_desktop=$(rbm_showconf_boolean var/browser_platforms/signing_desktop) + platform_macos=$(rbm_showconf_boolean var/browser_platforms/macos) + platform_windows=$(rbm_showconf_boolean var/browser_platforms/signing_windows) +fi + is_project torbrowser && nssdb=torbrowser-nssdb7 is_project mullvadbrowser && nssdb=mullvadbrowser-nssdb1 if [ -f "$passwords_gpg_file" ]; then echo "Reading passwords from $passwords_gpg_file" SEKRITS=$(gpg --decrypt "$passwords_gpg_file") - RCODESIGN_PW=$(get_sekrit 'rcodesign') - NSSPASS=$(get_sekrit "$nssdb (mar signing)") - KSPASS=$(get_sekrit "android apk ($tbb_version_type)") - YUBIPASS=$(get_sekrit "windows authenticode") + [ -n "$platform_macos" ] && \ + RCODESIGN_PW=$(get_sekrit 'rcodesign') + [ -n "$platform_desktop" ] && \ + NSSPASS=$(get_sekrit "$nssdb (mar signing)") + [ -n "$platform_android" ] && \ + KSPASS=$(get_sekrit "android apk ($tbb_version_type)") + [ -n "$platform_windows" ] && \ + YUBIPASS=$(get_sekrit "windows authenticode") GPG_PASS=$(get_sekrit "gpg") else echo "Rather than entering all the password manually, you may want to provide a gpg-encrypted file either on the command line (-p <filepath>) or in set-config.passwords." fi -test -f "$steps_dir/linux-signer-rcodesign-sign.done" || [ -n "$RCODESIGN_PW" ] || +[ -z "$platform_macos" ] || \ + [ -f "$steps_dir/linux-signer-rcodesign-sign.done" ] || \ + [ -n "$RCODESIGN_PW" ] || \ read -sp "Enter rcodesign passphrase for key-1: " RCODESIGN_PW echo -test -f "$steps_dir/linux-signer-signmars.done" || [ -n "$NSSPASS" ] || +[ -z "$platform_desktop" ] || \ + [ -f "$steps_dir/linux-signer-signmars.done" ] || \ + [ -n "$NSSPASS" ] || \ read -sp "Enter $nssdb (mar signing) passphrase: " NSSPASS echo -if is_project torbrowser; then - test -f "$steps_dir/linux-signer-sign-android-apks.done" || [ -n "$KSPASS" ] || - read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS - echo -fi -test -f "$steps_dir/linux-signer-authenticode-signing.done" || [ -n "$YUBIPASS" ] || +[ -z "$platform_android" ] || \ + [ -f "$steps_dir/linux-signer-sign-android-apks.done" ] || \ + [ -n "$KSPASS" ] || \ + read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS +echo + +[ -z "$platform_windows" ] || \ + [ -f "$steps_dir/linux-signer-authenticode-signing.done" ] || \ + [ -n "$YUBIPASS" ] || \ read -sp "Enter windows authenticode passphrase: " YUBIPASS echo -test -f "$steps_dir/linux-signer-gpg-sign.done" || [ -n "$GPG_PASS" ] || + +[ -f "$steps_dir/linux-signer-gpg-sign.done" ] || [ -n "$GPG_PASS" ] || \ read -sp "Enter gpg passphrase: " GPG_PASS echo @@ -199,10 +227,6 @@ function do_step { echo "$(date -Iseconds) - Finished step: $1" } -function is_legacy { - [[ "$tbb_version" = 13.* ]] -} - export SIGNING_PROJECTNAME do_step set-time-on-signing-machine @@ -210,23 +234,34 @@ do_step wait-for-finished-build do_step sync-builder-unsigned-to-local-signed do_step sync-scripts-to-linux-signer do_step sync-before-linux-signer-rcodesign-sign -do_step linux-signer-rcodesign-sign -do_step sync-linux-signer-macos-signed-tar-to-local -do_step rcodesign-notary-submit -do_step gatekeeper-bundling -do_step dmg2mar +[ -n "$platform_macos" ] && \ + do_step linux-signer-rcodesign-sign +[ -n "$platform_macos" ] && \ + do_step sync-linux-signer-macos-signed-tar-to-local +[ -n "$platform_macos" ] && \ + do_step rcodesign-notary-submit +[ -n "$platform_macos" ] && \ + do_step gatekeeper-bundling +[ -n "$platform_macos" ] && \ + do_step dmg2mar do_step sync-scripts-to-linux-signer do_step sync-before-linux-signer-signmars -do_step linux-signer-signmars -do_step sync-after-signmars -is_project torbrowser && ! is_legacy && \ +[ -n "$platform_desktop" ] && \ + do_step linux-signer-signmars +[ -n "$platform_desktop" ] && \ + do_step sync-after-signmars +[ -n "$platform_android" ] && \ do_step linux-signer-sign-android-apks -is_project torbrowser && ! is_legacy && \ +[ -n "$platform_android" ] && \ do_step sync-after-sign-android-apks -do_step linux-signer-authenticode-signing -do_step sync-after-authenticode-signing -do_step authenticode-timestamping -do_step sync-after-authenticode-timestamping +[ -n "$platform_windows" ] && \ + do_step linux-signer-authenticode-signing +[ -n "$platform_windows" ] && \ + do_step sync-after-authenticode-signing +[ -n "$platform_windows" ] && \ + do_step authenticode-timestamping +[ -n "$platform_windows" ] && \ + do_step sync-after-authenticode-timestamping do_step hash_signed_bundles do_step sync-after-hash do_step linux-signer-gpg-sign @@ -235,6 +270,6 @@ do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo do_step sync-local-to-staticiforme do_step sync-scripts-to-staticiforme do_step staticiforme-prepare-cdn-dist-upload -! is_legacy && +! is_legacy && [ -n "$platform_desktop" ] && \ do_step upload-update_responses-to-staticiforme do_step finished-signing-clean-linux-signer ===================================== tools/signing/functions ===================================== @@ -76,5 +76,17 @@ function display_name { fi } +function rbm_showconf { + "$rbm" showconf release "$1" --target "$SIGNING_PROJECTNAME" \ + --target "$tbb_version_type" +} + +function rbm_showconf_boolean { + local res=$(rbm_showconf "$1") + if [ -z "$res" ] || [ "a$res" = "a0" ]; then + return + fi + echo '1' +} . "$script_dir/set-config" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.3.0esr-15.0-1] TB 43976: [android] Remove default browser prompt
by Dan Ballard (＠dan) 15 Sep '25

15 Sep '25

Dan Ballard pushed to branch tor-browser-140.3.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 3010729e by clairehurst at 2025-09-15T13:25:21-07:00 TB 43976: [android] Remove default browser prompt tor-browser#43976 Remove default browser prompt - - - - - 1 changed file: - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/utils/Settings.kt Changes: ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/utils/Settings.kt ===================================== @@ -2351,11 +2351,7 @@ class Settings(private val appContext: Context) : PreferencesHolder { * Indicates if the Set as default Browser prompt should be displayed to the user. */ val shouldShowSetAsDefaultPrompt: Boolean - get() = - (System.currentTimeMillis() - lastSetAsDefaultPromptShownTimeInMillis) > - DAYS_BETWEEN_DEFAULT_BROWSER_PROMPTS * ONE_DAY_MS && - numberOfSetAsDefaultPromptShownTimes < MAX_NUMBER_OF_DEFAULT_BROWSER_PROMPTS && - coldStartsBetweenSetAsDefaultPrompts >= APP_COLD_STARTS_TO_SHOW_DEFAULT_PROMPT + get() = false // bug_43976 Remove default browser prompt /** * Updates the relevant settings when the "Set as Default Browser" prompt is shown. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3010729… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/3010729… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-140.3.0esr-15.0-1-build2
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed new tag mullvad-browser-140.3.0esr-15.0-1-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.3.0esr-15.0-1] 2 commits: Bug 1665334, r=mconley,fluent-reviewers,bolsson
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed to branch mullvad-browser-140.3.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 0c2a0537 by Emma Zuehlcke at 2025-09-15T22:24:00+02:00 Bug 1665334, r=mconley,fluent-reviewers,bolsson Differential Revision: https://phabricator.services.mozilla.com/D257293 - - - - - 0a35fc2a by Makoto Kato at 2025-09-15T22:24:02+02:00 Bug 1974025 - Check scheme into Intent data. r=geckoview-reviewers,tcampbell,nalexander a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D256952 - - - - - 3 changed files: - browser/locales/en-US/browser/webrtcIndicator.ftl - browser/modules/webrtcUI.sys.mjs - mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java Changes: ===================================== browser/locales/en-US/browser/webrtcIndicator.ftl ===================================== @@ -60,7 +60,7 @@ webrtc-screen-system-menu = ## These strings are only used on Mac for menus attached to icons ## near the clock on the mac menubar. ## Variables: -## $streamTitle (String): the title of the tab using the share. +## $streamTitle (String): the host of the tab using the share. ## $tabCount (Number): the title of the tab using the share. webrtc-indicator-menuitem-control-sharing = ===================================== browser/modules/webrtcUI.sys.mjs ===================================== @@ -983,8 +983,10 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { let stream = activeStreams[0]; const sharingItem = doc.createXULElement("menuitem"); - const streamTitle = stream.browser.contentTitle || stream.uri; - doc.l10n.setAttributes(sharingItem, l10nIds[0], { streamTitle }); + const displayHost = getDisplayHostForStream(stream); + doc.l10n.setAttributes(sharingItem, l10nIds[0], { + streamTitle: displayHost, + }); sharingItem.setAttribute("disabled", "true"); menu.appendChild(sharingItem); @@ -1008,11 +1010,11 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { for (let stream of activeStreams) { const controlItem = doc.createXULElement("menuitem"); - const streamTitle = stream.browser.contentTitle || stream.uri; + const displayHost = getDisplayHostForStream(stream); doc.l10n.setAttributes( controlItem, "webrtc-indicator-menuitem-control-sharing-on", - { streamTitle } + { streamTitle: displayHost } ); controlItem.stream = stream; controlItem.addEventListener("command", this); @@ -1021,6 +1023,25 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { } } +function getDisplayHostForStream(stream) { + let uri = Services.io.newURI(stream.uri); + + let displayHost; + + try { + displayHost = uri.displayHost; + } catch (ex) { + displayHost = null; + } + + // Host getter threw or returned "". Fall back to spec. + if (displayHost == null || displayHost == "") { + displayHost = uri.displaySpec; + } + + return displayHost; +} + function onTabSharingMenuPopupShowing(e) { const streams = webrtcUI.getActiveStreams(true, true, true, true); for (let streamInfo of streams) { ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java ===================================== @@ -89,7 +89,7 @@ public class IntentUtils { } if (("intent".equals(scheme) || "android-app".equals(scheme))) { - // Bug 1356893 - Rject intents with file data schemes. + // Bug 1356893 - Reject intents with file data schemes. return getSafeIntent(aUri) != null; } @@ -115,8 +115,11 @@ public class IntentUtils { } final Uri data = intent.getData(); - if (data != null && "file".equals(normalizeUriScheme(data).getScheme())) { - return null; + if (data != null) { + final String scheme = normalizeUriScheme(data).getScheme(); + if ("file".equals(scheme) || "fido".equals(scheme)) { + return null; + } } // Only open applications which can accept arbitrary data from a browser. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/16… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/16… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-128.14.0esr-14.5-1-build3
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed new tag mullvad-browser-128.14.0esr-14.5-1-build3 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.14.0esr-14.5-1] 10 commits: Bug 1665334, r=mconley,fluent-reviewers,bolsson
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed to branch mullvad-browser-128.14.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser Commits: febf4c83 by Emma Zuehlcke at 2025-09-15T22:21:22+02:00 Bug 1665334, r=mconley,fluent-reviewers,bolsson Differential Revision: https://phabricator.services.mozilla.com/D257293 - - - - - cc301f19 by Daniel Holbert at 2025-09-15T22:21:23+02:00 Bug 1970490: Use loading principal (rather than triggering principal) for CORS checks, by default. a=RyanVM This is essentially a backout of bug 1496505, putting its change behind a new off-by-default about:config pref[1] for now, in case there are use cases that require it. [1] content.cors.use_triggering_principal Original Revision: https://phabricator.services.mozilla.com/D252611 Differential Revision: https://phabricator.services.mozilla.com/D263611 - - - - - 111779ce by Makoto Kato at 2025-09-15T22:21:25+02:00 Bug 1974025 - Check scheme into Intent data. r=geckoview-reviewers,tcampbell,nalexander a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D256952 - - - - - 4c25597a by Jon Coppeard at 2025-09-15T22:21:26+02:00 Bug 1979502 - Check slices vector not empty before accessing the last slice r=sfink a=RyanVM |aborted| is reset to false at the end of a slice but GCRuntime::waitBackgroundSweepEnd can be called outside of a slice. Differential Revision: https://phabricator.services.mozilla.com/D260685 - - - - - ea3d5632 by longsonr at 2025-09-15T22:21:28+02:00 Bug 1980788 - Use std::size rather than hardcoding an array size a=RyanVM DONTBUILD Original Revision: https://phabricator.services.mozilla.com/D262967 Differential Revision: https://phabricator.services.mozilla.com/D263131 - - - - - ecda78b0 by Lee Salzman at 2025-09-15T22:21:29+02:00 Bug 1981283. r=ahale a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D260412 - - - - - aee1e3a4 by Jed Davis at 2025-09-15T22:21:30+02:00 Bug 1982763 - Re-add `CLONE_NEWIPC` to the Linux GMP sandbox. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D260923 Differential Revision: https://phabricator.services.mozilla.com/D263007 - - - - - 58c8b96e by Lee Salzman at 2025-09-15T22:21:32+02:00 Bug 1984825. r=jnicol a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D262611 - - - - - 67e9d857 by Lee Salzman at 2025-09-15T22:21:33+02:00 Bug 1985067. r=jnicol a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D262614 - - - - - 658910d2 by Lee Salzman at 2025-09-15T22:21:35+02:00 Bug 1986185. r=aosmond a=RyanVM Backported manually to 128esr, see BB 44199 Differential Revision: https://phabricator.services.mozilla.com/D263287 - - - - - 12 changed files: - browser/locales/en-US/browser/webrtcIndicator.ftl - browser/modules/webrtcUI.sys.mjs - dom/canvas/WebGLContext.cpp - dom/security/nsContentSecurityManager.cpp - gfx/2d/FilterProcessingScalar.cpp - gfx/2d/InlineTranslator.h - gfx/layers/ipc/CanvasTranslator.cpp - js/src/gc/Statistics.cpp - layout/printing/PrintTranslator.h - mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java - modules/libpref/init/StaticPrefList.yaml - security/sandbox/linux/launch/SandboxLaunch.cpp Changes: ===================================== browser/locales/en-US/browser/webrtcIndicator.ftl ===================================== @@ -60,7 +60,7 @@ webrtc-screen-system-menu = ## These strings are only used on Mac for menus attached to icons ## near the clock on the mac menubar. ## Variables: -## $streamTitle (String): the title of the tab using the share. +## $streamTitle (String): the host of the tab using the share. ## $tabCount (Number): the title of the tab using the share. webrtc-indicator-menuitem-control-sharing = ===================================== browser/modules/webrtcUI.sys.mjs ===================================== @@ -1048,8 +1048,10 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { let stream = activeStreams[0]; const sharingItem = doc.createXULElement("menuitem"); - const streamTitle = stream.browser.contentTitle || stream.uri; - doc.l10n.setAttributes(sharingItem, l10nIds[0], { streamTitle }); + const displayHost = getDisplayHostForStream(stream); + doc.l10n.setAttributes(sharingItem, l10nIds[0], { + streamTitle: displayHost, + }); sharingItem.setAttribute("disabled", "true"); menu.appendChild(sharingItem); @@ -1073,11 +1075,11 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { for (let stream of activeStreams) { const controlItem = doc.createXULElement("menuitem"); - const streamTitle = stream.browser.contentTitle || stream.uri; + const displayHost = getDisplayHostForStream(stream); doc.l10n.setAttributes( controlItem, "webrtc-indicator-menuitem-control-sharing-on", - { streamTitle } + { streamTitle: displayHost } ); controlItem.stream = stream; controlItem.addEventListener("command", this); @@ -1086,6 +1088,25 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { } } +function getDisplayHostForStream(stream) { + let uri = Services.io.newURI(stream.uri); + + let displayHost; + + try { + displayHost = uri.displayHost; + } catch (ex) { + displayHost = null; + } + + // Host getter threw or returned "". Fall back to spec. + if (displayHost == null || displayHost == "") { + displayHost = uri.displaySpec; + } + + return displayHost; +} + function onTabSharingMenuPopupShowing(e) { const streams = webrtcUI.getActiveStreams(true, true, true, true); for (let streamInfo of streams) { ===================================== dom/canvas/WebGLContext.cpp ===================================== @@ -7,8 +7,9 @@ #include <algorithm> #include <bitset> +#include <cctype> +#include <iterator> #include <queue> -#include <regex> #include "AccessCheck.h" #include "CompositableHost.h" @@ -2204,30 +2205,59 @@ Maybe<std::string> WebGLContext::GetString(const GLenum pname) const { // --------------------------------- Maybe<webgl::IndexedName> webgl::ParseIndexed(const std::string& str) { - static const std::regex kRegex("(.*)\\[([0-9]+)\\]"); - - std::smatch match; - if (!std::regex_match(str, match, kRegex)) return {}; + // Check if the string ends with a close bracket + if (str.size() < 2 || str.back() != ']') { + return {}; + } + // Search for the open bracket, only allow digits between brackets + const size_t closeBracket = str.size() - 1; + size_t openBracket = closeBracket; + for (;;) { + char c = str[--openBracket]; + if (isdigit(c)) { + if (openBracket <= 0) { + // At the beginning of string without an open bracket + return {}; + } + } else if (c == '[') { + // Found the open bracket + break; + } else { + // Found a non-digit + return {}; + } + } - const auto index = std::stoull(match[2]); - return Some(webgl::IndexedName{match[1], index}); + // Ensure non-empty digit sequence + size_t firstDigit = openBracket + 1; + if (firstDigit >= closeBracket) { + return {}; + } + const auto index = + std::stoull(str.substr(firstDigit, closeBracket - firstDigit)); + std::string name = str.substr(0, openBracket); + return Some(webgl::IndexedName{name, index}); } // ExplodeName("foo.bar[3].x") -> ["foo", ".", "bar", "[", "3", "]", ".", "x"] static std::vector<std::string> ExplodeName(const std::string& str) { std::vector<std::string> ret; - - static const std::regex kSep("[.[\\]]"); - - auto itr = std::regex_token_iterator<decltype(str.begin())>( - str.begin(), str.end(), kSep, {-1, 0}); - const auto end = decltype(itr)(); - - for (; itr != end; ++itr) { - const auto& part = itr->str(); - if (part.size()) { - ret.push_back(part); + size_t curPos = 0; + while (curPos < str.size()) { + // Find the next separator + size_t nextPos = str.find_first_of(".[]", curPos); + if (nextPos == std::string::npos) { + // If no separator found, add remaining substring + ret.push_back(str.substr(curPos)); + break; + } + // Add string between separators, if not empty + if (curPos < nextPos) { + ret.push_back(str.substr(curPos, nextPos - curPos)); } + // Add the separator + ret.push_back(str.substr(nextPos, 1)); + curPos = nextPos + 1; } return ret; } ===================================== dom/security/nsContentSecurityManager.cpp ===================================== @@ -45,6 +45,7 @@ #include "mozilla/Logging.h" #include "mozilla/Maybe.h" #include "mozilla/Preferences.h" +#include "mozilla/StaticPrefs_content.h" #include "mozilla/StaticPrefs_dom.h" #include "mozilla/StaticPrefs_security.h" #include "mozilla/Telemetry.h" @@ -364,10 +365,17 @@ static nsresult DoCORSChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo, return NS_OK; } - // We use the triggering principal here, rather than the loading principal - // to ensure that anonymous CORS content in the browser resources and in - // WebExtensions is allowed to load. - nsIPrincipal* principal = aLoadInfo->TriggeringPrincipal(); + nsIPrincipal* principal = aLoadInfo->GetLoadingPrincipal(); + if (StaticPrefs::content_cors_use_triggering_principal()) { + // We use the triggering principal here, rather than the loading principal, + // to ensure that WebExtensions can reuse their own resources from content + // that they inject into a page. + // + // TODO(dholbert): Is there actually a legitimate reason that WebExtensions + // might need this (as opposed to exposing their resources for use in + // web-content via the 'web_accessible_resources' manifest field)? + principal = aLoadInfo->TriggeringPrincipal(); + } RefPtr<nsCORSListenerProxy> corsListener = new nsCORSListenerProxy( aInAndOutListener, principal, aLoadInfo->GetCookiePolicy() == nsILoadInfo::SEC_COOKIES_INCLUDE); ===================================== gfx/2d/FilterProcessingScalar.cpp ===================================== @@ -47,12 +47,12 @@ static void ApplyMorphologyHorizontal_Scalar( x++, startX++, endX++) { int32_t sourceIndex = y * aSourceStride + 4 * startX; uint8_t u[4]; - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { u[i] = aSourceData[sourceIndex + i]; } sourceIndex += 4; for (int32_t ix = startX + 1; ix <= endX; ix++, sourceIndex += 4) { - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { if (Operator == MORPHOLOGY_OPERATOR_ERODE) { u[i] = umin(u[i], aSourceData[sourceIndex + i]); } else { @@ -62,7 +62,7 @@ static void ApplyMorphologyHorizontal_Scalar( } int32_t destIndex = y * aDestStride + 4 * x; - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { aDestData[destIndex + i] = u[i]; } } @@ -97,13 +97,13 @@ static void ApplyMorphologyVertical_Scalar( for (int32_t x = aDestRect.X(); x < aDestRect.XMost(); x++) { int32_t sourceIndex = startY * aSourceStride + 4 * x; uint8_t u[4]; - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { u[i] = aSourceData[sourceIndex + i]; } sourceIndex += aSourceStride; for (int32_t iy = startY + 1; iy <= endY; iy++, sourceIndex += aSourceStride) { - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { if (Operator == MORPHOLOGY_OPERATOR_ERODE) { u[i] = umin(u[i], aSourceData[sourceIndex + i]); } else { @@ -113,7 +113,7 @@ static void ApplyMorphologyVertical_Scalar( } int32_t destIndex = y * aDestStride + 4 * x; - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { aDestData[destIndex + i] = u[i]; } } ===================================== gfx/2d/InlineTranslator.h ===================================== @@ -92,7 +92,11 @@ class InlineTranslator : public Translator { already_AddRefed<SourceSurface> LookupExternalSurface(uint64_t aKey) override; void AddDrawTarget(ReferencePtr aRefPtr, DrawTarget* aDT) final { - mDrawTargets.InsertOrUpdate(aRefPtr, RefPtr{aDT}); + RefPtr<DrawTarget>& value = mDrawTargets.LookupOrInsert(aRefPtr); + if (mCurrentDT && mCurrentDT == value) { + mCurrentDT = nullptr; + } + value = aDT; } void AddPath(ReferencePtr aRefPtr, Path* aPath) final { ===================================== gfx/layers/ipc/CanvasTranslator.cpp ===================================== @@ -189,6 +189,10 @@ mozilla::ipc::IPCResult CanvasTranslator::RecvInitTranslator( } // Use the first buffer as our current buffer. + if (aBufferHandles.IsEmpty()) { + Deactivate(); + return IPC_FAIL(this, "No canvas buffer shared memory supplied."); + } mDefaultBufferSize = aBufferSize; auto handleIter = aBufferHandles.begin(); if (!CreateAndMapShmem(mCurrentShmem.shmem, std::move(*handleIter), @@ -365,11 +369,19 @@ void CanvasTranslator::GetDataSurface(uint64_t aSurfaceRef) { } void CanvasTranslator::RecycleBuffer() { + if (!mCurrentShmem.IsValid()) { + return; + } + mCanvasShmems.emplace(std::move(mCurrentShmem)); NextBuffer(); } void CanvasTranslator::NextBuffer() { + if (mCanvasShmems.empty()) { + return; + } + // Check and signal the writer when we finish with a buffer, because it // might have hit the buffer count limit and be waiting to use our old one. CheckAndSignalWriter(); ===================================== js/src/gc/Statistics.cpp ===================================== @@ -1518,7 +1518,7 @@ void Statistics::recordParallelPhase(PhaseKind phaseKind, TimeDuration duration) { MOZ_ASSERT(CurrentThreadCanAccessRuntime(gc->rt)); - if (aborted) { + if (slices_.empty()) { return; } ===================================== layout/printing/PrintTranslator.h ===================================== @@ -85,7 +85,11 @@ class PrintTranslator final : public Translator { } void AddDrawTarget(ReferencePtr aRefPtr, DrawTarget* aDT) final { - mDrawTargets.InsertOrUpdate(aRefPtr, RefPtr{aDT}); + RefPtr<DrawTarget>& value = mDrawTargets.LookupOrInsert(aRefPtr); + if (mCurrentDT && mCurrentDT == value) { + mCurrentDT = nullptr; + } + value = aDT; } void AddPath(ReferencePtr aRefPtr, Path* aPath) final { @@ -119,11 +123,11 @@ class PrintTranslator final : public Translator { } void RemoveDrawTarget(ReferencePtr aRefPtr) final { - ReferencePtr currentDT = mCurrentDT; - if (currentDT == aRefPtr) { + RefPtr<DrawTarget> removedDT; + if (mDrawTargets.Remove(aRefPtr, getter_AddRefs(removedDT)) && + mCurrentDT == removedDT) { mCurrentDT = nullptr; } - mDrawTargets.Remove(aRefPtr); } bool SetCurrentDrawTarget(ReferencePtr aRefPtr) final { ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java ===================================== @@ -72,7 +72,7 @@ public class IntentUtils { } if (("intent".equals(scheme) || "android-app".equals(scheme))) { - // Bug 1356893 - Rject intents with file data schemes. + // Bug 1356893 - Reject intents with file data schemes. return getSafeIntent(aUri) != null; } @@ -98,8 +98,11 @@ public class IntentUtils { } final Uri data = intent.getData(); - if (data != null && "file".equals(normalizeUriScheme(data).getScheme())) { - return null; + if (data != null) { + final String scheme = normalizeUriScheme(data).getScheme(); + if ("file".equals(scheme) || "fido".equals(scheme)) { + return null; + } } // Only open applications which can accept arbitrary data from a browser. ===================================== modules/libpref/init/StaticPrefList.yaml ===================================== @@ -1953,6 +1953,14 @@ value: false mirror: always +# If true, we'll use the triggering principal rather than the loading principal +# when doing CORS checks. This might be needed for WebExtensions to load their +# own resources from content that they inject into sites. +- name: content.cors.use_triggering_principal + type: bool + value: false + mirror: always + # Back off timer notification after count. # -1 means never. - name: content.notify.backoffcount ===================================== security/sandbox/linux/launch/SandboxLaunch.cpp ===================================== @@ -304,6 +304,8 @@ void SandboxLaunch::Configure(GeckoProcessType aType, SandboxingKind aKind, return; } + // Warning: don't combine multiple case labels, even if the code is + // currently the same, to avoid mistakes when changes are made. switch (aType) { case GeckoProcessType_Socket: if (level >= 1) { @@ -312,6 +314,12 @@ void SandboxLaunch::Configure(GeckoProcessType aType, SandboxingKind aKind, } break; case GeckoProcessType_GMPlugin: + if (level >= 1) { + canChroot = true; + flags |= CLONE_NEWIPC; + flags |= CLONE_NEWNET; + } + break; case GeckoProcessType_RDD: if (level >= 1) { canChroot = true; View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/66… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/66… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-140.3.0esr-15.0-1-build2
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed new tag tor-browser-140.3.0esr-15.0-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.3.0esr-15.0-1] 2 commits: Bug 1665334, r=mconley,fluent-reviewers,bolsson
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed to branch tor-browser-140.3.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 2cb4c1cb by Emma Zuehlcke at 2025-09-15T18:45:34+02:00 Bug 1665334, r=mconley,fluent-reviewers,bolsson Differential Revision: https://phabricator.services.mozilla.com/D257293 - - - - - 61800199 by Makoto Kato at 2025-09-15T19:20:12+02:00 Bug 1974025 - Check scheme into Intent data. r=geckoview-reviewers,tcampbell,nalexander a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D256952 - - - - - 3 changed files: - browser/locales/en-US/browser/webrtcIndicator.ftl - browser/modules/webrtcUI.sys.mjs - mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java Changes: ===================================== browser/locales/en-US/browser/webrtcIndicator.ftl ===================================== @@ -60,7 +60,7 @@ webrtc-screen-system-menu = ## These strings are only used on Mac for menus attached to icons ## near the clock on the mac menubar. ## Variables: -## $streamTitle (String): the title of the tab using the share. +## $streamTitle (String): the host of the tab using the share. ## $tabCount (Number): the title of the tab using the share. webrtc-indicator-menuitem-control-sharing = ===================================== browser/modules/webrtcUI.sys.mjs ===================================== @@ -983,8 +983,10 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { let stream = activeStreams[0]; const sharingItem = doc.createXULElement("menuitem"); - const streamTitle = stream.browser.contentTitle || stream.uri; - doc.l10n.setAttributes(sharingItem, l10nIds[0], { streamTitle }); + const displayHost = getDisplayHostForStream(stream); + doc.l10n.setAttributes(sharingItem, l10nIds[0], { + streamTitle: displayHost, + }); sharingItem.setAttribute("disabled", "true"); menu.appendChild(sharingItem); @@ -1008,11 +1010,11 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { for (let stream of activeStreams) { const controlItem = doc.createXULElement("menuitem"); - const streamTitle = stream.browser.contentTitle || stream.uri; + const displayHost = getDisplayHostForStream(stream); doc.l10n.setAttributes( controlItem, "webrtc-indicator-menuitem-control-sharing-on", - { streamTitle } + { streamTitle: displayHost } ); controlItem.stream = stream; controlItem.addEventListener("command", this); @@ -1021,6 +1023,25 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { } } +function getDisplayHostForStream(stream) { + let uri = Services.io.newURI(stream.uri); + + let displayHost; + + try { + displayHost = uri.displayHost; + } catch (ex) { + displayHost = null; + } + + // Host getter threw or returned "". Fall back to spec. + if (displayHost == null || displayHost == "") { + displayHost = uri.displaySpec; + } + + return displayHost; +} + function onTabSharingMenuPopupShowing(e) { const streams = webrtcUI.getActiveStreams(true, true, true, true); for (let streamInfo of streams) { ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java ===================================== @@ -89,7 +89,7 @@ public class IntentUtils { } if (("intent".equals(scheme) || "android-app".equals(scheme))) { - // Bug 1356893 - Rject intents with file data schemes. + // Bug 1356893 - Reject intents with file data schemes. return getSafeIntent(aUri) != null; } @@ -115,8 +115,11 @@ public class IntentUtils { } final Uri data = intent.getData(); - if (data != null && "file".equals(normalizeUriScheme(data).getScheme())) { - return null; + if (data != null) { + final String scheme = normalizeUriScheme(data).getScheme(); + if ("file".equals(scheme) || "fido".equals(scheme)) { + return null; + } } // Only open applications which can accept arbitrary data from a browser. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/e0d93d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/e0d93d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.28.0esr-13.5-1-build2
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed new tag tor-browser-115.28.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.28.0esr-13.5-1] 4 commits: Bug 1970490: Use loading principal (rather than triggering principal) for CORS...
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed to branch tor-browser-115.28.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 2bd05cc0 by Daniel Holbert at 2025-09-15T19:02:10+02:00 Bug 1970490: Use loading principal (rather than triggering principal) for CORS checks, by default. a=RyanVM This is essentially a backout of bug 1496505, putting its change behind a new off-by-default about:config pref[1] for now, in case there are use cases that require it. [1] content.cors.use_triggering_principal Original Revision: https://phabricator.services.mozilla.com/D252611 Differential Revision: https://phabricator.services.mozilla.com/D263611 - - - - - ecda4d58 by Jon Coppeard at 2025-09-15T19:36:49+02:00 Bug 1979502 - Check slices vector not empty before accessing the last slice r=sfink a=RyanVM |aborted| is reset to false at the end of a slice but GCRuntime::waitBackgroundSweepEnd can be called outside of a slice. Differential Revision: https://phabricator.services.mozilla.com/D260685 - - - - - 688debf8 by Lee Salzman at 2025-09-15T19:57:24+02:00 Bug 1981283. r=ahale a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D260412 - - - - - 1a51c17d by Jed Davis at 2025-09-15T20:11:50+02:00 Bug 1982763 - Re-add `CLONE_NEWIPC` to the Linux GMP sandbox. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D260923 Differential Revision: https://phabricator.services.mozilla.com/D263007 - - - - - 5 changed files: - dom/canvas/WebGLContext.cpp - dom/security/nsContentSecurityManager.cpp - js/src/gc/Statistics.cpp - modules/libpref/init/StaticPrefList.yaml - security/sandbox/linux/launch/SandboxLaunch.cpp Changes: ===================================== dom/canvas/WebGLContext.cpp ===================================== @@ -7,8 +7,9 @@ #include <algorithm> #include <bitset> +#include <cctype> +#include <iterator> #include <queue> -#include <regex> #include "AccessCheck.h" #include "CompositableHost.h" @@ -2011,30 +2012,59 @@ Maybe<std::string> WebGLContext::GetString(const GLenum pname) const { // --------------------------------- Maybe<webgl::IndexedName> webgl::ParseIndexed(const std::string& str) { - static const std::regex kRegex("(.*)\\[([0-9]+)\\]"); - - std::smatch match; - if (!std::regex_match(str, match, kRegex)) return {}; + // Check if the string ends with a close bracket + if (str.size() < 2 || str.back() != ']') { + return {}; + } + // Search for the open bracket, only allow digits between brackets + const size_t closeBracket = str.size() - 1; + size_t openBracket = closeBracket; + for (;;) { + char c = str[--openBracket]; + if (isdigit(c)) { + if (openBracket <= 0) { + // At the beginning of string without an open bracket + return {}; + } + } else if (c == '[') { + // Found the open bracket + break; + } else { + // Found a non-digit + return {}; + } + } - const auto index = std::stoull(match[2]); - return Some(webgl::IndexedName{match[1], index}); + // Ensure non-empty digit sequence + size_t firstDigit = openBracket + 1; + if (firstDigit >= closeBracket) { + return {}; + } + const auto index = + std::stoull(str.substr(firstDigit, closeBracket - firstDigit)); + std::string name = str.substr(0, openBracket); + return Some(webgl::IndexedName{name, index}); } // ExplodeName("foo.bar[3].x") -> ["foo", ".", "bar", "[", "3", "]", ".", "x"] static std::vector<std::string> ExplodeName(const std::string& str) { std::vector<std::string> ret; - - static const std::regex kSep("[.[\\]]"); - - auto itr = std::regex_token_iterator<decltype(str.begin())>( - str.begin(), str.end(), kSep, {-1, 0}); - const auto end = decltype(itr)(); - - for (; itr != end; ++itr) { - const auto& part = itr->str(); - if (part.size()) { - ret.push_back(part); + size_t curPos = 0; + while (curPos < str.size()) { + // Find the next separator + size_t nextPos = str.find_first_of(".[]", curPos); + if (nextPos == std::string::npos) { + // If no separator found, add remaining substring + ret.push_back(str.substr(curPos)); + break; + } + // Add string between separators, if not empty + if (curPos < nextPos) { + ret.push_back(str.substr(curPos, nextPos - curPos)); } + // Add the separator + ret.push_back(str.substr(nextPos, 1)); + curPos = nextPos + 1; } return ret; } ===================================== dom/security/nsContentSecurityManager.cpp ===================================== @@ -45,6 +45,7 @@ #include "mozilla/Logging.h" #include "mozilla/Maybe.h" #include "mozilla/Preferences.h" +#include "mozilla/StaticPrefs_content.h" #include "mozilla/StaticPrefs_dom.h" #include "mozilla/StaticPrefs_security.h" #include "mozilla/Telemetry.h" @@ -364,10 +365,17 @@ static nsresult DoCORSChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo, return NS_OK; } - // We use the triggering principal here, rather than the loading principal - // to ensure that anonymous CORS content in the browser resources and in - // WebExtensions is allowed to load. - nsIPrincipal* principal = aLoadInfo->TriggeringPrincipal(); + nsIPrincipal* principal = aLoadInfo->GetLoadingPrincipal(); + if (StaticPrefs::content_cors_use_triggering_principal()) { + // We use the triggering principal here, rather than the loading principal, + // to ensure that WebExtensions can reuse their own resources from content + // that they inject into a page. + // + // TODO(dholbert): Is there actually a legitimate reason that WebExtensions + // might need this (as opposed to exposing their resources for use in + // web-content via the 'web_accessible_resources' manifest field)? + principal = aLoadInfo->TriggeringPrincipal(); + } RefPtr<nsCORSListenerProxy> corsListener = new nsCORSListenerProxy( aInAndOutListener, principal, aLoadInfo->GetCookiePolicy() == nsILoadInfo::SEC_COOKIES_INCLUDE); ===================================== js/src/gc/Statistics.cpp ===================================== @@ -1515,7 +1515,7 @@ void Statistics::recordParallelPhase(PhaseKind phaseKind, TimeDuration duration) { MOZ_ASSERT(CurrentThreadCanAccessRuntime(gc->rt)); - if (aborted) { + if (slices_.empty()) { return; } ===================================== modules/libpref/init/StaticPrefList.yaml ===================================== @@ -1915,6 +1915,14 @@ value: false mirror: always +# If true, we'll use the triggering principal rather than the loading principal +# when doing CORS checks. This might be needed for WebExtensions to load their +# own resources from content that they inject into sites. +- name: content.cors.use_triggering_principal + type: bool + value: false + mirror: always + # Back off timer notification after count. # -1 means never. - name: content.notify.backoffcount ===================================== security/sandbox/linux/launch/SandboxLaunch.cpp ===================================== @@ -317,6 +317,8 @@ void SandboxLaunchPrepare(GeckoProcessType aType, return; } + // Warning: don't combine multiple case labels, even if the code is + // currently the same, to avoid mistakes when changes are made. switch (aType) { case GeckoProcessType_Socket: if (level >= 1) { @@ -325,6 +327,12 @@ void SandboxLaunchPrepare(GeckoProcessType aType, } break; case GeckoProcessType_GMPlugin: + if (level >= 1) { + canChroot = true; + flags |= CLONE_NEWIPC; + flags |= CLONE_NEWNET; + } + break; case GeckoProcessType_RDD: if (level >= 1) { canChroot = true; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/0ae6e8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/0ae6e8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-128.14.0esr-14.5-1-build3
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed new tag tor-browser-128.14.0esr-14.5-1-build3 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.14.0esr-14.5-1] 10 commits: Bug 1665334, r=mconley,fluent-reviewers,bolsson
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed to branch tor-browser-128.14.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 2886bc79 by Emma Zuehlcke at 2025-09-15T17:37:23+02:00 Bug 1665334, r=mconley,fluent-reviewers,bolsson Differential Revision: https://phabricator.services.mozilla.com/D257293 - - - - - f26c48dc by Daniel Holbert at 2025-09-15T19:00:18+02:00 Bug 1970490: Use loading principal (rather than triggering principal) for CORS checks, by default. a=RyanVM This is essentially a backout of bug 1496505, putting its change behind a new off-by-default about:config pref[1] for now, in case there are use cases that require it. [1] content.cors.use_triggering_principal Original Revision: https://phabricator.services.mozilla.com/D252611 Differential Revision: https://phabricator.services.mozilla.com/D263611 - - - - - 6c8a1f0f by Makoto Kato at 2025-09-15T19:21:35+02:00 Bug 1974025 - Check scheme into Intent data. r=geckoview-reviewers,tcampbell,nalexander a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D256952 - - - - - 81543294 by Jon Coppeard at 2025-09-15T19:34:28+02:00 Bug 1979502 - Check slices vector not empty before accessing the last slice r=sfink a=RyanVM |aborted| is reset to false at the end of a slice but GCRuntime::waitBackgroundSweepEnd can be called outside of a slice. Differential Revision: https://phabricator.services.mozilla.com/D260685 - - - - - 11317e5a by longsonr at 2025-09-15T19:55:19+02:00 Bug 1980788 - Use std::size rather than hardcoding an array size a=RyanVM DONTBUILD Original Revision: https://phabricator.services.mozilla.com/D262967 Differential Revision: https://phabricator.services.mozilla.com/D263131 - - - - - 9b2fe8ef by Lee Salzman at 2025-09-15T19:59:04+02:00 Bug 1981283. r=ahale a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D260412 - - - - - 2517a786 by Jed Davis at 2025-09-15T20:07:53+02:00 Bug 1982763 - Re-add `CLONE_NEWIPC` to the Linux GMP sandbox. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D260923 Differential Revision: https://phabricator.services.mozilla.com/D263007 - - - - - 4cf3c86c by Lee Salzman at 2025-09-15T20:12:58+02:00 Bug 1984825. r=jnicol a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D262611 - - - - - 85d7a5cb by Lee Salzman at 2025-09-15T20:13:42+02:00 Bug 1985067. r=jnicol a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D262614 - - - - - df081c6c by Lee Salzman at 2025-09-15T20:39:59+02:00 Bug 1986185. r=aosmond a=RyanVM Backported manually to 128esr, see BB 44199 Differential Revision: https://phabricator.services.mozilla.com/D263287 - - - - - 12 changed files: - browser/locales/en-US/browser/webrtcIndicator.ftl - browser/modules/webrtcUI.sys.mjs - dom/canvas/WebGLContext.cpp - dom/security/nsContentSecurityManager.cpp - gfx/2d/FilterProcessingScalar.cpp - gfx/2d/InlineTranslator.h - gfx/layers/ipc/CanvasTranslator.cpp - js/src/gc/Statistics.cpp - layout/printing/PrintTranslator.h - mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java - modules/libpref/init/StaticPrefList.yaml - security/sandbox/linux/launch/SandboxLaunch.cpp Changes: ===================================== browser/locales/en-US/browser/webrtcIndicator.ftl ===================================== @@ -60,7 +60,7 @@ webrtc-screen-system-menu = ## These strings are only used on Mac for menus attached to icons ## near the clock on the mac menubar. ## Variables: -## $streamTitle (String): the title of the tab using the share. +## $streamTitle (String): the host of the tab using the share. ## $tabCount (Number): the title of the tab using the share. webrtc-indicator-menuitem-control-sharing = ===================================== browser/modules/webrtcUI.sys.mjs ===================================== @@ -1048,8 +1048,10 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { let stream = activeStreams[0]; const sharingItem = doc.createXULElement("menuitem"); - const streamTitle = stream.browser.contentTitle || stream.uri; - doc.l10n.setAttributes(sharingItem, l10nIds[0], { streamTitle }); + const displayHost = getDisplayHostForStream(stream); + doc.l10n.setAttributes(sharingItem, l10nIds[0], { + streamTitle: displayHost, + }); sharingItem.setAttribute("disabled", "true"); menu.appendChild(sharingItem); @@ -1073,11 +1075,11 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { for (let stream of activeStreams) { const controlItem = doc.createXULElement("menuitem"); - const streamTitle = stream.browser.contentTitle || stream.uri; + const displayHost = getDisplayHostForStream(stream); doc.l10n.setAttributes( controlItem, "webrtc-indicator-menuitem-control-sharing-on", - { streamTitle } + { streamTitle: displayHost } ); controlItem.stream = stream; controlItem.addEventListener("command", this); @@ -1086,6 +1088,25 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { } } +function getDisplayHostForStream(stream) { + let uri = Services.io.newURI(stream.uri); + + let displayHost; + + try { + displayHost = uri.displayHost; + } catch (ex) { + displayHost = null; + } + + // Host getter threw or returned "". Fall back to spec. + if (displayHost == null || displayHost == "") { + displayHost = uri.displaySpec; + } + + return displayHost; +} + function onTabSharingMenuPopupShowing(e) { const streams = webrtcUI.getActiveStreams(true, true, true, true); for (let streamInfo of streams) { ===================================== dom/canvas/WebGLContext.cpp ===================================== @@ -7,8 +7,9 @@ #include <algorithm> #include <bitset> +#include <cctype> +#include <iterator> #include <queue> -#include <regex> #include "AccessCheck.h" #include "CompositableHost.h" @@ -2204,30 +2205,59 @@ Maybe<std::string> WebGLContext::GetString(const GLenum pname) const { // --------------------------------- Maybe<webgl::IndexedName> webgl::ParseIndexed(const std::string& str) { - static const std::regex kRegex("(.*)\\[([0-9]+)\\]"); - - std::smatch match; - if (!std::regex_match(str, match, kRegex)) return {}; + // Check if the string ends with a close bracket + if (str.size() < 2 || str.back() != ']') { + return {}; + } + // Search for the open bracket, only allow digits between brackets + const size_t closeBracket = str.size() - 1; + size_t openBracket = closeBracket; + for (;;) { + char c = str[--openBracket]; + if (isdigit(c)) { + if (openBracket <= 0) { + // At the beginning of string without an open bracket + return {}; + } + } else if (c == '[') { + // Found the open bracket + break; + } else { + // Found a non-digit + return {}; + } + } - const auto index = std::stoull(match[2]); - return Some(webgl::IndexedName{match[1], index}); + // Ensure non-empty digit sequence + size_t firstDigit = openBracket + 1; + if (firstDigit >= closeBracket) { + return {}; + } + const auto index = + std::stoull(str.substr(firstDigit, closeBracket - firstDigit)); + std::string name = str.substr(0, openBracket); + return Some(webgl::IndexedName{name, index}); } // ExplodeName("foo.bar[3].x") -> ["foo", ".", "bar", "[", "3", "]", ".", "x"] static std::vector<std::string> ExplodeName(const std::string& str) { std::vector<std::string> ret; - - static const std::regex kSep("[.[\\]]"); - - auto itr = std::regex_token_iterator<decltype(str.begin())>( - str.begin(), str.end(), kSep, {-1, 0}); - const auto end = decltype(itr)(); - - for (; itr != end; ++itr) { - const auto& part = itr->str(); - if (part.size()) { - ret.push_back(part); + size_t curPos = 0; + while (curPos < str.size()) { + // Find the next separator + size_t nextPos = str.find_first_of(".[]", curPos); + if (nextPos == std::string::npos) { + // If no separator found, add remaining substring + ret.push_back(str.substr(curPos)); + break; + } + // Add string between separators, if not empty + if (curPos < nextPos) { + ret.push_back(str.substr(curPos, nextPos - curPos)); } + // Add the separator + ret.push_back(str.substr(nextPos, 1)); + curPos = nextPos + 1; } return ret; } ===================================== dom/security/nsContentSecurityManager.cpp ===================================== @@ -45,6 +45,7 @@ #include "mozilla/Logging.h" #include "mozilla/Maybe.h" #include "mozilla/Preferences.h" +#include "mozilla/StaticPrefs_content.h" #include "mozilla/StaticPrefs_dom.h" #include "mozilla/StaticPrefs_security.h" #include "mozilla/Telemetry.h" @@ -364,10 +365,17 @@ static nsresult DoCORSChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo, return NS_OK; } - // We use the triggering principal here, rather than the loading principal - // to ensure that anonymous CORS content in the browser resources and in - // WebExtensions is allowed to load. - nsIPrincipal* principal = aLoadInfo->TriggeringPrincipal(); + nsIPrincipal* principal = aLoadInfo->GetLoadingPrincipal(); + if (StaticPrefs::content_cors_use_triggering_principal()) { + // We use the triggering principal here, rather than the loading principal, + // to ensure that WebExtensions can reuse their own resources from content + // that they inject into a page. + // + // TODO(dholbert): Is there actually a legitimate reason that WebExtensions + // might need this (as opposed to exposing their resources for use in + // web-content via the 'web_accessible_resources' manifest field)? + principal = aLoadInfo->TriggeringPrincipal(); + } RefPtr<nsCORSListenerProxy> corsListener = new nsCORSListenerProxy( aInAndOutListener, principal, aLoadInfo->GetCookiePolicy() == nsILoadInfo::SEC_COOKIES_INCLUDE); ===================================== gfx/2d/FilterProcessingScalar.cpp ===================================== @@ -47,12 +47,12 @@ static void ApplyMorphologyHorizontal_Scalar( x++, startX++, endX++) { int32_t sourceIndex = y * aSourceStride + 4 * startX; uint8_t u[4]; - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { u[i] = aSourceData[sourceIndex + i]; } sourceIndex += 4; for (int32_t ix = startX + 1; ix <= endX; ix++, sourceIndex += 4) { - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { if (Operator == MORPHOLOGY_OPERATOR_ERODE) { u[i] = umin(u[i], aSourceData[sourceIndex + i]); } else { @@ -62,7 +62,7 @@ static void ApplyMorphologyHorizontal_Scalar( } int32_t destIndex = y * aDestStride + 4 * x; - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { aDestData[destIndex + i] = u[i]; } } @@ -97,13 +97,13 @@ static void ApplyMorphologyVertical_Scalar( for (int32_t x = aDestRect.X(); x < aDestRect.XMost(); x++) { int32_t sourceIndex = startY * aSourceStride + 4 * x; uint8_t u[4]; - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { u[i] = aSourceData[sourceIndex + i]; } sourceIndex += aSourceStride; for (int32_t iy = startY + 1; iy <= endY; iy++, sourceIndex += aSourceStride) { - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { if (Operator == MORPHOLOGY_OPERATOR_ERODE) { u[i] = umin(u[i], aSourceData[sourceIndex + i]); } else { @@ -113,7 +113,7 @@ static void ApplyMorphologyVertical_Scalar( } int32_t destIndex = y * aDestStride + 4 * x; - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { aDestData[destIndex + i] = u[i]; } } ===================================== gfx/2d/InlineTranslator.h ===================================== @@ -92,7 +92,11 @@ class InlineTranslator : public Translator { already_AddRefed<SourceSurface> LookupExternalSurface(uint64_t aKey) override; void AddDrawTarget(ReferencePtr aRefPtr, DrawTarget* aDT) final { - mDrawTargets.InsertOrUpdate(aRefPtr, RefPtr{aDT}); + RefPtr<DrawTarget>& value = mDrawTargets.LookupOrInsert(aRefPtr); + if (mCurrentDT && mCurrentDT == value) { + mCurrentDT = nullptr; + } + value = aDT; } void AddPath(ReferencePtr aRefPtr, Path* aPath) final { ===================================== gfx/layers/ipc/CanvasTranslator.cpp ===================================== @@ -189,6 +189,10 @@ mozilla::ipc::IPCResult CanvasTranslator::RecvInitTranslator( } // Use the first buffer as our current buffer. + if (aBufferHandles.IsEmpty()) { + Deactivate(); + return IPC_FAIL(this, "No canvas buffer shared memory supplied."); + } mDefaultBufferSize = aBufferSize; auto handleIter = aBufferHandles.begin(); if (!CreateAndMapShmem(mCurrentShmem.shmem, std::move(*handleIter), @@ -365,11 +369,19 @@ void CanvasTranslator::GetDataSurface(uint64_t aSurfaceRef) { } void CanvasTranslator::RecycleBuffer() { + if (!mCurrentShmem.IsValid()) { + return; + } + mCanvasShmems.emplace(std::move(mCurrentShmem)); NextBuffer(); } void CanvasTranslator::NextBuffer() { + if (mCanvasShmems.empty()) { + return; + } + // Check and signal the writer when we finish with a buffer, because it // might have hit the buffer count limit and be waiting to use our old one. CheckAndSignalWriter(); ===================================== js/src/gc/Statistics.cpp ===================================== @@ -1518,7 +1518,7 @@ void Statistics::recordParallelPhase(PhaseKind phaseKind, TimeDuration duration) { MOZ_ASSERT(CurrentThreadCanAccessRuntime(gc->rt)); - if (aborted) { + if (slices_.empty()) { return; } ===================================== layout/printing/PrintTranslator.h ===================================== @@ -85,7 +85,11 @@ class PrintTranslator final : public Translator { } void AddDrawTarget(ReferencePtr aRefPtr, DrawTarget* aDT) final { - mDrawTargets.InsertOrUpdate(aRefPtr, RefPtr{aDT}); + RefPtr<DrawTarget>& value = mDrawTargets.LookupOrInsert(aRefPtr); + if (mCurrentDT && mCurrentDT == value) { + mCurrentDT = nullptr; + } + value = aDT; } void AddPath(ReferencePtr aRefPtr, Path* aPath) final { @@ -119,11 +123,11 @@ class PrintTranslator final : public Translator { } void RemoveDrawTarget(ReferencePtr aRefPtr) final { - ReferencePtr currentDT = mCurrentDT; - if (currentDT == aRefPtr) { + RefPtr<DrawTarget> removedDT; + if (mDrawTargets.Remove(aRefPtr, getter_AddRefs(removedDT)) && + mCurrentDT == removedDT) { mCurrentDT = nullptr; } - mDrawTargets.Remove(aRefPtr); } bool SetCurrentDrawTarget(ReferencePtr aRefPtr) final { ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java ===================================== @@ -72,7 +72,7 @@ public class IntentUtils { } if (("intent".equals(scheme) || "android-app".equals(scheme))) { - // Bug 1356893 - Rject intents with file data schemes. + // Bug 1356893 - Reject intents with file data schemes. return getSafeIntent(aUri) != null; } @@ -98,8 +98,11 @@ public class IntentUtils { } final Uri data = intent.getData(); - if (data != null && "file".equals(normalizeUriScheme(data).getScheme())) { - return null; + if (data != null) { + final String scheme = normalizeUriScheme(data).getScheme(); + if ("file".equals(scheme) || "fido".equals(scheme)) { + return null; + } } // Only open applications which can accept arbitrary data from a browser. ===================================== modules/libpref/init/StaticPrefList.yaml ===================================== @@ -1961,6 +1961,14 @@ value: false mirror: always +# If true, we'll use the triggering principal rather than the loading principal +# when doing CORS checks. This might be needed for WebExtensions to load their +# own resources from content that they inject into sites. +- name: content.cors.use_triggering_principal + type: bool + value: false + mirror: always + # Back off timer notification after count. # -1 means never. - name: content.notify.backoffcount ===================================== security/sandbox/linux/launch/SandboxLaunch.cpp ===================================== @@ -304,6 +304,8 @@ void SandboxLaunch::Configure(GeckoProcessType aType, SandboxingKind aKind, return; } + // Warning: don't combine multiple case labels, even if the code is + // currently the same, to avoid mistakes when changes are made. switch (aType) { case GeckoProcessType_Socket: if (level >= 1) { @@ -312,6 +314,12 @@ void SandboxLaunch::Configure(GeckoProcessType aType, SandboxingKind aKind, } break; case GeckoProcessType_GMPlugin: + if (level >= 1) { + canChroot = true; + flags |= CLONE_NEWIPC; + flags |= CLONE_NEWNET; + } + break; case GeckoProcessType_RDD: if (level >= 1) { canChroot = true; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/59baa9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/59baa9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.5] 2 commits: Bug 40994: Add support in signing scripts to sign release for some archs only
by Pier Angelo Vendrame (＠pierov) 15 Sep '25

15 Sep '25

Pier Angelo Vendrame pushed to branch maint-14.5 at The Tor Project / Applications / tor-browser-build Commits: e37857b6 by Nicolas Vigier at 2025-09-15T21:10:43+02:00 Bug 40994: Add support in signing scripts to sign release for some archs only - - - - - c948c60b by Nicolas Vigier at 2025-09-15T21:10:51+02:00 Bug 41280: Update download-android-*.json files for android-only releases - - - - - 6 changed files: - projects/release/update_responses_config.yml - rbm.conf - tools/signing/do-all-signing - tools/signing/functions - tools/signing/upload-update_responses-to-staticiforme - tools/update-responses/update_responses Changes: ===================================== projects/release/update_responses_config.yml ===================================== @@ -1,6 +1,9 @@ --- tmp_dir: '[% c("tmp_dir") %]' create_downloads_json: 1 +[% IF !c("var/browser_platforms/signing_desktop") -%] +create_downloads_json_only: 1 +[% END -%] appname_marfile: '[% c("var/project-name") %]' appname_bundle: '[% c("var/project-name") %]' releases_dir: [% path(c('output_dir')) %][% IF ! c("var/nightly") %]/[% IF c("var/unsigned_releases_dir") -%]un[% END %]signed[% END %] ===================================== rbm.conf ===================================== @@ -81,8 +81,6 @@ var: browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' browser_default_channel: release browser_platforms: - is_android_release: '[% c("var/tor-browser") %]' - is_desktop_release: '1' android-armv7: '[% c("var/browser_platforms/is_android_release") %]' android-x86: '[% c("var/browser_platforms/is_android_release") %]' android-x86_64: '[% c("var/browser_platforms/is_android_release") %]' @@ -93,6 +91,39 @@ var: windows-i686: '[% c("var/browser_platforms/is_desktop_release") && c("var/tor-browser") %]' windows-x86_64: '[% c("var/browser_platforms/is_desktop_release") %]' macos: '[% c("var/browser_platforms/is_desktop_release") %]' + + # is_android_release and is_desktop_release are used to quickly + # enable/disable all android or desktop platforms. If you want to + # check whether a release includes some android or desktop platforms + # see signing_android and signing_desktop below. + is_android_release: '[% c("var/tor-browser") %]' + is_desktop_release: '1' + + # signing_android is used in signing scripts to check if at least + # one android platform is being signed/published + signing_android: | + [%- + c("var/browser_platforms/android-armv7") || + c("var/browser_platforms/android-x86") || + c("var/browser_platforms/android-x86_64") || + c("var/browser_platforms/android-aarch64") + -%] + # signing_desktop is used in signing scripts to check if at least + # one desktop platform is being signed/published + signing_desktop: | + [%- + c("var/browser_platforms/linux-x86_64") || + c("var/browser_platforms/linux-i686") || + c("var/browser_platforms/linux-aarch64") || + c("var/browser_platforms/windows-i686") || + c("var/browser_platforms/windows-x86_64") || + c("var/browser_platforms/macos") + -%] + signing_windows: | + [%- + c("var/browser_platforms/windows-i686") || + c("var/browser_platforms/windows-x86_64") + -%] updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: ===================================== tools/signing/do-all-signing ===================================== @@ -19,38 +19,66 @@ if [[ $1 = "-p" ]]; then shift fi +function is_legacy { + [[ "$tbb_version" = 13.* ]] +} + +if is_legacy; then + platform_android= + platform_desktop=1 + platform_macos=1 + platform_windows=1 +else + platform_android=$(rbm_showconf_boolean var/browser_platforms/signing_android) + platform_desktop=$(rbm_showconf_boolean var/browser_platforms/signing_desktop) + platform_macos=$(rbm_showconf_boolean var/browser_platforms/macos) + platform_windows=$(rbm_showconf_boolean var/browser_platforms/signing_windows) +fi + is_project torbrowser && nssdb=torbrowser-nssdb7 is_project mullvadbrowser && nssdb=mullvadbrowser-nssdb1 if [ -f "$passwords_gpg_file" ]; then echo "Reading passwords from $passwords_gpg_file" SEKRITS=$(gpg --decrypt "$passwords_gpg_file") - RCODESIGN_PW=$(get_sekrit 'rcodesign') - NSSPASS=$(get_sekrit "$nssdb (mar signing)") - KSPASS=$(get_sekrit "android apk ($tbb_version_type)") - YUBIPASS=$(get_sekrit "windows authenticode") + [ -n "$platform_macos" ] && \ + RCODESIGN_PW=$(get_sekrit 'rcodesign') + [ -n "$platform_desktop" ] && \ + NSSPASS=$(get_sekrit "$nssdb (mar signing)") + [ -n "$platform_android" ] && \ + KSPASS=$(get_sekrit "android apk ($tbb_version_type)") + [ -n "$platform_windows" ] && \ + YUBIPASS=$(get_sekrit "windows authenticode") GPG_PASS=$(get_sekrit "gpg") else echo "Rather than entering all the password manually, you may want to provide a gpg-encrypted file either on the command line (-p <filepath>) or in set-config.passwords." fi -test -f "$steps_dir/linux-signer-rcodesign-sign.done" || [ -n "$RCODESIGN_PW" ] || +[ -z "$platform_macos" ] || \ + [ -f "$steps_dir/linux-signer-rcodesign-sign.done" ] || \ + [ -n "$RCODESIGN_PW" ] || \ read -sp "Enter rcodesign passphrase for key-1: " RCODESIGN_PW echo -test -f "$steps_dir/linux-signer-signmars.done" || [ -n "$NSSPASS" ] || +[ -z "$platform_desktop" ] || \ + [ -f "$steps_dir/linux-signer-signmars.done" ] || \ + [ -n "$NSSPASS" ] || \ read -sp "Enter $nssdb (mar signing) passphrase: " NSSPASS echo -if is_project torbrowser; then - test -f "$steps_dir/linux-signer-sign-android-apks.done" || [ -n "$KSPASS" ] || - read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS - echo -fi -test -f "$steps_dir/linux-signer-authenticode-signing.done" || [ -n "$YUBIPASS" ] || +[ -z "$platform_android" ] || \ + [ -f "$steps_dir/linux-signer-sign-android-apks.done" ] || \ + [ -n "$KSPASS" ] || \ + read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS +echo + +[ -z "$platform_windows" ] || \ + [ -f "$steps_dir/linux-signer-authenticode-signing.done" ] || \ + [ -n "$YUBIPASS" ] || \ read -sp "Enter windows authenticode passphrase: " YUBIPASS echo -test -f "$steps_dir/linux-signer-gpg-sign.done" || [ -n "$GPG_PASS" ] || + +[ -f "$steps_dir/linux-signer-gpg-sign.done" ] || [ -n "$GPG_PASS" ] || \ read -sp "Enter gpg passphrase: " GPG_PASS echo @@ -203,10 +231,6 @@ function do_step { echo "$(date -Iseconds) - Finished step: $1" } -function is_legacy { - [[ "$tbb_version" = 13.* ]] -} - export SIGNING_PROJECTNAME do_step set-time-on-signing-machine @@ -215,23 +239,34 @@ do_step sync-builder-unsigned-to-local-signed do_step clean-build-artifacts do_step sync-scripts-to-linux-signer do_step sync-before-linux-signer-rcodesign-sign -do_step linux-signer-rcodesign-sign -do_step sync-linux-signer-macos-signed-tar-to-local -do_step rcodesign-notary-submit -do_step gatekeeper-bundling -do_step dmg2mar +[ -n "$platform_macos" ] && \ + do_step linux-signer-rcodesign-sign +[ -n "$platform_macos" ] && \ + do_step sync-linux-signer-macos-signed-tar-to-local +[ -n "$platform_macos" ] && \ + do_step rcodesign-notary-submit +[ -n "$platform_macos" ] && \ + do_step gatekeeper-bundling +[ -n "$platform_macos" ] && \ + do_step dmg2mar do_step sync-scripts-to-linux-signer do_step sync-before-linux-signer-signmars -do_step linux-signer-signmars -do_step sync-after-signmars -is_project torbrowser && ! is_legacy && \ +[ -n "$platform_desktop" ] && \ + do_step linux-signer-signmars +[ -n "$platform_desktop" ] && \ + do_step sync-after-signmars +[ -n "$platform_android" ] && \ do_step linux-signer-sign-android-apks -is_project torbrowser && ! is_legacy && \ +[ -n "$platform_android" ] && \ do_step sync-after-sign-android-apks -do_step linux-signer-authenticode-signing -do_step sync-after-authenticode-signing -do_step authenticode-timestamping -do_step sync-after-authenticode-timestamping +[ -n "$platform_windows" ] && \ + do_step linux-signer-authenticode-signing +[ -n "$platform_windows" ] && \ + do_step sync-after-authenticode-signing +[ -n "$platform_windows" ] && \ + do_step authenticode-timestamping +[ -n "$platform_windows" ] && \ + do_step sync-after-authenticode-timestamping do_step hash_signed_bundles do_step sync-after-hash do_step linux-signer-gpg-sign @@ -240,6 +275,6 @@ do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo do_step sync-local-to-staticiforme do_step sync-scripts-to-staticiforme do_step staticiforme-prepare-cdn-dist-upload -! is_legacy && +! is_legacy && \ do_step upload-update_responses-to-staticiforme do_step finished-signing-clean-linux-signer ===================================== tools/signing/functions ===================================== @@ -69,5 +69,17 @@ function display_name { echo "${SIGNING_PROJECTNAMES[3]}" } +function rbm_showconf { + "$rbm" showconf release "$1" --target "$SIGNING_PROJECTNAME" \ + --target "$tbb_version_type" +} + +function rbm_showconf_boolean { + local res=$(rbm_showconf "$1") + if [ -z "$res" ] || [ "a$res" = "a0" ]; then + return + fi + echo '1' +} . "$script_dir/set-config" ===================================== tools/signing/upload-update_responses-to-staticiforme ===================================== @@ -56,7 +56,8 @@ do git commit -m "$tbb_version_type: new version, $tbb_version ($file)" done -if is_project torbrowser; then +platform_android=$(rbm_showconf_boolean var/browser_platforms/signing_android) +if [ -n "$platform_android" ]; then git add "$tbb_version_type"/download-android-*.json git diff --quiet --cached --exit-code || \ git commit -m "$tbb_version_type: new version, $tbb_version (android)" ===================================== tools/update-responses/update_responses ===================================== @@ -467,14 +467,16 @@ sub write_downloads_json { my $versions = as_array($config->{channels}{$channel}); my ($version) = @$versions; my $tag = get_config($config, $version, 'any', 'tag'); - my $data = { - version => "$version", - tag => "$tag", - downloads => get_version_downloads($config, $version), - comment => 'This file is deprecated and should not be used. Please use the files download-$platform.json instead.', - }; - write_htdocs($channel, '.', 'downloads.json', - JSON->new->utf8->canonical->pretty->encode($data)); + if (!$config->{create_downloads_json_only}) { + my $data = { + version => "$version", + tag => "$tag", + downloads => get_version_downloads($config, $version), + comment => 'This file is deprecated and should not be used. Please use the files download-$platform.json instead.', + }; + write_htdocs($channel, '.', 'downloads.json', + JSON->new->utf8->canonical->pretty->encode($data)); + } my $pp_downloads = get_perplatform_downloads($config, $version, $tag); foreach my $os (keys %{$pp_downloads}) { write_htdocs($channel, '.', "download-$os.json", @@ -637,8 +639,10 @@ my %actions = ( exit_error "Wrong arguments" unless @ARGV == 1; my $channel = $ARGV[0]; exit_error "Unknown channel $channel" unless $config->{channels}{$channel}; - write_responses($config, $channel); - write_htaccess($config, $channel); + if (!$config->{create_downloads_json_only}) { + write_responses($config, $channel); + write_htaccess($config, $channel); + } write_downloads_json($config, $channel); }, gen_incrementals => sub { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new branch tor-browser-143.0a1-16.0-2
by Pier Angelo Vendrame (＠pierov) 15 Sep '25

15 Sep '25

Pier Angelo Vendrame pushed new branch tor-browser-143.0a1-16.0-2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-143.0a1-16.0-1] 112 commits: fixup! BB 32308: Use direct browser sizing for letterboxing.
by brizental (＠brizental) 15 Sep '25

15 Sep '25

brizental pushed to branch tor-browser-143.0a1-16.0-1 at The Tor Project / Applications / Tor Browser Commits: 76dc3e85 by hackademix at 2025-09-11T17:15:38+02:00 fixup! BB 32308: Use direct browser sizing for letterboxing. BB 44041: Make dialog overlays cover the correct area without fixed positioning. - - - - - 3db61ca7 by Pier Angelo Vendrame at 2025-09-11T17:15:42+02:00 fixup! TB 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection TB 44095: Rename connectionPane.xhtml to .inc.xhtml. Let's improve consistency. Also, we need to explicitly enable formatting on this, since .inc.xhtml files are excluded by default. - - - - - 46d99dba by Beatriz Rizental at 2025-09-11T17:15:43+02:00 fixup! TB 42669: [android] Use custom no-op app-services - - - - - 99b09df3 by Pier Angelo Vendrame at 2025-09-11T17:15:43+02:00 fixup! [android] Modify build system TB 43826: Drop an unneeded version customization. When the patch was originally created (android-components@abf37979a74f34730dd8e8323d8a9aad184884c3), it replaced a Date additions that prevented reproducible builds. However, Mozilla themselves removed that Date in Bug 1824818, so we do not need this part of the patch anymore. - - - - - a2fea91c by Henry Wilkes at 2025-09-11T17:15:44+02:00 fixup! Firefox preference overrides. TB 44045: Disable ML features. - - - - - a0fe7212 by Henry Wilkes at 2025-09-15T14:42:58+02:00 BB 44045: Disable ML features. - - - - - 5ff54c03 by Henry Wilkes at 2025-09-15T14:43:01+02:00 fixup! BB 42027: Base Browser migration procedures. TB 44045: Clear the user values for the now locked ML preferences. - - - - - dcb27483 by Henry Wilkes at 2025-09-15T14:43:02+02:00 fixup! fixup! BB 42027: Base Browser migration procedures. TB 44045: Move changes to the correct target. - - - - - 027617b0 by Henry Wilkes at 2025-09-15T14:43:02+02:00 fixup! BB 44045: Disable ML features. TB 44045: Moved changes to the correct target. - - - - - 9bdb86a8 by Pier Angelo Vendrame at 2025-09-15T14:43:03+02:00 BB 44103: Remove ref-names from attr's .git_archival.txt. The currently vendored copy of python-attrs's .git_archival.txt includes a ref-names field which might make source tarballs not reproducible. Upstream fixed this in da2333cd37747d692d5c78b0c94bd400ff883a9a, therefore we apply the same change until Mozilla vendors an updated copy of python-attrs. See also https://bugzilla.mozilla.org/show_bug.cgi?id=1980103. - - - - - ae1c5208 by Pier Angelo Vendrame at 2025-09-15T14:43:04+02:00 fixup! [android] Modify build system TB 43799: Check we passed the objdir to tba-sign-devbuilds.sh. When we initially created tba-sign-devbuilds.sh, it was easy to find the APKs. However, after Bug 1951190, they are inside the obj-* directory, which can be customized in mozconfig. So, the easiest way to deal with this, was to ask the caller to provide that obj directory. Not passing it will very likely make the script fail, so with this commit we added a check to output a more meaningful error message. - - - - - 6de05e31 by Morgan at 2025-09-15T14:43:05+02:00 fixup! BB 43615: Add Gitlab Issue and Merge Request templates update branch creation section now that we have tags from the firefox repo - - - - - b8844888 by Morgan at 2025-09-15T14:43:05+02:00 fixup! TB 43616: Customize Gitlab Issue and Merge Request templates update the triage issue to be a general review issue; include release notes in review - - - - - 91a94608 by Morgan at 2025-09-15T14:43:06+02:00 fixup! BB 43615: Add Gitlab Issue and Merge Request templates Update priority labels - - - - - fae2f8fe by Morgan at 2025-09-15T14:43:07+02:00 fixup! TB 43616: Customize Gitlab Issue and Merge Request templates Update priority labels - - - - - 1b026094 by Morgan at 2025-09-15T14:43:07+02:00 fixup! TB 43616: Customize Gitlab Issue and Merge Request templates add Tor Browser 16.0 milestone to the firefox review - - - - - a1f602f3 by Morgan at 2025-09-15T14:43:08+02:00 fixup! TB 43616: Customize Gitlab Issue and Merge Request templates - - - - - d5360c04 by Henry Wilkes at 2025-09-15T14:43:09+02:00 BB 44040: Modify prompt service for Base Browser. - - - - - 672e823f by Henry Wilkes at 2025-09-15T14:43:10+02:00 fixup! BB 40925: Implemented the Security Level component TB 44030: Show a warning before restarting the browser when applying a new security level. Also adapt the existing warning to use a destructive button and the button "Restart Tor Browser" rather than just "Restart". - - - - - cf126801 by Henry Wilkes at 2025-09-15T14:43:10+02:00 fixup! Base Browser strings TB 44030: Add strings for the new security level warning dialog. - - - - - c7c44e87 by clairehurst at 2025-09-15T14:43:11+02:00 fixup! [android] Rename as Tor Browser tor-browser#43179 Make persistent 'private tabs' notification distinct from Firefox's - - - - - da725a55 by clairehurst at 2025-09-15T14:43:11+02:00 fixup! [android] TBA strings tor-browser#43179 Make persistent 'private tabs' notification distinct from Firefox's - - - - - 8fd6ae83 by Pier Angelo Vendrame at 2025-09-15T14:43:12+02:00 fixup! Firefox preference overrides. BB 41131: Make sure background tasks are not used for shutdown cleanup. privacy.sanitize.sanitizeOnShutdown (disabled by default) might try to use background tasks, without checking whether they are actually available (they are not for us, as we disable them at build time). - - - - - 961f6ae3 by Morgan at 2025-09-15T14:43:13+02:00 fixup! TB 42308: Create README for tor-browser. Links in the README pointed to a 404 page with no indication of the new location of these pages. Update both links. Fixes: tpo/applications/tor-browser#44061 - - - - - 003ffc9f by Henry Wilkes at 2025-09-15T14:43:13+02:00 BB 43902: Modify the new sidebar for Base Browser. - - - - - 6979b588 by Pier Angelo Vendrame at 2025-09-15T14:43:14+02:00 fixup! TB 42891: Set the bundled search engine for Tor Browser. TB 43728: Update search engine icon sizes. The .ico we're using for DDG and Wikipedia already contains the 32px variant, so update the size. Firefox should already do the best choice between the two available sizes. For Startpage, update the favicon, and ship both the 16px and the 32px icons. - - - - - bb29f83d by Henry Wilkes at 2025-09-15T14:43:15+02:00 fixup! BB 18905: Hide unwanted items from help menu TB 43903: Hide "Report broken site" items. - - - - - 6f4df01b by Beatriz Rizental at 2025-09-15T14:43:16+02:00 fixup! Firefox preference overrides. - - - - - d4980d8f by Beatriz Rizental at 2025-09-15T14:43:17+02:00 fixup! Firefox preference overrides. - - - - - d0961439 by Henry Wilkes at 2025-09-15T14:43:17+02:00 fixup! BB 40926: Implemented the New Identity feature TB 44034: Update new identity checkbox string. TB 44040: Use the prompt API for new identity. - - - - - 6c6cc32d by Henry Wilkes at 2025-09-15T14:43:18+02:00 fixup! Base Browser strings TB 44034: Update new identity checkbox string. - - - - - 94871a0f by Pier Angelo Vendrame at 2025-09-15T14:43:19+02:00 fixup! BB 31740: Remove some unnecessary RemoteSettings instances BB 43795: Restore the URL classifier XPCOM components. We are not really interested in removing them. We're interested in them not calling Mozilla. However, we have a central patch for RemoteSettings, so we do not need to patch the single user. Or, if we did, at least we should patch UrlClassifierExceptionListService where it creates its RemoteSettings instance. - - - - - 10bb1e48 by Pier Angelo Vendrame at 2025-09-15T14:43:20+02:00 fixup! BB 31740: Remove some unnecessary RemoteSettings instances BB 43795: Restore the URL classifier XPCOM components. Remove this page as part of another commit. This comit should go away automatically at the next rebase. - - - - - 911a67f0 by Pier Angelo Vendrame at 2025-09-15T14:43:20+02:00 fixup! BB 42716: Disable unwanted about: pages BB 43795: Restore the URL classifier XPCOM components. Move the commit where we disable about:urlclassifier. - - - - - 5c3ef851 by Pier Angelo Vendrame at 2025-09-15T14:43:21+02:00 fixup! BB 42730: Patch RemoteSettings to use only local dumps as a data source Make explicit that blanking REMOTE_SETTINGS_SERVER_URL is our change. - - - - - b1b4ca66 by Henry Wilkes at 2025-09-15T14:43:22+02:00 fixup! TB 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection TB 43727: Drop the moz-toggle label-align-after attribute. - - - - - 379fcfac by Henry Wilkes at 2025-09-15T14:43:22+02:00 fixup! TB 27476: Implement about:torconnect captive portal within Tor Browser TB 43727: Drop the moz-toggle label-align-after attribute. - - - - - bda54915 by Henry Wilkes at 2025-09-15T14:43:23+02:00 fixup! TB 7494: Create local home page for TBB. TB 43727: Align "Onionize" label before the toggle. - - - - - a713987d by Henry Wilkes at 2025-09-15T14:43:24+02:00 fixup! Customize moz-toggle for tor-browser. TB 43727: Drop the moz-toggle label-align-after attribute. Upstream now does this by default. Instead we add the label-align-before attribute for the exception in about:tor. - - - - - e6f0a015 by Henry Wilkes at 2025-09-15T14:43:25+02:00 fixup! [android] TBA strings TB 43179: Fixup the string comments for translators. - - - - - 245d42ed by Henry Wilkes at 2025-09-15T14:43:25+02:00 fixup! TB 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection TB 44115: Make the remove all bridges dialog button destructive. - - - - - d40cb8b8 by Beatriz Rizental at 2025-09-15T14:43:26+02:00 fixup! BB 40926: Implemented the New Identity feature - - - - - e9708ad2 by Beatriz Rizental at 2025-09-15T14:43:27+02:00 fixup! TB 8324: Prevent DNS proxy bypasses caused by Drag&Drop - - - - - 8bad796b by Beatriz Rizental at 2025-09-15T14:43:27+02:00 fixup! TB 27476: Implement about:torconnect captive portal within Tor Browser - - - - - 2ad67138 by Beatriz Rizental at 2025-09-15T14:43:28+02:00 fixup! TB 7494: Create local home page for TBB. - - - - - 4d0f7f2c by Beatriz Rizental at 2025-09-15T14:43:29+02:00 fixup! TB 23247: Communicating security expectations for .onion - - - - - 4a7e57f0 by Beatriz Rizental at 2025-09-15T14:43:30+02:00 fixup! TB 21952: Implement Onion-Location - - - - - 55237d7e by Beatriz Rizental at 2025-09-15T14:43:31+02:00 fixup! TB 40458: Implement .tor.onion aliases - - - - - 36c9932d by Beatriz Rizental at 2025-09-15T14:43:31+02:00 BB 43564: Modify ./mach bootstrap for Base Browser - - - - - 53b43f4d by Beatriz Rizental at 2025-09-15T14:43:32+02:00 fixup! BB 43564: Modify ./mach bootstrap for Base Browser EXTRA: Stop asking to configure git during bootstrap. - - - - - 220ee9a0 by Beatriz Rizental at 2025-09-15T14:43:33+02:00 TB 43564: Modify ./mach bootstrap for Tor Browser - - - - - a3482071 by Beatriz Rizental at 2025-09-15T14:43:33+02:00 fixup! BB 43564: Modify ./mach bootstrap for Base Browser - - - - - c1eaebc6 by Beatriz Rizental at 2025-09-15T14:43:34+02:00 fixup! TB 43564: Modify ./mach bootstrap for Tor Browser - - - - - e4f5c478 by Henry Wilkes at 2025-09-15T14:43:35+02:00 fixup! BB 42037: Disable about:firefoxview page TB 43726: Drop comments about resolved bugzilla issues. - - - - - 24f20273 by Beatriz Rizental at 2025-09-15T14:43:36+02:00 Bug 41197 - [android] Disable autofill Firefox is an Autofill service. From the Android docs: > An autofill service is an app that makes it easier for users to fil > out forms by injecting data into the views of other apps. Autofill > services can also retrieve user data from the views in an app and > store it for use at a later time. Autofill services are usually > provided by apps that manage user data, such as password managers. Tor Browser is not an autofill service. All of the autofill backend is disabled at build time, since it lives in application-services. This commit disabled the client side of autofill. - - - - - 83a221c1 by hackademix at 2025-09-15T14:43:36+02:00 TB 44127: Do not show macOS Privacy hint on network error pages - - - - - d2bcee82 by Henry Wilkes at 2025-09-15T14:43:37+02:00 fixup! BB 33852: Clean up about:logins (LockWise) to avoid mentioning sync, etc. TB 44128: Fix about:logins to be able to hard disable the "new-login-button". - - - - - 0c3e4bca by Henry Wilkes at 2025-09-15T14:43:38+02:00 TB 43901: Modify about:license for Tor Browser. We also drop about:rights. - - - - - 66041d25 by clairehurst at 2025-09-15T14:43:39+02:00 fixup! [android] Implement Android-native Connection Assist UI Bug_43699: Properly clear dummy about pages - - - - - 137a6cbd by clairehurst at 2025-09-15T14:43:39+02:00 fixup! [android] Implement Android-native Connection Assist UI Bug_44081: Swiping away the "private tabs" notification requires rebootstrapping. - - - - - f2828b8a by Morgan at 2025-09-15T14:43:40+02:00 fixup! TB 43616: Customize Gitlab Issue and Merge Request templates add Apps::Impact::High label to release prep issues - - - - - 72c31d86 by Morgan at 2025-09-15T14:43:41+02:00 fixup! BB 43615: Add Gitlab Issue and Merge Request templates add Apps::Impact::High label to release prep issues - - - - - 3480fc00 by Pier Angelo Vendrame at 2025-09-15T14:43:42+02:00 fixup! TB 40009: [android] Change the default search engines TB 44139: Restore inactive search plugins (Android). We remove some plugins, but they do not have any effect. So, restore them and stop deleting in future branches. - - - - - 141bfcb5 by hackademix at 2025-09-15T14:43:42+02:00 BB 44125: Do not offer to save signatures by default in Private Browsing Mode - - - - - 7fbf7c0d by Morgan at 2025-09-15T14:43:43+02:00 fixup! TB 43616: Customize Gitlab Issue and Merge Request templates Bug 43534: Update rebase template - - - - - 6835e895 by Morgan at 2025-09-15T14:43:44+02:00 fixup! BB 43615: Add Gitlab Issue and Merge Request templates Bug 43534: Update rebase templates - - - - - 6e34e3bf by clairehurst at 2025-09-15T14:44:26+02:00 TB 44098: [android] Disable sync tor-browser#44098 Bookmarks offer a way to go to sync in 15.0a1 - - - - - 0ce4b269 by Beatriz Rizental at 2025-09-15T14:44:41+02:00 fixup! BB 41803: Add some developer tools for working on tor-browser. - - - - - c7577bdb by Beatriz Rizental at 2025-09-15T14:44:42+02:00 fixup! Add CI for Base Browser - - - - - 015d8c18 by Beatriz Rizental at 2025-09-15T14:44:43+02:00 fixup! [android] Disable features and functionality - - - - - 43e324a9 by Pier Angelo Vendrame at 2025-09-15T14:44:43+02:00 fixup! TB 42891: Set the bundled search engine for Tor Browser. TB 43525: Move search engine customization to SearchEngineSelector. - - - - - a251f52d by clairehurst at 2025-09-15T14:44:44+02:00 fixup! TB 40041 [android]: Implement Tor Network Settings Better fix for #44036 Crash on opening "Search Settings" on android - - - - - 0fc77620 by hackademix at 2025-09-15T14:44:45+02:00 Revert "BB 42220: Allow for more file types to be forced-inline." This reverts commit 90dbc9451a30f7d68384e26fe38517534bf7e302. - - - - - ff49b2e5 by Pier Angelo Vendrame at 2025-09-15T14:44:46+02:00 BB 42220: Allow for more file types to be forced-inline. Firefox allows to open some files in the browser without any confirmation, but this will result in a disk leak, because the file will be downloaded to the temporary directory first (and not deleted, in some cases). A preference allows PDFs to be opened without being downloaded to disk. So, we introduce a similar one to do the same for all the files that are set to be opened automatically in the browser, except svg and html files to prevent XSS hazards (see BB 43211). - - - - - 17fca9da by Henry Wilkes at 2025-09-15T14:44:47+02:00 fixup! TB 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection TB 42025: Use new purple colours. - - - - - 561587bc by Henry Wilkes at 2025-09-15T14:44:47+02:00 fixup! TB 27476: Implement about:torconnect captive portal within Tor Browser TB 42025: Use new purple colours. - - - - - 4a7c3cf2 by Henry Wilkes at 2025-09-15T14:44:48+02:00 fixup! TB 41817: tor-browser semantic colors. TB 42025: Use new purple colours. - - - - - 6514591d by Henry Wilkes at 2025-09-15T14:44:49+02:00 fixup! TB 31286: Implementation of bridge, proxy, and firewall settings in about:preferences#connection TB 44145: Use --icon-color and --icon-color-critical for the connection status icons. - - - - - de70c07b by Henry Wilkes at 2025-09-15T14:44:50+02:00 fixup! TB 27476: Implement about:torconnect captive portal within Tor Browser TB 44145: Use --icon-color and --icon-color-critical for the connection status icons. - - - - - e7928311 by Beatriz Rizental at 2025-09-15T14:44:50+02:00 fixup! TB 41089: Add tor-browser build scripts + Makefile to tor-browser - - - - - 75d9b724 by Henry Wilkes at 2025-09-15T14:44:51+02:00 fixup! TB 2176: Rebrand Firefox to TorBrowser TB 44142: Add missing document_pdf.svg file. - - - - - 36808e1e by Beatriz Rizental at 2025-09-15T14:44:52+02:00 fixup! BB 43564: Modify ./mach bootstrap for Base Browser - - - - - a8c9a1e7 by Beatriz Rizental at 2025-09-15T14:44:53+02:00 fixup! BB 43564: Modify ./mach bootstrap for Tor Browser - - - - - 3acdb6b6 by Beatriz Rizental at 2025-09-15T14:44:53+02:00 fixup! Add CI for Base Browser Run all of our python tests everytime. This is a quick workaround for tests to pass, before I address it properly in tor-browser#44149 - - - - - 00ce04b7 by Pier Angelo Vendrame at 2025-09-15T14:44:54+02:00 BB 43664: Automatically check the PBM checkbox when in always-on PBM. - - - - - cc2abca5 by Pier Angelo Vendrame at 2025-09-15T14:44:55+02:00 dropme! TB 42891: Set the bundled search engine for Tor Browser. BB 43525: Skip Remote Settings for search engine customization. Undo some changes to this commit, as they need to be moved to Base Browser. - - - - - 6429bce9 by Pier Angelo Vendrame at 2025-09-15T14:44:56+02:00 BB 43525: Skip Remote Settings for search engine customization. Also, add some bundled search engines. - - - - - ef60f36d by Pier Angelo Vendrame at 2025-09-15T14:44:57+02:00 amend! TB 42891: Set the bundled search engine for Tor Browser. TB 42891: Set the bundled search engine for Tor Browser. - - - - - 1b75019b by Pier Angelo Vendrame at 2025-09-15T14:44:57+02:00 fixup! BB 42019: Empty browser's clipboard on browser shutdown BB 43770: Follow upstream's BrowserGlue simplifications. ClipboardPrivacy to its own file and initialize it from the manifest, rather than from BrowserGlue. - - - - - e7311f56 by Pier Angelo Vendrame at 2025-09-15T14:44:58+02:00 fixup! BB 40925: Implemented the Security Level component BB 43770: Follow upstream's BrowserGlue simplifications. Initialize the security level notification from the manifest. Also, since it was the only occurrence of the file path, move it to the moz-src:// scheme. - - - - - 2dbbb2db by Pier Angelo Vendrame at 2025-09-15T14:44:59+02:00 fixup! TB 40933: Add tor-launcher functionality BB 43770: Follow upstream's BrowserGlue simplifications. Moved the call to firstWindowLoaded to the manifest. - - - - - 368b4574 by Pier Angelo Vendrame at 2025-09-15T14:45:00+02:00 fixup! TB 8324: Prevent DNS proxy bypasses caused by Drag&Drop BB 43770: Follow upstream's BrowserGlue simplifications. - - - - - 6618d25b by Pier Angelo Vendrame at 2025-09-15T14:45:00+02:00 fixup! TB 43405: Show a prompt whenever we fail to apply Tor settings. BB 43770: Follow upstream's BrowserGlue simplifications. - - - - - 7df5e9d3 by Pier Angelo Vendrame at 2025-09-15T14:45:01+02:00 fixup! TB 40458: Implement .tor.onion aliases Use proper private method and members. - - - - - 1b660b30 by Pier Angelo Vendrame at 2025-09-15T14:45:02+02:00 fixup! TB 40458: Implement .tor.onion aliases BB 43770: Follow upstream's BrowserGlue simplifications. - - - - - f3bf4d85 by Pier Angelo Vendrame at 2025-09-15T14:45:03+02:00 fixup! BB 42027: Base Browser migration procedures. BB 43770: Follow upstream's BrowserGlue simplifications. - - - - - ceefe01e by Pier Angelo Vendrame at 2025-09-15T14:45:03+02:00 fixup! TB 41435: Add a Tor Browser migration function BB 43770: Follow upstream's BrowserGlue simplifications. - - - - - a1d92761 by Pier Angelo Vendrame at 2025-09-15T14:45:04+02:00 fixup! Firefox preference overrides. BB 43950: Disable HEVC. HEVC support can be used for fingerprinting, as it's hardware-dependent on some systems, or depends on distribution support/installed packages for Linux. - - - - - ccd92d49 by Pier Angelo Vendrame at 2025-09-15T14:45:05+02:00 fixup! TB 43006: Disable RFP for Font Visibility on Android TB 43943: Refactor fontvis exclusion on Android. Rather than updating Document, we can use nsRFPService::HandleExeptionalRFPTargets. - - - - - 4182b2ad by Beatriz Rizental at 2025-09-15T14:45:06+02:00 fixup! BB 43564: Modify ./mach bootstrap for Base Browser - - - - - 5cd8191e by Pier Angelo Vendrame at 2025-09-15T14:45:06+02:00 fixup! Firefox preference overrides. BB 43959: Switch to Noto Color Emoji on Linux and Windows. It has better compatibility than Twemoji Mozilla and upstream also did it in Bug 1939359 (for Linux). We don't use Segoe UI Emoji on Windows, so we enable Noto Color Emoji also on Windows. - - - - - 5741cb8d by Henry Wilkes at 2025-09-15T14:45:07+02:00 fixup! TB 41435: Add a Tor Browser migration function TB 44180: Clear YEC 2024 preference. - - - - - 652ca97f by Henry Wilkes at 2025-09-15T14:45:08+02:00 fixup! BB 40925: Implemented the Security Level component TB 43966: Add a warning notification for users when they enter the custom security level state. - - - - - f219b67c by Beatriz Rizental at 2025-09-15T14:45:09+02:00 fixup! BB 41803: Add some developer tools for working on tor-browser. This reverts commit 36c2b42c9b849182fa60f648639b4ab11b53f537. - - - - - c872feed by Beatriz Rizental at 2025-09-15T14:45:10+02:00 fixup! BB 41803: Add some developer tools for working on tor-browser. - - - - - 4dcdccc2 by Beatriz Rizental at 2025-09-15T14:45:10+02:00 fixup! BB 42305: Add script to combine translation files across versions. - - - - - 20e1adb8 by Beatriz Rizental at 2025-09-15T14:45:11+02:00 fixup! BB 44045: Disable ML features. Remove usage of deleted GenAI module. - - - - - a69cb5a9 by Beatriz Rizental at 2025-09-15T14:45:12+02:00 fixup! BB 42037: Disable about:firefoxview page Fix lints. - - - - - 5f7dcd17 by Beatriz Rizental at 2025-09-15T14:45:13+02:00 fixup! TB 27476: Implement about:torconnect captive portal within Tor Browser Fix lints. - - - - - 4def3610 by Beatriz Rizental at 2025-09-15T14:45:13+02:00 fixup! BB 42220: Allow for more file types to be forced-inline. Fix lints. - - - - - d34fcd1d by Beatriz Rizental at 2025-09-15T14:56:57+02:00 fixup! BB 43525: Skip Remote Settings for search engine customization. - - - - - 9d920310 by Beatriz Rizental at 2025-09-15T14:57:00+02:00 fixup! TB 43901: Modify about:license for Tor Browser. - - - - - 201 changed files: - .gitlab-ci.yml - .gitlab/ci/jobs/lint/helpers.py → .gitlab/ci/jobs/helpers.py - .gitlab/ci/jobs/lint/lint.yml - + .gitlab/ci/jobs/test/python-test.yml - .gitlab/ci/jobs/update-translations.yml - .gitlab/issue_templates/060 Rebase - Alpha.md - .gitlab/issue_templates/061 Rebase - Stable.md - .gitlab/issue_templates/062 Rebase - Legacy.md - .gitlab/issue_templates/063 Rebase - Rapid.md - .gitlab/issue_templates/080 Security Backports.md - .gitlab/issue_templates/090 Emergency Security Issue.md - .gitlab/issue_templates/100 Release QA - Desktop.md - .gitlab/issue_templates/101 Release QA - Android.md - .gitlab/issue_templates/110 Bugzilla Triage.md → .gitlab/issue_templates/110 Firefox Release Review.md - .gitlab/issue_templates/120 Bugzilla Audit.md - .gitlab/issue_templates/Default.md - .prettierignore - README.md - browser/app/profile/001-base-profile.js - browser/base/content/browser-addons.js - browser/base/content/browser-init.js - browser/base/content/nsContextMenu.sys.mjs - browser/base/content/pageinfo/security.js - browser/base/moz.build - + browser/branding/tb-alpha/content/document_pdf.svg - browser/branding/tb-alpha/content/jar.mn - + browser/branding/tb-nightly/content/document_pdf.svg - browser/branding/tb-nightly/content/jar.mn - + browser/branding/tb-release/content/document_pdf.svg - browser/branding/tb-release/content/jar.mn - browser/components/BrowserComponents.manifest - browser/components/BrowserGlue.sys.mjs - browser/components/DesktopActorRegistry.sys.mjs - browser/components/ProfileDataUpgrader.sys.mjs - browser/components/about/AboutRedirector.cpp - browser/components/about/components.conf - browser/components/aboutlogins/content/aboutLogins.mjs - browser/components/aboutlogins/content/components/login-command-button.mjs - browser/components/aboutlogins/content/components/login-list.mjs - browser/components/abouttor/content/aboutTor.html - browser/components/abouttor/content/aboutTor.js - browser/components/moz.build - − browser/components/newidentity/content/newIdentityDialog.css - − browser/components/newidentity/content/newIdentityDialog.js - − browser/components/newidentity/content/newIdentityDialog.xhtml - browser/components/newidentity/content/newidentity.js - browser/components/newidentity/jar.mn - browser/components/onionservices/OnionAliasStore.sys.mjs - browser/components/onionservices/OnionLocationChild.sys.mjs - browser/components/onionservices/TorRequestWatch.sys.mjs - browser/components/onionservices/moz.build - browser/components/preferences/main.js - browser/components/preferences/preferences.xhtml - browser/components/reportbrokensite/ReportBrokenSite.sys.mjs - browser/components/rulesets/RulesetsParent.sys.mjs - browser/components/rulesets/content/aboutRulesets.js - browser/components/securitylevel/content/securityLevelDialog.js - browser/components/sidebar/browser-sidebar.js - browser/components/sidebar/sidebar-main.mjs - browser/components/tabbrowser/content/tabbrowser.js - browser/components/tabbrowser/content/tabgroup-menu.js - browser/components/tabbrowser/moz.build - browser/components/torpreferences/content/connectionPane.xhtml → browser/components/torpreferences/content/connectionPane.inc.xhtml - browser/components/torpreferences/content/connectionPane.js - browser/components/torpreferences/content/torPreferences.css - browser/components/torpreferences/jar.mn - browser/components/translations/content/selectTranslationsPanel.js - browser/components/urlbar/QuickSuggest.sys.mjs - browser/components/urlbar/UrlbarProvidersManager.sys.mjs - browser/components/urlbar/moz.build - + browser/modules/ClipboardPrivacy.sys.mjs - browser/modules/SecurityLevelRestartNotification.sys.mjs → browser/modules/SecurityLevelNotification.sys.mjs - browser/modules/moz.build - browser/themes/shared/tabbrowser/content-area.css - browser/themes/shared/tabbrowser/tabs.css - + build/moz.configure/basebrowser-resources.configure - build/moz.configure/bootstrap.configure - build/moz.configure/init.configure - + build/moz.configure/torbrowser-resources.configure - docshell/base/nsAboutRedirector.cpp - docshell/build/components.conf - dom/base/ContentAreaDropListener.sys.mjs - dom/base/Document.cpp - mobile/android/android-components/components/feature/autofill/src/main/java/mozilla/components/feature/autofill/AutofillUseCases.kt - mobile/android/android-components/components/support/base/src/main/java/mozilla/components/support/base/android/NotificationsDelegate.kt - mobile/android/autopublish-settings.gradle - + mobile/android/fenix/app/src/beta/res/drawable-anydpi-v24/ic_tor_browser_close_tabs_notification.xml - + mobile/android/fenix/app/src/beta/res/drawable-hdpi/ic_tor_browser_close_tabs_notification.png - + mobile/android/fenix/app/src/beta/res/drawable-mdpi/ic_tor_browser_close_tabs_notification.png - + mobile/android/fenix/app/src/beta/res/drawable-xhdpi/ic_tor_browser_close_tabs_notification.png - + mobile/android/fenix/app/src/beta/res/drawable-xxhdpi/ic_tor_browser_close_tabs_notification.png - mobile/android/fenix/app/src/beta/res/values/colors.xml - + mobile/android/fenix/app/src/debug/res/drawable-anydpi-v24/ic_tor_browser_close_tabs_notification.xml - + mobile/android/fenix/app/src/debug/res/drawable-hdpi/ic_tor_browser_close_tabs_notification.png - + mobile/android/fenix/app/src/debug/res/drawable-mdpi/ic_tor_browser_close_tabs_notification.png - + mobile/android/fenix/app/src/debug/res/drawable-xhdpi/ic_tor_browser_close_tabs_notification.png - + mobile/android/fenix/app/src/debug/res/drawable-xxhdpi/ic_tor_browser_close_tabs_notification.png - mobile/android/fenix/app/src/debug/res/values/colors.xml - mobile/android/fenix/app/src/main/AndroidManifest.xml - + mobile/android/fenix/app/src/main/assets/searchplugins/reddit.xml - + mobile/android/fenix/app/src/main/assets/searchplugins/youtube.xml - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/bookmarks/BookmarksAction.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/bookmarks/BookmarksMiddleware.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/bookmarks/BookmarksReducer.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/bookmarks/BookmarksScreen.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/bookmarks/BookmarksTelemetryMiddleware.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/session/PrivateNotificationService.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/settings/SettingsFragment.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/tor/TorConnectionAssistViewModel.kt - mobile/android/fenix/app/src/main/res/values/torbrowser_strings.xml - + mobile/android/fenix/app/src/nightly/res/drawable-anydpi-v24/ic_tor_browser_close_tabs_notification.xml - + mobile/android/fenix/app/src/nightly/res/drawable-hdpi/ic_tor_browser_close_tabs_notification.png - + mobile/android/fenix/app/src/nightly/res/drawable-mdpi/ic_tor_browser_close_tabs_notification.png - + mobile/android/fenix/app/src/nightly/res/drawable-xhdpi/ic_tor_browser_close_tabs_notification.png - + mobile/android/fenix/app/src/nightly/res/drawable-xxhdpi/ic_tor_browser_close_tabs_notification.png - mobile/android/fenix/app/src/nightly/res/values/colors.xml - + mobile/android/fenix/app/src/release/res/drawable-anydpi-v24/ic_tor_browser_close_tabs_notification.xml - + mobile/android/fenix/app/src/release/res/drawable-hdpi/ic_tor_browser_close_tabs_notification.png - + mobile/android/fenix/app/src/release/res/drawable-mdpi/ic_tor_browser_close_tabs_notification.png - + mobile/android/fenix/app/src/release/res/drawable-xhdpi/ic_tor_browser_close_tabs_notification.png - + mobile/android/fenix/app/src/release/res/drawable-xxhdpi/ic_tor_browser_close_tabs_notification.png - mobile/android/fenix/app/src/release/res/values/colors.xml - mobile/android/fenix/tools/tba-sign-devbuilds.sh - mobile/android/shared-settings.gradle - moz.configure - netwerk/base/nsIPrompt.idl - netwerk/url-classifier/UrlClassifierFeatureBase.cpp - netwerk/url-classifier/components.conf - python/mozboot/mozboot/bootstrap.py - python/mozbuild/mozbuild/action/tooltool.py - python/mozbuild/mozbuild/artifact_commands.py - python/mozbuild/mozbuild/backend/base.py - + python/mozbuild/mozbuild/tbbutils.py - python/mozbuild/mozbuild/test/python.toml - + python/mozbuild/mozbuild/test/test_tbbutils.py - testing/web-platform/tests/tools/third_party/attrs/.git_archival.txt - toolkit/actors/NetErrorChild.sys.mjs - toolkit/components/extensions/ext-toolkit.json - toolkit/components/extensions/parent/ext-trial-ml.js - toolkit/components/moz.build - toolkit/components/pdfjs/content/PdfjsParent.sys.mjs - toolkit/components/pdfjs/content/web/viewer.mjs - toolkit/components/places/PlacesUtils.sys.mjs - toolkit/components/places/moz.build - toolkit/components/prompts/content/commonDialog.js - toolkit/components/prompts/src/Prompter.sys.mjs - toolkit/components/resistfingerprinting/content/letterboxing.css - toolkit/components/resistfingerprinting/nsRFPService.cpp - toolkit/components/search/ConfigSearchEngine.sys.mjs - toolkit/components/search/SearchEngineSelector.sys.mjs - toolkit/components/search/SearchService.sys.mjs - + toolkit/components/search/content/base-browser-search-engine-icons.json - + toolkit/components/search/content/base-browser-search-engines.json - + toolkit/components/search/content/startpage-16.png - + toolkit/components/search/content/startpage-32.png - − toolkit/components/search/content/startpage.png - − toolkit/components/search/content/torBrowserSearchEngineIcons.json - − toolkit/components/search/content/torBrowserSearchEngines.json - toolkit/components/securitylevel/SecurityLevel.sys.mjs - toolkit/components/tor-launcher/tor-launcher.manifest - toolkit/components/torconnect/TorConnectChild.sys.mjs - toolkit/components/torconnect/content/aboutTorConnect.html - toolkit/components/torconnect/content/torConnectTitlebarStatus.css - toolkit/components/translations/actors/TranslationsChild.sys.mjs - toolkit/components/translations/actors/TranslationsParent.sys.mjs - toolkit/components/translations/actors/moz.build - toolkit/components/translations/jar.mn - toolkit/components/windowwatcher/nsIPromptService.idl - toolkit/content/widgets/dialog.js - toolkit/content/widgets/lit-utils.mjs - toolkit/content/widgets/moz-input-common.css - toolkit/content/widgets/moz-toggle/moz-toggle.mjs - toolkit/locales/en-US/toolkit/global/base-browser.ftl - toolkit/modules/ActorManagerParent.sys.mjs - toolkit/modules/AppConstants.sys.mjs - toolkit/modules/DragDropFilter.sys.mjs - toolkit/modules/moz.build - toolkit/mozapps/extensions/content/aboutaddons.js - toolkit/mozapps/extensions/content/components/addon-mlmodel-details.mjs - toolkit/mozapps/extensions/content/components/mlmodel-card-list-additions.mjs - toolkit/mozapps/extensions/extensions.manifest - toolkit/mozapps/extensions/internal/moz.build - toolkit/themes/shared/aboutLicense.css - toolkit/themes/shared/tor-colors.css - − tools/base-browser/l10n/combine/tests/README - tools/base-browser/git-rebase-fixup-preprocessor → tools/base_browser/git-rebase-fixup-preprocessor - tools/base-browser/l10n/combine-translation-versions.py → tools/base_browser/l10n/combine-translation-versions.py - tools/base-browser/l10n/combine/__init__.py → tools/base_browser/l10n/combine/__init__.py - tools/base-browser/l10n/combine/combine.py → tools/base_browser/l10n/combine/combine.py - tools/base-browser/l10n/combine/tests/__init__.py → tools/base_browser/l10n/combine/tests/__init__.py - + tools/base_browser/l10n/combine/tests/python.toml - tools/base-browser/l10n/combine/tests/test_android.py → tools/base_browser/l10n/combine/tests/test_android.py - tools/base-browser/l10n/combine/tests/test_dtd.py → tools/base_browser/l10n/combine/tests/test_dtd.py - tools/base-browser/l10n/combine/tests/test_fluent.py → tools/base_browser/l10n/combine/tests/test_fluent.py - tools/base-browser/l10n/combine/tests/test_properties.py → tools/base_browser/l10n/combine/tests/test_properties.py - tools/base-browser/missing-css-variables.py → tools/base_browser/missing-css-variables.py - tools/base-browser/tb-dev → tools/base_browser/tb-dev - tools/moz.build - tools/torbrowser/fetch.sh - uriloader/base/nsURILoader.cpp The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/a2308f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/a2308f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41563: Do not copy Noto Color Emoji on Windows.
by Pier Angelo Vendrame (＠pierov) 15 Sep '25

15 Sep '25

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 92527a35 by Pier Angelo Vendrame at 2025-09-15T12:21:36+00:00 Bug 41563: Do not copy Noto Color Emoji on Windows. The file is not compatible with Windows, and the Windows version does not work as expected either. - - - - - 2 changed files: - projects/fonts/build - projects/fonts/config Changes: ===================================== projects/fonts/build ===================================== @@ -28,11 +28,10 @@ mv noto-fonts-* noto-fonts [% IF c("var/linux") %] unzip "$rootdir/[% c('input_files_by_name/arimo') %]" - cp Arimo-*/fonts/ttf/*.ttf Cousine-* Tinos-* NotoSans{JP,KR,SC,TC}-Regular.otf $distdir/ -[% END %] - -[% IF c("var/linux") || c("var/windows") %] - cp NotoColorEmoji.ttf $distdir/ + cp Arimo-*/fonts/ttf/*.ttf Cousine-* Tinos-* \ + NotoSans{JP,KR,SC,TC}-Regular.otf \ + NotoColorEmoji.ttf \ + $distdir/ [% END %] cp "$rootdir/[% c('input_files_by_name/Pyidaungsu') %]" $distdir/ ===================================== projects/fonts/config ===================================== @@ -190,7 +190,7 @@ input_files: enable: '[% c("var/linux") %]' - URL: https://github.com/googlefonts/noto-emoji/raw/b3e3051a088047d19fd4d49b1c3ac… sha256sum: 3ed77810c203e1a67735dc19d395f32c23f2d7c0c3696690f4f78e15e57ab816 - enable: '[% c("var/linux") || c("var/windows") %]' + enable: '[% c("var/linux") %]' - URL: https://github.com/stipub/stixfonts/raw/v2.13b171/fonts/static_otf/STIXTwoM… sha256sum: 3a5f3f26f40d5698b3c62dd085d48d6663696a3f80825aab8b553d5097518e8c name: stix View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… You're receiving this email because of your account on gitlab.torproject.org.

1 0