tbb-commits
Threads by month
- ----- 2025 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- 1 participants
- 19526 discussions
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 40475: Include clearing CORS preflight cache
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit a1a555847d2e63157e2c4098ad29fdc71e4c0c14
Author: Matthew Finkel <sysrqb(a)torproject.org>
Date: Sun Jun 6 20:32:23 2021 +0000
Bug 40475: Include clearing CORS preflight cache
---
netwerk/protocol/http/nsCORSListenerProxy.cpp | 7 +++++++
netwerk/protocol/http/nsCORSListenerProxy.h | 1 +
netwerk/protocol/http/nsHttpHandler.cpp | 2 ++
3 files changed, 10 insertions(+)
diff --git a/netwerk/protocol/http/nsCORSListenerProxy.cpp b/netwerk/protocol/http/nsCORSListenerProxy.cpp
index 76870e6cea3f..6d2e160c2a9b 100644
--- a/netwerk/protocol/http/nsCORSListenerProxy.cpp
+++ b/netwerk/protocol/http/nsCORSListenerProxy.cpp
@@ -346,6 +346,13 @@ void nsCORSListenerProxy::Shutdown() {
sPreflightCache = nullptr;
}
+/* static */
+void nsCORSListenerProxy::Clear() {
+ if (sPreflightCache) {
+ sPreflightCache->Clear();
+ }
+}
+
nsCORSListenerProxy::nsCORSListenerProxy(nsIStreamListener* aOuter,
nsIPrincipal* aRequestingPrincipal,
bool aWithCredentials)
diff --git a/netwerk/protocol/http/nsCORSListenerProxy.h b/netwerk/protocol/http/nsCORSListenerProxy.h
index 8c0df2e0ff28..3f76be33f209 100644
--- a/netwerk/protocol/http/nsCORSListenerProxy.h
+++ b/netwerk/protocol/http/nsCORSListenerProxy.h
@@ -54,6 +54,7 @@ class nsCORSListenerProxy final : public nsIStreamListener,
NS_DECL_NSITHREADRETARGETABLESTREAMLISTENER
static void Shutdown();
+ static void Clear();
[[nodiscard]] nsresult Init(nsIChannel* aChannel,
DataURIHandling aAllowDataURI);
diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp
index d5e2c61dbec9..c6cb95ca7fcc 100644
--- a/netwerk/protocol/http/nsHttpHandler.cpp
+++ b/netwerk/protocol/http/nsHttpHandler.cpp
@@ -10,6 +10,7 @@
#include "prsystem.h"
#include "AltServiceChild.h"
+#include "nsCORSListenerProxy.h"
#include "nsError.h"
#include "nsHttp.h"
#include "nsHttpHandler.h"
@@ -2290,6 +2291,7 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic,
mAltSvcCache->ClearAltServiceMappings();
}
}
+ nsCORSListenerProxy::Clear();
} else if (!strcmp(topic, NS_NETWORK_LINK_TOPIC)) {
nsAutoCString converted = NS_ConvertUTF16toUTF8(data);
if (!strcmp(converted.get(), NS_NETWORK_LINK_DATA_CHANGED)) {
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit fd9da4bcad9b9e0840aa41ee2bf86c537c467512
Author: Alex Catarineu <acat(a)torproject.org>
Date: Fri Oct 9 12:55:35 2020 +0200
Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots
---
browser/app/profile/000-tor-browser.js | 3 +++
browser/components/BrowserGlue.jsm | 14 ++++++++++++++
2 files changed, 17 insertions(+)
diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index 2db11b1ea3d7..760c405d06a6 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -325,6 +325,9 @@ pref("security.enterprise_roots.enabled", false);
// Don't ping Mozilla for MitM detection, see bug 32321
pref("security.certerrors.mitm.priming.enabled", false);
+// Don't automatically enable enterprise roots, see bug 40166
+pref("security.certerrors.mitm.auto_enable_enterprise_roots", false);
+
// Disable the language pack signing check for now on macOS, see #31942
#ifdef XP_MACOSX
pref("extensions.langpacks.signatures.required", false);
diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm
index 057a2121533c..3750230a250b 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -1319,6 +1319,20 @@ BrowserGlue.prototype = {
// handle any UI migration
this._migrateUI();
+ // Clear possibly auto enabled enterprise_roots prefs (see bug 40166)
+ if (
+ !Services.prefs.getBoolPref(
+ "security.certerrors.mitm.auto_enable_enterprise_roots"
+ ) &&
+ Services.prefs.getBoolPref(
+ "security.enterprise_roots.auto-enabled",
+ false
+ )
+ ) {
+ Services.prefs.clearUserPref("security.enterprise_roots.enabled");
+ Services.prefs.clearUserPref("security.enterprise_roots.auto-enabled");
+ }
+
if (!Services.prefs.prefHasUserValue(PREF_PDFJS_ISDEFAULT_CACHE_STATE)) {
PdfJs.checkIsDefault(this._isNewProfile);
}
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 40432: Prevent probing installed applications
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit 6ef6e141d112bcbe7bf423ba56299632729dfac6
Author: Matthew Finkel <sysrqb(a)torproject.org>
Date: Mon May 17 18:09:09 2021 +0000
Bug 40432: Prevent probing installed applications
---
.../exthandler/nsExternalHelperAppService.cpp | 30 ++++++++++++++++++----
1 file changed, 25 insertions(+), 5 deletions(-)
diff --git a/uriloader/exthandler/nsExternalHelperAppService.cpp b/uriloader/exthandler/nsExternalHelperAppService.cpp
index 0dcc1d3ed6ab..7ff9c5b626a3 100644
--- a/uriloader/exthandler/nsExternalHelperAppService.cpp
+++ b/uriloader/exthandler/nsExternalHelperAppService.cpp
@@ -1002,8 +1002,33 @@ nsresult nsExternalHelperAppService::GetFileTokenForPath(
//////////////////////////////////////////////////////////////////////////////////////////////////////
// begin external protocol service default implementation...
//////////////////////////////////////////////////////////////////////////////////////////////////////
+
+static const char kExternalProtocolPrefPrefix[] =
+ "network.protocol-handler.external.";
+static const char kExternalProtocolDefaultPref[] =
+ "network.protocol-handler.external-default";
+
NS_IMETHODIMP nsExternalHelperAppService::ExternalProtocolHandlerExists(
const char* aProtocolScheme, bool* aHandlerExists) {
+
+ // Replicate the same check performed in LoadURI.
+ // Deny load if the prefs say to do so
+ nsAutoCString externalPref(kExternalProtocolPrefPrefix);
+ externalPref += aProtocolScheme;
+ bool allowLoad = false;
+ *aHandlerExists = false;
+ if (NS_FAILED(Preferences::GetBool(externalPref.get(), &allowLoad))) {
+ // no scheme-specific value, check the default
+ if (NS_FAILED(
+ Preferences::GetBool(kExternalProtocolDefaultPref, &allowLoad))) {
+ return NS_OK; // missing default pref
+ }
+ }
+
+ if (!allowLoad) {
+ return NS_OK; // explicitly denied
+ }
+
nsCOMPtr<nsIHandlerInfo> handlerInfo;
nsresult rv = GetProtocolHandlerInfo(nsDependentCString(aProtocolScheme),
getter_AddRefs(handlerInfo));
@@ -1046,11 +1071,6 @@ NS_IMETHODIMP nsExternalHelperAppService::IsExposedProtocol(
return NS_OK;
}
-static const char kExternalProtocolPrefPrefix[] =
- "network.protocol-handler.external.";
-static const char kExternalProtocolDefaultPref[] =
- "network.protocol-handler.external-default";
-
NS_IMETHODIMP
nsExternalHelperAppService::LoadURI(nsIURI* aURI,
nsIPrincipal* aTriggeringPrincipal,
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 1650281 - P2: Make sure `gCombinedSizes` won't be underflowed r=gerald
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit 71062bd103ff460ef7708fe465aa1be38bf3e3ff
Author: Chun-Min Chang <chun.m.chang(a)gmail.com>
Date: Tue Jul 21 23:39:14 2020 +0000
Bug 1650281 - P2: Make sure `gCombinedSizes` won't be underflowed r=gerald
In any case, `gCombinedSizes` should be larger than or equal to the
buffer within `MemoryClockCache`.
Differential Revision: https://phabricator.services.mozilla.com/D84274
---
dom/media/MemoryBlockCache.cpp | 1 +
1 file changed, 1 insertion(+)
diff --git a/dom/media/MemoryBlockCache.cpp b/dom/media/MemoryBlockCache.cpp
index bf073e6769d0..2848a3f3812c 100644
--- a/dom/media/MemoryBlockCache.cpp
+++ b/dom/media/MemoryBlockCache.cpp
@@ -52,6 +52,7 @@ MemoryBlockCache::MemoryBlockCache(int64_t aContentLength)
}
MemoryBlockCache::~MemoryBlockCache() {
+ MOZ_ASSERT(gCombinedSizes >= mBuffer.Length());
size_t sizes = static_cast<size_t>(gCombinedSizes -= mBuffer.Length());
LOG("~MemoryBlockCache() - destroying buffer of size %zu; combined sizes now "
"%zu",
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 1650281 - P1: Widen `gCombinedSizes` once the buffers grow r=gerald
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit 4850d0d6471791bb42f38b11a0b0a23bae040a5e
Author: Chun-Min Chang <chun.m.chang(a)gmail.com>
Date: Tue Jul 21 23:38:57 2020 +0000
Bug 1650281 - P1: Widen `gCombinedSizes` once the buffers grow r=gerald
The `gCombinedSizes` need to be enlarged once the inner buffer within
`MemoryBlockCache` grows. Otherwise, when the `MemoryBlockCache` is
released, subtracting the buffer-size of the `MemoryBlockCache` from
`gCombinedSizes` lead to a underflow.
Differential Revision: https://phabricator.services.mozilla.com/D84273
---
dom/media/MemoryBlockCache.cpp | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/dom/media/MemoryBlockCache.cpp b/dom/media/MemoryBlockCache.cpp
index 2d31119dca0a..bf073e6769d0 100644
--- a/dom/media/MemoryBlockCache.cpp
+++ b/dom/media/MemoryBlockCache.cpp
@@ -114,6 +114,10 @@ bool MemoryBlockCache::EnsureBufferCanContain(size_t aContentLength) {
// possibly bypass some future growths that would fit in this new capacity.
mBuffer.SetLength(capacity);
}
+ const size_t newSizes = gCombinedSizes += (extra + extraCapacity);
+ LOG("EnsureBufferCanContain(%zu) - buffer size %zu + requested %zu + bonus "
+ "%zu = %zu; combined sizes %zu",
+ aContentLength, initialLength, extra, extraCapacity, capacity, newSizes);
mHasGrown = true;
return true;
}
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 1658881 - When failing to create a channel and an image request, make sure to set the image blocking status appropriately. r=tnikkel
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit cb20afad9dcedf2ba703d7dbf054c11fa887475b
Author: Emilio Cobos Álvarez <emilio(a)crisal.io>
Date: Wed Sep 9 22:58:29 2020 +0000
Bug 1658881 - When failing to create a channel and an image request, make sure to set the image blocking status appropriately. r=tnikkel
This is the same status as we do for known no-data protocols here:
https://searchfox.org/mozilla-central/rev/ac142717cc067d875e83e4b1316f004f6…
This ensures we treat these two cases the same.
Differential Revision: https://phabricator.services.mozilla.com/D89382
---
dom/base/nsImageLoadingContent.cpp | 7 ++++++-
layout/reftests/image/reftest.list | 1 +
layout/reftests/image/unknown-protocol-ref.html | 1 +
layout/reftests/image/unknown-protocol.html | 1 +
4 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/dom/base/nsImageLoadingContent.cpp b/dom/base/nsImageLoadingContent.cpp
index 23b1fd791c1f..85de63bef02d 100644
--- a/dom/base/nsImageLoadingContent.cpp
+++ b/dom/base/nsImageLoadingContent.cpp
@@ -1207,7 +1207,12 @@ nsresult nsImageLoadingContent::LoadImage(nsIURI* aNewURI, bool aForce,
MOZ_ASSERT(!req, "Shouldn't have non-null request here");
// If we don't have a current URI, we might as well store this URI so people
// know what we tried (and failed) to load.
- if (!mCurrentRequest) mCurrentURI = aNewURI;
+ if (!mCurrentRequest) {
+ mCurrentURI = aNewURI;
+ if (mImageBlockingStatus == nsIContentPolicy::ACCEPT) {
+ mImageBlockingStatus = nsIContentPolicy::REJECT_REQUEST;
+ }
+ }
FireEvent(NS_LITERAL_STRING("error"));
FireEvent(NS_LITERAL_STRING("loadend"));
diff --git a/layout/reftests/image/reftest.list b/layout/reftests/image/reftest.list
index a8a91c13ed3a..3c561fe3a7c8 100644
--- a/layout/reftests/image/reftest.list
+++ b/layout/reftests/image/reftest.list
@@ -69,3 +69,4 @@ random-if(/^Windows\x20NT\x206\.1/.test(http.oscpu)) == image-srcset-basic-selec
pref(dom.image-lazy-loading.enabled,true) == moz-broken-matching-lazy-load.html moz-broken-matching-1-ref.html
== img-invalidation-local-transform-1.html img-invalidation-local-transform-1-ref.html
+== unknown-protocol.html unknown-protocol-ref.html
diff --git a/layout/reftests/image/unknown-protocol-ref.html b/layout/reftests/image/unknown-protocol-ref.html
new file mode 100644
index 000000000000..b5bb326eef57
--- /dev/null
+++ b/layout/reftests/image/unknown-protocol-ref.html
@@ -0,0 +1 @@
+<img src="mailto://foo">
diff --git a/layout/reftests/image/unknown-protocol.html b/layout/reftests/image/unknown-protocol.html
new file mode 100644
index 000000000000..ef06881b7bcb
--- /dev/null
+++ b/layout/reftests/image/unknown-protocol.html
@@ -0,0 +1 @@
+<img src="foobar://baz">
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 1673237 - Always allow SVGs on about: pages r=acat, tjr, emilio
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit 0cc0d0f78e5fb92c4dddf3a06a24c423c4bc5315
Author: sanketh <me(a)snkth.com>
Date: Tue Nov 3 17:34:20 2020 +0000
Bug 1673237 - Always allow SVGs on about: pages r=acat,tjr,emilio
- Updated layout/svg/tests/test_disabled.html to ensure that this doesn't allow
rendering SVGs on about:blank and about:srcdoc.
Differential Revision: https://phabricator.services.mozilla.com/D95139
---
dom/base/nsNodeInfoManager.cpp | 18 ++++++++++-------
layout/svg/tests/file_disabled_iframe.html | 31 +++++++++++++++++++++++++++++-
2 files changed, 41 insertions(+), 8 deletions(-)
diff --git a/dom/base/nsNodeInfoManager.cpp b/dom/base/nsNodeInfoManager.cpp
index b0534b661a23..8bc6b0ba2bd6 100644
--- a/dom/base/nsNodeInfoManager.cpp
+++ b/dom/base/nsNodeInfoManager.cpp
@@ -352,9 +352,12 @@ void nsNodeInfoManager::RemoveNodeInfo(NodeInfo* aNodeInfo) {
MOZ_ASSERT(ret, "Can't find mozilla::dom::NodeInfo to remove!!!");
}
-static bool IsSystemOrAddonPrincipal(nsIPrincipal* aPrincipal) {
+static bool IsSystemOrAddonOrAboutPrincipal(nsIPrincipal* aPrincipal) {
return aPrincipal->IsSystemPrincipal() ||
- BasePrincipal::Cast(aPrincipal)->AddonPolicy();
+ BasePrincipal::Cast(aPrincipal)->AddonPolicy() ||
+ // NOTE: about:blank and about:srcdoc inherit the principal of their
+ // parent, so aPrincipal->SchemeIs("about") returns false for them.
+ aPrincipal->SchemeIs("about");
}
bool nsNodeInfoManager::InternalSVGEnabled() {
@@ -375,17 +378,18 @@ bool nsNodeInfoManager::InternalSVGEnabled() {
}
// We allow SVG (regardless of the pref) if this is a system or add-on
- // principal, or if this load was requested for a system or add-on principal
- // (e.g. a remote image being served as part of system or add-on UI)
+ // principal or about: page, or if this load was requested for a system or
+ // add-on principal or about: page (e.g. a remote image being served as part
+ // of system or add-on UI or about: page)
bool conclusion =
- (SVGEnabled || IsSystemOrAddonPrincipal(mPrincipal) ||
+ (SVGEnabled || IsSystemOrAddonOrAboutPrincipal(mPrincipal) ||
(loadInfo &&
(loadInfo->GetExternalContentPolicyType() ==
nsIContentPolicy::TYPE_IMAGE ||
loadInfo->GetExternalContentPolicyType() ==
nsIContentPolicy::TYPE_OTHER) &&
- (IsSystemOrAddonPrincipal(loadInfo->GetLoadingPrincipal()) ||
- IsSystemOrAddonPrincipal(loadInfo->TriggeringPrincipal()))));
+ (IsSystemOrAddonOrAboutPrincipal(loadInfo->GetLoadingPrincipal()) ||
+ IsSystemOrAddonOrAboutPrincipal(loadInfo->TriggeringPrincipal()))));
mSVGEnabled = Some(conclusion);
return conclusion;
}
diff --git a/layout/svg/tests/file_disabled_iframe.html b/layout/svg/tests/file_disabled_iframe.html
index 6feae3024730..55eda75fdefb 100644
--- a/layout/svg/tests/file_disabled_iframe.html
+++ b/layout/svg/tests/file_disabled_iframe.html
@@ -48,5 +48,34 @@
t.firstChild.firstChild.textContent = "1&2<3>4\xA0";
is(t.innerHTML, '<svg><style>1&2<3>4 \u003C/style></svg>');
- SimpleTest.finish();
+ //
+ // Tests for Bug 1673237
+ //
+
+ // This test fails if about:blank renders SVGs
+ t.innerHTML = null;
+ var iframe = document.createElement("iframe");
+ iframe.setAttribute("src", "about:blank")
+ t.appendChild(iframe);
+ iframe.appendChild(document.createElementNS("http://www.w3.org/2000/svg", "svg:svg"));
+ iframe.firstChild.textContent = "<foo>";
+ is(iframe.innerHTML, "<svg:svg><foo></svg:svg>");
+
+ // This test fails if about:blank renders SVGs
+ var win = window.open("about:blank");
+ win.document.body.appendChild(document.createElementNS("http://www.w3.org/2000/svg", "svg:svg"))
+ win.document.body.firstChild.textContent = "<foo>";
+ is(win.document.body.innerHTML, "<svg:svg><foo></svg:svg>");
+ win.close();
+
+ // This test fails if about:srcdoc renders SVGs
+ t.innerHTML = null;
+ iframe = document.createElement("iframe");
+ iframe.srcdoc = "<svg:svg></svg:svg>";
+ iframe.onload = function() {
+ iframe.contentDocument.body.firstChild.textContent = "<foo>";
+ is(iframe.contentDocument.body.innerHTML, "<svg:svg><foo></svg:svg>");
+ SimpleTest.finish();
+ }
+ t.appendChild(iframe);
</script>
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] 40209: Implement Basic Crypto Safety
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit e5e483e24101630b0b1fde918ef1cc9eefae4dd6
Author: sanketh <me(a)snkth.com>
Date: Mon Feb 8 20:12:44 2021 -0500
40209: Implement Basic Crypto Safety
Adds a CryptoSafety actor which detects when you've copied a crypto
address from a HTTP webpage and shows a warning.
Closes #40209.
Bug 40428: Fix string attribute names
---
browser/actors/CryptoSafetyChild.jsm | 87 ++++++++++++++++
browser/actors/CryptoSafetyParent.jsm | 142 +++++++++++++++++++++++++++
browser/actors/moz.build | 2 +
browser/base/content/popup-notifications.inc | 14 +++
browser/components/BrowserGlue.jsm | 17 ++++
browser/modules/TorStrings.jsm | 48 +++++++++
browser/themes/shared/browser.inc.css | 5 +
toolkit/content/license.html | 32 ++++++
toolkit/modules/Bech32Decode.jsm | 103 +++++++++++++++++++
toolkit/modules/moz.build | 1 +
10 files changed, 451 insertions(+)
diff --git a/browser/actors/CryptoSafetyChild.jsm b/browser/actors/CryptoSafetyChild.jsm
new file mode 100644
index 000000000000..87ff261d4915
--- /dev/null
+++ b/browser/actors/CryptoSafetyChild.jsm
@@ -0,0 +1,87 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* Copyright (c) 2020, The Tor Project, Inc.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var EXPORTED_SYMBOLS = ["CryptoSafetyChild"];
+
+const { Bech32Decode } = ChromeUtils.import(
+ "resource://gre/modules/Bech32Decode.jsm"
+);
+
+const { XPCOMUtils } = ChromeUtils.import(
+ "resource://gre/modules/XPCOMUtils.jsm"
+);
+
+const kPrefCryptoSafety = "security.cryptoSafety";
+
+XPCOMUtils.defineLazyPreferenceGetter(
+ this,
+ "isCryptoSafetyEnabled",
+ kPrefCryptoSafety,
+ true /* defaults to true */
+);
+
+function looksLikeCryptoAddress(s) {
+ // P2PKH and P2SH addresses
+ // https://stackoverflow.com/a/24205650
+ const bitcoinAddr = /^[13][a-km-zA-HJ-NP-Z1-9]{25,39}$/;
+ if (bitcoinAddr.test(s)) {
+ return true;
+ }
+
+ // Bech32 addresses
+ if (Bech32Decode(s) !== null) {
+ return true;
+ }
+
+ // regular addresses
+ const etherAddr = /^0x[a-fA-F0-9]{40}$/;
+ if (etherAddr.test(s)) {
+ return true;
+ }
+
+ // t-addresses
+ // https://www.reddit.com/r/zec/comments/8mxj6x/simple_regex_to_validate_a_zca…
+ const zcashAddr = /^t1[a-zA-Z0-9]{33}$/;
+ if (zcashAddr.test(s)) {
+ return true;
+ }
+
+ // Standard, Integrated, and 256-bit Integrated addresses
+ // https://monero.stackexchange.com/a/10627
+ const moneroAddr = /^4(?:[0-9AB]|[1-9A-HJ-NP-Za-km-z]{12}(?:[1-9A-HJ-NP-Za-km-z]{30})?)[1-9A-HJ-NP-Za-km-z]{93}$/;
+ if (moneroAddr.test(s)) {
+ return true;
+ }
+
+ return false;
+}
+
+class CryptoSafetyChild extends JSWindowActorChild {
+ handleEvent(event) {
+ if (isCryptoSafetyEnabled) {
+ // Ignore non-HTTP addresses
+ if (!this.document.documentURIObject.schemeIs("http")) {
+ return;
+ }
+ // Ignore onion addresses
+ if (this.document.documentURIObject.host.endsWith(".onion")) {
+ return;
+ }
+
+ if (event.type == "copy" || event.type == "cut") {
+ this.contentWindow.navigator.clipboard.readText().then(clipText => {
+ const selection = clipText.trim();
+ if (looksLikeCryptoAddress(selection)) {
+ this.sendAsyncMessage("CryptoSafety:CopiedText", {
+ selection,
+ });
+ }
+ });
+ }
+ }
+ }
+}
diff --git a/browser/actors/CryptoSafetyParent.jsm b/browser/actors/CryptoSafetyParent.jsm
new file mode 100644
index 000000000000..bac151df5511
--- /dev/null
+++ b/browser/actors/CryptoSafetyParent.jsm
@@ -0,0 +1,142 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* Copyright (c) 2020, The Tor Project, Inc.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var EXPORTED_SYMBOLS = ["CryptoSafetyParent"];
+
+const { XPCOMUtils } = ChromeUtils.import(
+ "resource://gre/modules/XPCOMUtils.jsm"
+);
+
+XPCOMUtils.defineLazyModuleGetters(this, {
+ TorStrings: "resource:///modules/TorStrings.jsm",
+});
+
+const kPrefCryptoSafety = "security.cryptoSafety";
+
+XPCOMUtils.defineLazyPreferenceGetter(
+ this,
+ "isCryptoSafetyEnabled",
+ kPrefCryptoSafety,
+ true /* defaults to true */
+);
+
+class CryptoSafetyParent extends JSWindowActorParent {
+ getBrowser() {
+ return this.browsingContext.top.embedderElement;
+ }
+
+ receiveMessage(aMessage) {
+ if (isCryptoSafetyEnabled) {
+ if (aMessage.name == "CryptoSafety:CopiedText") {
+ showPopup(this.getBrowser(), aMessage.data.selection);
+ }
+ }
+ }
+}
+
+function trimAddress(cryptoAddr) {
+ if (cryptoAddr.length <= 32) {
+ return cryptoAddr;
+ }
+ return cryptoAddr.substring(0, 32) + "...";
+}
+
+function showPopup(aBrowser, cryptoAddr) {
+ const chromeDoc = aBrowser.ownerDocument;
+ if (chromeDoc) {
+ const win = chromeDoc.defaultView;
+ const cryptoSafetyPrompt = new CryptoSafetyPrompt(
+ aBrowser,
+ win,
+ cryptoAddr
+ );
+ cryptoSafetyPrompt.show();
+ }
+}
+
+class CryptoSafetyPrompt {
+ constructor(aBrowser, aWin, cryptoAddr) {
+ this._browser = aBrowser;
+ this._win = aWin;
+ this._cryptoAddr = cryptoAddr;
+ }
+
+ show() {
+ const primaryAction = {
+ label: TorStrings.cryptoSafetyPrompt.primaryAction,
+ accessKey: TorStrings.cryptoSafetyPrompt.primaryActionAccessKey,
+ callback: () => {
+ this._win.torbutton_new_circuit();
+ },
+ };
+
+ const secondaryAction = {
+ label: TorStrings.cryptoSafetyPrompt.secondaryAction,
+ accessKey: TorStrings.cryptoSafetyPrompt.secondaryActionAccessKey,
+ callback: () => {},
+ };
+
+ let _this = this;
+ const options = {
+ popupIconURL: "chrome://browser/skin/cert-error.svg",
+ eventCallback(aTopic) {
+ if (aTopic === "showing") {
+ _this._onPromptShowing();
+ }
+ },
+ };
+
+ const cryptoWarningText = TorStrings.cryptoSafetyPrompt.cryptoWarning.replace(
+ "%S",
+ trimAddress(this._cryptoAddr)
+ );
+
+ if (this._win.PopupNotifications) {
+ this._prompt = this._win.PopupNotifications.show(
+ this._browser,
+ "crypto-safety-warning",
+ cryptoWarningText,
+ null /* anchor ID */,
+ primaryAction,
+ [secondaryAction],
+ options
+ );
+ }
+ }
+
+ _onPromptShowing() {
+ let xulDoc = this._browser.ownerDocument;
+
+ let whatCanHeading = xulDoc.getElementById(
+ "crypto-safety-warning-notification-what-can-heading"
+ );
+ if (whatCanHeading) {
+ whatCanHeading.textContent = TorStrings.cryptoSafetyPrompt.whatCanHeading;
+ }
+
+ let whatCanBody = xulDoc.getElementById(
+ "crypto-safety-warning-notification-what-can-body"
+ );
+ if (whatCanBody) {
+ whatCanBody.textContent = TorStrings.cryptoSafetyPrompt.whatCanBody;
+ }
+
+ let learnMoreElem = xulDoc.getElementById(
+ "crypto-safety-warning-notification-learnmore"
+ );
+ if (learnMoreElem) {
+ learnMoreElem.setAttribute(
+ "value",
+ TorStrings.cryptoSafetyPrompt.learnMore
+ );
+ learnMoreElem.setAttribute(
+ "href",
+ TorStrings.cryptoSafetyPrompt.learnMoreURL
+ );
+ }
+ }
+}
diff --git a/browser/actors/moz.build b/browser/actors/moz.build
index e70f0f09fe3a..9eb5ca397060 100644
--- a/browser/actors/moz.build
+++ b/browser/actors/moz.build
@@ -50,6 +50,8 @@ FINAL_TARGET_FILES.actors += [
'ContentSearchParent.jsm',
'ContextMenuChild.jsm',
'ContextMenuParent.jsm',
+ 'CryptoSafetyChild.jsm',
+ 'CryptoSafetyParent.jsm',
'DOMFullscreenChild.jsm',
'DOMFullscreenParent.jsm',
'FormValidationChild.jsm',
diff --git a/browser/base/content/popup-notifications.inc b/browser/base/content/popup-notifications.inc
index 42e17e90c648..ff6f8cdeca80 100644
--- a/browser/base/content/popup-notifications.inc
+++ b/browser/base/content/popup-notifications.inc
@@ -114,3 +114,17 @@
</vbox>
</popupnotificationfooter>
</popupnotification>
+
+ <popupnotification id="crypto-safety-warning-notification" hidden="true">
+ <popupnotificationcontent orient="vertical">
+ <description id="crypto-safety-warning-notification-desc"/>
+ <html:div id="crypto-safety-warning-notification-what-can">
+ <html:strong id="crypto-safety-warning-notification-what-can-heading" />
+ <html:br/>
+ <html:span id="crypto-safety-warning-notification-what-can-body" />
+ </html:div>
+ <label id="crypto-safety-warning-notification-learnmore"
+ class="popup-notification-learnmore-link"
+ is="text-link"/>
+ </popupnotificationcontent>
+ </popupnotification>
diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm
index 3750230a250b..5f708fca3d5c 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -297,6 +297,23 @@ let JSWINDOWACTORS = {
allFrames: true,
},
+ CryptoSafety: {
+ parent: {
+ moduleURI: "resource:///actors/CryptoSafetyParent.jsm",
+ },
+
+ child: {
+ moduleURI: "resource:///actors/CryptoSafetyChild.jsm",
+ group: "browsers",
+ events: {
+ copy: { mozSystemGroup: true },
+ cut: { mozSystemGroup: true },
+ },
+ },
+
+ allFrames: true,
+ },
+
DOMFullscreen: {
parent: {
moduleURI: "resource:///actors/DOMFullscreenParent.jsm",
diff --git a/browser/modules/TorStrings.jsm b/browser/modules/TorStrings.jsm
index e8a8d37ae373..1e08b168e4af 100644
--- a/browser/modules/TorStrings.jsm
+++ b/browser/modules/TorStrings.jsm
@@ -101,6 +101,54 @@ class TorPropertyStringBundle {
Security Level Strings
*/
var TorStrings = {
+ /*
+ CryptoSafetyPrompt Strings
+ */
+ cryptoSafetyPrompt: (function() {
+ let tsb = new TorPropertyStringBundle(
+ "chrome://torbutton/locale/torbutton.properties",
+ "cryptoSafetyPrompt."
+ );
+ let getString = function(key, fallback) {
+ return tsb.getString(key, fallback);
+ };
+
+ let retval = {
+ cryptoWarning: getString(
+ "cryptoWarning",
+ "A cryptocurrency address (%S) has been copied from an insecure website. It could have been modified."
+ ),
+ whatCanHeading: getString(
+ "whatCanHeading",
+ "What can you do about it?"
+ ),
+ whatCanBody: getString(
+ "whatCanBody",
+ "You can try reconnecting with a new circuit to establish a secure connection, or accept the risk and dismiss this warning."
+ ),
+ learnMore: getString("learnMore", "Learn more"),
+ learnMoreURL: `https://support.torproject.org/${getLocale()}/`,
+ primaryAction: getString(
+ "primaryAction",
+ "Reload Tab with a New Circuit"
+ ),
+ primaryActionAccessKey: getString(
+ "primaryActionAccessKey",
+ "R"
+ ),
+ secondaryAction: getString(
+ "secondaryAction",
+ "Dismiss Warning"
+ ),
+ secondaryActionAccessKey: getString(
+ "secondaryActionAccessKey",
+ "D"
+ ),
+ };
+
+ return retval;
+ })() /* CryptoSafetyPrompt Strings */,
+
/*
Tor Browser Security Level Strings
*/
diff --git a/browser/themes/shared/browser.inc.css b/browser/themes/shared/browser.inc.css
index 0113466e8e56..4ef27d880754 100644
--- a/browser/themes/shared/browser.inc.css
+++ b/browser/themes/shared/browser.inc.css
@@ -620,3 +620,8 @@ menupopup::part(drop-indicator) {
#sharing-warning-proceed-to-tab:hover {
background-color: rgb(0,62,170);
}
+
+#crypto-safety-warning-notification-what-can {
+ display: block;
+ margin: 5px;
+}
diff --git a/toolkit/content/license.html b/toolkit/content/license.html
index e44c31ec6d4e..90995236b41b 100644
--- a/toolkit/content/license.html
+++ b/toolkit/content/license.html
@@ -72,6 +72,7 @@
<li><a href="about:license#arm">ARM License</a></li>
<li><a href="about:license#babel">Babel License</a></li>
<li><a href="about:license#babylon">Babylon License</a></li>
+ <li><a href="about:license#bech32">Bech32 License</a></li>
<li><a href="about:license#bincode">bincode License</a></li>
<li><a href="about:license#bsd2clause">BSD 2-Clause License</a></li>
<li><a href="about:license#bsd3clause">BSD 3-Clause License</a></li>
@@ -2795,6 +2796,37 @@ furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+</pre>
+
+
+ <hr>
+
+ <h1><a id="bech32"></a>Bech32 License</h1>
+
+ <p>This license applies to the file
+ <code>toolkit/modules/Bech32Decode.jsm</code>.
+ </p>
+
+<pre>
+Copyright (c) 2017 Pieter Wuille
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
diff --git a/toolkit/modules/Bech32Decode.jsm b/toolkit/modules/Bech32Decode.jsm
new file mode 100644
index 000000000000..3a2bc7ae0a10
--- /dev/null
+++ b/toolkit/modules/Bech32Decode.jsm
@@ -0,0 +1,103 @@
+// Adapted from the reference implementation of Bech32
+// https://github.com/sipa/bech32
+
+// Copyright (c) 2017 Pieter Wuille
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+"use strict";
+
+/**
+ * JS module implementation of Bech32 decoding adapted from the reference
+ * implementation https://github.com/sipa/bech32.
+ */
+
+var EXPORTED_SYMBOLS = ["Bech32Decode"];
+
+var CHARSET = "qpzry9x8gf2tvdw0s3jn54khce6mua7l";
+var GENERATOR = [0x3b6a57b2, 0x26508e6d, 0x1ea119fa, 0x3d4233dd, 0x2a1462b3];
+
+function polymod(values) {
+ var chk = 1;
+ for (var p = 0; p < values.length; ++p) {
+ var top = chk >> 25;
+ chk = ((chk & 0x1ffffff) << 5) ^ values[p];
+ for (var i = 0; i < 5; ++i) {
+ if ((top >> i) & 1) {
+ chk ^= GENERATOR[i];
+ }
+ }
+ }
+ return chk;
+}
+
+function hrpExpand(hrp) {
+ var ret = [];
+ var p;
+ for (p = 0; p < hrp.length; ++p) {
+ ret.push(hrp.charCodeAt(p) >> 5);
+ }
+ ret.push(0);
+ for (p = 0; p < hrp.length; ++p) {
+ ret.push(hrp.charCodeAt(p) & 31);
+ }
+ return ret;
+}
+
+function verifyChecksum(hrp, data) {
+ return polymod(hrpExpand(hrp).concat(data)) === 1;
+}
+
+function Bech32Decode(bechString) {
+ var p;
+ var has_lower = false;
+ var has_upper = false;
+ for (p = 0; p < bechString.length; ++p) {
+ if (bechString.charCodeAt(p) < 33 || bechString.charCodeAt(p) > 126) {
+ return null;
+ }
+ if (bechString.charCodeAt(p) >= 97 && bechString.charCodeAt(p) <= 122) {
+ has_lower = true;
+ }
+ if (bechString.charCodeAt(p) >= 65 && bechString.charCodeAt(p) <= 90) {
+ has_upper = true;
+ }
+ }
+ if (has_lower && has_upper) {
+ return null;
+ }
+ bechString = bechString.toLowerCase();
+ var pos = bechString.lastIndexOf("1");
+ if (pos < 1 || pos + 7 > bechString.length || bechString.length > 90) {
+ return null;
+ }
+ var hrp = bechString.substring(0, pos);
+ var data = [];
+ for (p = pos + 1; p < bechString.length; ++p) {
+ var d = CHARSET.indexOf(bechString.charAt(p));
+ if (d === -1) {
+ return null;
+ }
+ data.push(d);
+ }
+ if (!verifyChecksum(hrp, data)) {
+ return null;
+ }
+ return { hrp: hrp, data: data.slice(0, data.length - 6) };
+}
diff --git a/toolkit/modules/moz.build b/toolkit/modules/moz.build
index e1f1eb5759c5..698d2773a7ed 100644
--- a/toolkit/modules/moz.build
+++ b/toolkit/modules/moz.build
@@ -160,6 +160,7 @@ EXTRA_JS_MODULES += [
'ActorManagerParent.jsm',
'AppMenuNotifications.jsm',
'AsyncPrefs.jsm',
+ 'Bech32Decode.jsm',
'BinarySearch.jsm',
'BrowserUtils.jsm',
'CanonicalJSON.jsm',
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 40091: Load HTTPS Everywhere as a builtin addon in desktop
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit 8970e5152588ad1a749a91e737be8d62726aa0eb
Author: Alex Catarineu <acat(a)torproject.org>
Date: Fri Sep 4 12:34:35 2020 +0200
Bug 40091: Load HTTPS Everywhere as a builtin addon in desktop
This loads HTTPS Everywhere as a builtin addon from a hardcoded
resource:// URI in desktop. It also ensures that the non-builtin
HTTPS Everywhere addon is always uninstalled on browser startup.
The reason of making this desktop-only is that there are some issues
when installing a builtin extension from geckoview side, making
the extension not available on first startup. So, at least for
now we handle the Fenix case separately. See #40118 for a followup
for investigating these.
---
browser/components/BrowserGlue.jsm | 37 ++++++++++++++++++++++
toolkit/components/extensions/Extension.jsm | 14 ++++++--
.../mozapps/extensions/internal/XPIProvider.jsm | 13 ++++++++
3 files changed, 61 insertions(+), 3 deletions(-)
diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm
index ec38d0ca8b33..057a2121533c 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -56,6 +56,13 @@ XPCOMUtils.defineLazyServiceGetter(
"nsIPushService"
);
+XPCOMUtils.defineLazyServiceGetters(this, {
+ resProto: [
+ "@mozilla.org/network/protocol;1?name=resource",
+ "nsISubstitutingProtocolHandler",
+ ],
+});
+
const PREF_PDFJS_ISDEFAULT_CACHE_STATE = "pdfjs.enabledCache.state";
/**
@@ -675,6 +682,7 @@ XPCOMUtils.defineLazyModuleGetters(this, {
"resource://gre/modules/ContextualIdentityService.jsm",
Corroborate: "resource://gre/modules/Corroborate.jsm",
Discovery: "resource:///modules/Discovery.jsm",
+ ExtensionData: "resource://gre/modules/Extension.jsm",
ExtensionsUI: "resource:///modules/ExtensionsUI.jsm",
FirefoxMonitor: "resource:///modules/FirefoxMonitor.jsm",
FxAccounts: "resource://gre/modules/FxAccounts.jsm",
@@ -1330,6 +1338,35 @@ BrowserGlue.prototype = {
"resource:///modules/themes/dark/"
);
+ // Install https-everywhere builtin addon if needed.
+ (async () => {
+ const HTTPS_EVERYWHERE_ID = "https-everywhere-eff(a)eff.org";
+ const HTTPS_EVERYWHERE_BUILTIN_URL =
+ "resource://torbutton/content/extensions/https-everywhere/";
+ // This does something similar as GeckoViewWebExtension.jsm: it tries
+ // to load the manifest to retrieve the version of the builtin and
+ // compares it to the currently installed one to see whether we need
+ // to install or not. Here we delegate that to
+ // AddonManager.maybeInstallBuiltinAddon.
+ try {
+ const resolvedURI = Services.io.newURI(
+ resProto.resolveURI(Services.io.newURI(HTTPS_EVERYWHERE_BUILTIN_URL))
+ );
+ const extensionData = new ExtensionData(resolvedURI);
+ const manifest = await extensionData.loadManifest();
+
+ await AddonManager.maybeInstallBuiltinAddon(
+ HTTPS_EVERYWHERE_ID,
+ manifest.version,
+ HTTPS_EVERYWHERE_BUILTIN_URL
+ );
+ } catch (e) {
+ const log = Log.repository.getLogger("HttpsEverywhereBuiltinLoader");
+ log.addAppender(new Log.ConsoleAppender(new Log.BasicFormatter()));
+ log.error("Could not install https-everywhere extension", e);
+ }
+ })();
+
if (AppConstants.MOZ_NORMANDY) {
Normandy.init();
}
diff --git a/toolkit/components/extensions/Extension.jsm b/toolkit/components/extensions/Extension.jsm
index 876e636be3db..7dbd888b1710 100644
--- a/toolkit/components/extensions/Extension.jsm
+++ b/toolkit/components/extensions/Extension.jsm
@@ -211,6 +211,7 @@ const LOGGER_ID_BASE = "addons.webextension.";
const UUID_MAP_PREF = "extensions.webextensions.uuids";
const LEAVE_STORAGE_PREF = "extensions.webextensions.keepStorageOnUninstall";
const LEAVE_UUID_PREF = "extensions.webextensions.keepUuidOnUninstall";
+const PERSISTENT_EXTENSIONS = new Set(["https-everywhere-eff(a)eff.org"]);
const COMMENT_REGEXP = new RegExp(
String.raw`
@@ -331,7 +332,10 @@ var ExtensionAddonObserver = {
return;
}
- if (!Services.prefs.getBoolPref(LEAVE_STORAGE_PREF, false)) {
+ if (
+ !Services.prefs.getBoolPref(LEAVE_STORAGE_PREF, false) &&
+ !PERSISTENT_EXTENSIONS.has(addon.id)
+ ) {
// Clear browser.storage.local backends.
AsyncShutdown.profileChangeTeardown.addBlocker(
`Clear Extension Storage ${addon.id} (File Backend)`,
@@ -384,7 +388,10 @@ var ExtensionAddonObserver = {
ExtensionPermissions.removeAll(addon.id);
- if (!Services.prefs.getBoolPref(LEAVE_UUID_PREF, false)) {
+ if (
+ !Services.prefs.getBoolPref(LEAVE_UUID_PREF, false) &&
+ !PERSISTENT_EXTENSIONS.has(addon.id)
+ ) {
// Clear the entry in the UUID map
UUIDMap.remove(addon.id);
}
@@ -2474,7 +2481,8 @@ class Extension extends ExtensionData {
);
} else if (
this.startupReason === "ADDON_INSTALL" &&
- !Services.prefs.getBoolPref(LEAVE_STORAGE_PREF, false)
+ !Services.prefs.getBoolPref(LEAVE_STORAGE_PREF, false) &&
+ !PERSISTENT_EXTENSIONS.has(this.id)
) {
// If the extension has been just installed, set it as migrated,
// because there will not be any data to migrate.
diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
index 794c206fb453..dc5362bce3d8 100644
--- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
@@ -1491,6 +1491,19 @@ var XPIStates = {
continue;
}
+ // Uninstall HTTPS Everywhere if it is installed in the user profile.
+ if (
+ id === "https-everywhere-eff(a)eff.org" &&
+ loc.name === KEY_APP_PROFILE
+ ) {
+ logger.debug(
+ "Uninstalling the HTTPS Everywhere extension from user profile."
+ );
+ loc.installer.uninstallAddon(id);
+ changed = true;
+ continue;
+ }
+
let xpiState = loc.get(id);
if (!xpiState) {
// If the location is not supported for sideloading, skip new
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 40416: Add v2 Onion deprecation warnings
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit bed2324647cb49dbf7762014cf961fda6ab65733
Author: Richard Pospesel <richard(a)torproject.org>
Date: Fri May 21 22:18:23 2021 +0200
Bug 40416: Add v2 Onion deprecation warnings
- adds new v2 deprecated warning page (js and styling) that piggy-backs
off of the existing added onion service errors
- updates identity-icon to onionWarning.svg when visiting a v2 onion site adds
warning tooltip; this warning supersedes all other identity states (including
mixed-content error)
- we determine whether to show the warning page in nsDocShell::DoURILoad()
- a new synchonous IPC method is added to ContentChild/ContentParent to determine
if the session has loaded the warning page already; worst case scenario, each
child process will need to wait on this method to return only once when visiting
a v2 onion; nothing is permanently cached with regards to this change
- an exception for the new sync method is added to sync-messages.ini (generally,
in practice adding new blocking methods is probably bad, but the minimial
overhead and frequency this method is called is worth the simpler code)
---
browser/base/content/aboutNetError.xhtml | 3 ++
browser/base/content/browser-siteIdentity.js | 12 +++++
browser/base/jar.mn | 2 +-
.../content/netError/onionNetError.js | 6 +++
.../content/netError/v2Deprecated.css | 25 +++++++++
.../onionservices/content/netError/v2Deprecated.js | 50 ++++++++++++++++++
browser/components/onionservices/jar.mn | 8 ++-
browser/modules/TorStrings.jsm | 8 +++
.../shared/identity-block/identity-block.inc.css | 3 +-
browser/themes/shared/onionPattern.inc.xhtml | 4 +-
docshell/base/nsDocShell.cpp | 61 ++++++++++++++++++++++
dom/ipc/ContentParent.cpp | 11 ++++
dom/ipc/ContentParent.h | 2 +
dom/ipc/PContent.ipdl | 3 ++
ipc/ipdl/sync-messages.ini | 3 ++
js/xpconnect/src/xpc.msg | 1 +
xpcom/base/ErrorList.py | 2 +
17 files changed, 200 insertions(+), 4 deletions(-)
diff --git a/browser/base/content/aboutNetError.xhtml b/browser/base/content/aboutNetError.xhtml
index 957b6f15a0be..4572eb2024f1 100644
--- a/browser/base/content/aboutNetError.xhtml
+++ b/browser/base/content/aboutNetError.xhtml
@@ -207,7 +207,10 @@
</div>
</div>
</div>
+<!-- The onion pattern is disabled by default unless the onionPattern.css is also included; we include onionPattern.css programmatically in the v2Deprecation error page, so the onion pattern will not be visible in all error pages -->
+#include ../../themes/shared/onionPattern.inc.xhtml
</body>
+ <script src="chrome://browser/content/onionservices/netError/v2Deprecated.js"/>
<script src="chrome://browser/content/onionservices/netError/onionNetError.js"/>
<script src="chrome://browser/content/aboutNetError.js"/>
</html>
diff --git a/browser/base/content/browser-siteIdentity.js b/browser/base/content/browser-siteIdentity.js
index 2a3431172886..27fee74cba5b 100644
--- a/browser/base/content/browser-siteIdentity.js
+++ b/browser/base/content/browser-siteIdentity.js
@@ -135,6 +135,15 @@ var gIdentityHandler = {
return this._uriHasHost ? this._uri.host.toLowerCase().endsWith(".onion") : false;
},
+ get _uriIsDeprecatedOnionHost() {
+ const hostIsV2Onion = function(host) {
+ // matches on v2 onion domains with any number of subdomains
+ const pattern = /^(.*\.)*[a-z2-7]{16}\.onion/i;
+ return pattern.test(host);
+ };
+
+ return this._uriHasHost ? hostIsV2Onion(this._uri.host) : false;
+ },
// smart getters
get _identityPopup() {
delete this._identityPopup;
@@ -685,6 +694,9 @@ var gIdentityHandler = {
"identity.extension.label",
[extensionName]
);
+ } else if (this._uriIsDeprecatedOnionHost) {
+ this._identityBox.className = "onionServiceDeprecated";
+ tooltip = TorStrings.onionServices.v2Deprecated.tooltip;
} else if (this._uriHasHost && this._isSecureConnection && this._secInfo) {
// This is a secure connection.
// _isSecureConnection implicitly includes onion services, which may not have an SSL certificate
diff --git a/browser/base/jar.mn b/browser/base/jar.mn
index df65349796b5..21b07ad9511b 100644
--- a/browser/base/jar.mn
+++ b/browser/base/jar.mn
@@ -22,7 +22,7 @@ browser.jar:
content/browser/logos/send.svg (content/logos/send.svg)
content/browser/logos/tracking-protection.svg (content/logos/tracking-protection.svg)
content/browser/logos/tracking-protection-dark-theme.svg (content/logos/tracking-protection-dark-theme.svg)
- content/browser/aboutNetError.xhtml (content/aboutNetError.xhtml)
+* content/browser/aboutNetError.xhtml (content/aboutNetError.xhtml)
content/browser/aboutNetError.js (content/aboutNetError.js)
content/browser/aboutRobots-icon.png (content/aboutRobots-icon.png)
content/browser/aboutFrameCrashed.html (content/aboutFrameCrashed.html)
diff --git a/browser/components/onionservices/content/netError/onionNetError.js b/browser/components/onionservices/content/netError/onionNetError.js
index 8fabb3f38eb7..254e50bab4a3 100644
--- a/browser/components/onionservices/content/netError/onionNetError.js
+++ b/browser/components/onionservices/content/netError/onionNetError.js
@@ -38,6 +38,12 @@ var OnionServicesAboutNetError = {
const errPrefix = "onionServices.";
const errName = err.substring(errPrefix.length);
+ // tor-browser#40416 - remove this page and updated onionNetErrors with new error once v2 no longer works at all
+ if (errName === "v2Deprecated") {
+ V2DeprecatedAboutNetError.initPage(aDoc);
+ return;
+ }
+
this._strings = RPMGetTorStrings();
const stringsObj = this._strings[errName];
diff --git a/browser/components/onionservices/content/netError/v2Deprecated.css b/browser/components/onionservices/content/netError/v2Deprecated.css
new file mode 100644
index 000000000000..890468d09761
--- /dev/null
+++ b/browser/components/onionservices/content/netError/v2Deprecated.css
@@ -0,0 +1,25 @@
+%include ../../../../themes/shared/onionPattern.css
+
+:root {
+ --onion-opacity: 1;
+ --onion-color: var(--card-outline-color);
+ --onion-radius: 50px;
+}
+
+body {
+ border: 1.5em solid #FED916;
+ justify-content: space-between;
+}
+
+div.title {
+ background-image: url("chrome://browser/skin/onion-warning.svg");
+}
+
+div#errorPageContainer {
+ padding-top: 20vh;
+ width: 66%;
+}
+
+div#learnMoreContainer {
+ display: block;
+}
\ No newline at end of file
diff --git a/browser/components/onionservices/content/netError/v2Deprecated.js b/browser/components/onionservices/content/netError/v2Deprecated.js
new file mode 100644
index 000000000000..195bc187791c
--- /dev/null
+++ b/browser/components/onionservices/content/netError/v2Deprecated.js
@@ -0,0 +1,50 @@
+// Copyright (c) 2021, The Tor Project, Inc.
+
+"use strict";
+
+/* eslint-env mozilla/frame-script */
+
+var V2DeprecatedAboutNetError = {
+
+ _selector: {
+ header: ".title-text",
+ longDesc: "#errorLongDesc",
+ learnMoreLink: "#learnMoreLink",
+ contentContainer: "#errorLongContent",
+ tryAgainButton: "div#netErrorButtonContainer button.try-again",
+ },
+
+ initPage(aDoc) {
+ this._insertStylesheet(aDoc);
+ this._populateStrings(aDoc);
+ },
+
+ _populateStrings(aDoc) {
+ // populate strings
+ const TorStrings = RPMGetTorStrings();
+
+ aDoc.title = TorStrings.v2Deprecated.pageTitle;
+
+ let headerElem = aDoc.querySelector(this._selector.header);
+ headerElem.textContent = TorStrings.v2Deprecated.header;
+
+ let longDescriptionElem = aDoc.querySelector(this._selector.longDesc);
+ longDescriptionElem.textContent = TorStrings.v2Deprecated.longDescription;
+
+ let learnMoreElem = aDoc.querySelector(this._selector.learnMoreLink);
+ learnMoreElem.setAttribute("href", TorStrings.v2Deprecated.learnMoreURL);
+
+ let tryAgainElem = aDoc.querySelector(this._selector.tryAgainButton);
+ tryAgainElem.textContent = TorStrings.v2Deprecated.tryAgain;
+ },
+
+ _insertStylesheet(aDoc) {
+ const url =
+ "chrome://browser/content/onionservices/netError/v2Deprecated.css";
+ let linkElem = aDoc.createElement("link");
+ linkElem.rel = "stylesheet";
+ linkElem.href = url;
+ linkElem.type = "text/css";
+ aDoc.head.appendChild(linkElem);
+ },
+};
diff --git a/browser/components/onionservices/jar.mn b/browser/components/onionservices/jar.mn
index f45b16dc5d29..73258bd9c501 100644
--- a/browser/components/onionservices/jar.mn
+++ b/browser/components/onionservices/jar.mn
@@ -3,7 +3,13 @@ browser.jar:
content/browser/onionservices/authPreferences.js (content/authPreferences.js)
content/browser/onionservices/authPrompt.js (content/authPrompt.js)
content/browser/onionservices/authUtil.jsm (content/authUtil.jsm)
- content/browser/onionservices/netError/ (content/netError/*)
+ content/browser/onionservices/netError/browser.svg (content/netError/browser.svg)
+ content/browser/onionservices/netError/network.svg (content/netError/network.svg)
+ content/browser/onionservices/netError/onionNetError.css (content/netError/onionNetError.css)
+ content/browser/onionservices/netError/onionNetError.js (content/netError/onionNetError.js)
+ content/browser/onionservices/netError/onionsite.svg (content/netError/onionsite.svg)
+* content/browser/onionservices/netError/v2Deprecated.css (content/netError/v2Deprecated.css)
+ content/browser/onionservices/netError/v2Deprecated.js (content/netError/v2Deprecated.js)
content/browser/onionservices/onionservices.css (content/onionservices.css)
content/browser/onionservices/savedKeysDialog.js (content/savedKeysDialog.js)
content/browser/onionservices/savedKeysDialog.xhtml (content/savedKeysDialog.xhtml)
diff --git a/browser/modules/TorStrings.jsm b/browser/modules/TorStrings.jsm
index c086d0fe3117..6eeb2ea06a04 100644
--- a/browser/modules/TorStrings.jsm
+++ b/browser/modules/TorStrings.jsm
@@ -502,6 +502,14 @@ var TorStrings = {
header: getString("introTimedOut.header", "Onionsite Circuit Creation Timed Out"),
longDescription: getString("introTimedOut.longDescription", kLongDescFallback),
},
+ v2Deprecated: { // Deprecation page for v2 Onions
+ pageTitle: getString("v2Deprecated.pageTitle", "V2 Onion Site Deprecation Warning"),
+ header: getString("v2Deprecated.header", "Version 2 Onion Sites will be deprecated soon"),
+ longDescription: getString("v2Deprecated.longDescription", "Tor is ending its support for version 2 onion services beginning in July 2021, and this onion site will no longer be reachable at this address. If you are the site administrator, upgrade to a version 3 onion service soon."),
+ learnMoreURL: `https://support.torproject.org/${getLocale()}/onionservices/#v2-deprecation`,
+ tryAgain: getString("v2Deprecated.tryAgain", "Got it"),
+ tooltip: getString("v2Deprecated.tooltip", "This onion site will not be reachable soon"),
+ },
authPrompt: {
description:
getString("authPrompt.description2", "%S is requesting that you authenticate."),
diff --git a/browser/themes/shared/identity-block/identity-block.inc.css b/browser/themes/shared/identity-block/identity-block.inc.css
index 011fb9f3081c..936ab00d2080 100644
--- a/browser/themes/shared/identity-block/identity-block.inc.css
+++ b/browser/themes/shared/identity-block/identity-block.inc.css
@@ -181,7 +181,8 @@ toolbar[brighttext] #identity-box[pageproxystate="valid"].chromeUI > #identity-i
#identity-box[pageproxystate="valid"].onionMixedDisplayContent > #identity-icon,
#identity-box[pageproxystate="valid"].onionMixedDisplayContentLoadedActiveBlocked > #identity-icon,
-#identity-box[pageproxystate="valid"].onionCertUserOverridden > #identity-icon {
+#identity-box[pageproxystate="valid"].onionCertUserOverridden > #identity-icon,
+#identity-box[pageproxystate="valid"].onionServiceDeprecated > #identity-icon {
list-style-image: url(chrome://browser/skin/onion-warning.svg);
visibility: visible;
}
diff --git a/browser/themes/shared/onionPattern.inc.xhtml b/browser/themes/shared/onionPattern.inc.xhtml
index 6bbde93684a2..0b6b8b072f9a 100644
--- a/browser/themes/shared/onionPattern.inc.xhtml
+++ b/browser/themes/shared/onionPattern.inc.xhtml
@@ -9,9 +9,11 @@
- most browser windows, typically the two rows of onions will fill the
- bottom of the page. On really wide pages, the onions are centered at
- the bottom of the page.
+ - The root onion-pattern-container div is hidden by default, and can be
+ - enabled by including onionPattern.css
-->
-<div class="onion-pattern-container">
+<div class="onion-pattern-container" style="display: none">
<!-- for some reason, these two elements are focusable, seems related to
- flex css somehow; disable their tabindex to fix
-->
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index bf9639c82612..0f315f2f87b4 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -7,6 +7,7 @@
#include "nsDocShell.h"
#include <algorithm>
+#include <regex>
#ifdef XP_WIN
# include <process.h>
@@ -3645,6 +3646,9 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
case NS_ERROR_TOR_ONION_SVC_INTRO_TIMEDOUT:
error = "onionServices.introTimedOut";
break;
+ case NS_ERROR_TOR_ONION_SVC_V2_DEPRECATED:
+ error = "onionServices.v2Deprecated";
+ break;
default:
break;
}
@@ -9596,6 +9600,63 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
return NS_OK;
}
+ // tor-browser#40416
+ // we only ever want to show the warning page once per session
+ const auto shouldShouldShowV2DeprecationPage = []() -> bool {
+ bool retval = false;
+ if (XRE_IsContentProcess()) {
+ auto* cc = ContentChild::GetSingleton();
+ cc->SendShouldShowV2DeprecationPage(&retval);
+ }
+ return retval;
+ };
+
+ const auto uriIsV2Onion = [](nsIURI* uri) -> bool {
+ if (uri) {
+ nsAutoCString hostString;
+ uri->GetHost(hostString);
+
+ const std::string_view host(hostString.BeginReading(), hostString.Length());
+
+ // matches v2 onions with any number of subdomains
+ const static std::regex v2OnionPattern{
+ "^(.*\\.)*[a-z2-7]{16}\\.onion",
+ std::regex::icase | std::regex::optimize
+ };
+
+ // see if the uri refers to v2 onion host
+ return std::regex_match(
+ host.begin(),
+ host.end(),
+ v2OnionPattern);
+ }
+ return false;
+ };
+
+ // only dip in here if this process thinks onion warning page has not been shown
+ static bool v2DeprecationPageShown = false;
+ if (!v2DeprecationPageShown) {
+ // now only advance if the URI we are dealing with
+ // is a v2 onion address
+ auto uri = aLoadState->URI();
+ if (uriIsV2Onion(uri)) {
+ // Ok, so we are dealing with a v2 onion, now make
+ // sure the v2 deprecation page has not been shown in
+ // in another content process
+ //
+ // This is a synchrynous call, so we are blocking until
+ // we hear back from from the parent process. Each child
+ // process will need to perform this wait at most once,
+ // since we are locally caching in v2DeprecationPageShown.
+ v2DeprecationPageShown = true;
+ if (shouldShouldShowV2DeprecationPage()) {
+ DisplayLoadError(NS_ERROR_TOR_ONION_SVC_V2_DEPRECATED, uri, nullptr, nullptr);
+ return NS_ERROR_LOAD_SHOWED_ERRORPAGE;
+ }
+ }
+ }
+
+
nsCOMPtr<nsIURILoader> uriLoader = components::URILoader::Service();
if (NS_WARN_IF(!uriLoader)) {
return NS_ERROR_UNEXPECTED;
diff --git a/dom/ipc/ContentParent.cpp b/dom/ipc/ContentParent.cpp
index 4269016ec5d5..9c1c1fddf9e9 100644
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -6515,6 +6515,17 @@ NS_IMETHODIMP ContentParent::GetActor(const nsACString& aName,
return NS_OK;
}
+mozilla::ipc::IPCResult ContentParent::RecvShouldShowV2DeprecationPage(bool* showPage) {
+ static bool v2DeprecationPageShown = false;
+ if (v2DeprecationPageShown) {
+ *showPage = false;
+ } else {
+ *showPage = true;
+ v2DeprecationPageShown = true;
+ }
+ return IPC_OK();
+}
+
} // namespace dom
} // namespace mozilla
diff --git a/dom/ipc/ContentParent.h b/dom/ipc/ContentParent.h
index 4f10832d8e23..83f9caa1dc6c 100644
--- a/dom/ipc/ContentParent.h
+++ b/dom/ipc/ContentParent.h
@@ -1280,6 +1280,8 @@ class ContentParent final
const MaybeDiscarded<BrowsingContext>& aContext, int32_t aOffset,
HistoryGoResolver&& aResolveRequestedIndex);
+ mozilla::ipc::IPCResult RecvShouldShowV2DeprecationPage(bool* showPage);
+
// Notify the ContentChild to enable the input event prioritization when
// initializing.
void MaybeEnableRemoteInputEventQueue();
diff --git a/dom/ipc/PContent.ipdl b/dom/ipc/PContent.ipdl
index c4dd750e47a4..09d053c69738 100644
--- a/dom/ipc/PContent.ipdl
+++ b/dom/ipc/PContent.ipdl
@@ -1678,6 +1678,9 @@ child:
// WindowContext is managed using the PWindowGlobal actor's lifecycle.
async CreateWindowContext(WindowContextInitializer aInit);
async DiscardWindowContext(uint64_t aContextId) returns (bool unused);
+
+parent:
+ sync ShouldShowV2DeprecationPage() returns (bool showPage);
};
}
diff --git a/ipc/ipdl/sync-messages.ini b/ipc/ipdl/sync-messages.ini
index 88ad49d169e8..df2acb04c750 100644
--- a/ipc/ipdl/sync-messages.ini
+++ b/ipc/ipdl/sync-messages.ini
@@ -1040,6 +1040,9 @@ description = Initialization of WebGL contexts is synchronous by spec.
description = Synchronous RPC to allow WebGL to run graphics commands in compositor process and return results to be used in JS return values.
[PSocketProcess::GetTLSClientCert]
description = Synchronously get client certificate and key from parent process. Once bug 696976 has been fixed, this can be removed.
+[PContent::ShouldShowV2DeprecationPage]
+description = Synchronously determine whether a client process has already displayed the v2 onion deprecation warning page
+
#############################################################
# AVOID ADDING NEW MESSAGES TO THIS FILE #
diff --git a/js/xpconnect/src/xpc.msg b/js/xpconnect/src/xpc.msg
index 31e5e75ba35c..7c8cc9ef181c 100644
--- a/js/xpconnect/src/xpc.msg
+++ b/js/xpconnect/src/xpc.msg
@@ -262,6 +262,7 @@ XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_MISSING_CLIENT_AUTH, "Tor onion service missi
XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_BAD_CLIENT_AUTH , "Tor onion service wrong client authorization")
XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_BAD_ADDRESS , "Tor onion service bad address")
XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_INTRO_TIMEDOUT , "Tor onion service introduction timed out")
+XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_V2_DEPRECATED , "Tor v2 onion services are deprecated")
/* Profile manager error codes */
XPC_MSG_DEF(NS_ERROR_DATABASE_CHANGED , "Flushing the profiles to disk would have overwritten changes made elsewhere.")
diff --git a/xpcom/base/ErrorList.py b/xpcom/base/ErrorList.py
index 5f35cf7771f9..6bcd65f9bca9 100755
--- a/xpcom/base/ErrorList.py
+++ b/xpcom/base/ErrorList.py
@@ -1200,6 +1200,8 @@ with modules["TOR"]:
errors["NS_ERROR_TOR_ONION_SVC_BAD_ADDRESS"] = FAILURE(7)
# Tor onion service introduction timed out.
errors["NS_ERROR_TOR_ONION_SVC_INTRO_TIMEDOUT"] = FAILURE(8)
+ # Tor v2 onion services are deprecated
+ errors["NS_ERROR_TOR_ONION_SVC_V2_DEPRECATED"] = FAILURE(9)
# =======================================================================
# 51: NS_ERROR_MODULE_GENERAL
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] TB3: Tor Browser's official .mozconfigs.
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit e16d543089be7828f26ccaa55fa36d185cd2be21
Author: Mike Perry <mikeperry-git(a)torproject.org>
Date: Mon May 6 15:51:06 2013 -0700
TB3: Tor Browser's official .mozconfigs.
Also:
Bug #9829.1: new .mozconfig file for the new cross-compiler and ESR24
Changes needed to build Mac in 64bit
Bug 10715: Enable Webgl for mingw-w64 again.
Disable ICU when cross-compiling; clean-up.
Bug 15773: Enable ICU on OS X
Bug 15990: Don't build the sandbox with mingw-w64
Bug 12761: Switch to ESR 38 for OS X
Updating .mozconfig-asan
Bug 12516: Compile hardenend Tor Browser with -fwrapv
Bug 18331: Switch to Mozilla's toolchain for building Tor Browser for OS X
Bug 17858: Cannot create incremental MARs for hardened builds.
Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff
(which is part of mar-tools and is not distributed to end-users) with
ASan.
Bug 13419: Add back ICU for Windows
Bug 21239: Use GTK2 for ESR52 Linux builds
Bug 23025: Add hardening flags for macOS
Bug 24478: Enable debug assertions and tests in our ASan builds
--enable-proxy-bypass-protection
Bug 27597: ASan build option in tor-browser-build is broken
Bug 27623 - Export MOZILLA_OFFICIAL during desktop builds
This fixes a problem where some preferences had the wrong default value.
Also see bug 27472 where we made a similar fix for Android.
Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING
Bug 31450: Set proper BINDGEN_CFLAGS for ASan builds
Add an --enable-tor-browser-data-outside-app-dir configure option
Add --with-tor-browser-version configure option
Bug 21849: Don't allow SSL key logging.
Bug 31457: disable per-installation profiles
The dedicated profiles (per-installation) feature does not interact
well with our bundled profiles on Linux and Windows, and it also causes
multiple profiles to be created on macOS under TorBrowser-Data.
Bug 31935: Disable profile downgrade protection.
Since Tor Browser does not support more than one profile, disable
the prompt and associated code that offers to create one when a
version downgrade situation is detected.
Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT
Bug 25741 - TBA: Disable features at compile-time
MOZ_NATIVE_DEVICES for casting and the media player
MOZ_TELEMETRY_REPORTING for telemetry
MOZ_DATA_REPORTING for all data reporting preferences (crashreport, telemetry, geo)
Bug 25741 - TBA: Add default configure options in dedicated file
Define MOZ_ANDROID_NETWORK_STATE and MOZ_ANDROID_LOCATION
Bug 29859: Disable HLS support for now
Add --disable-tor-launcher build option
Add --enable-tor-browser-update build option
Bug 33734: Set MOZ_NORMANDY to False
Bug 33851: Omit Parental Controls.
Bug 40061: Omit the Windows default browser agent from the build
Bug 40107: Adapt .mozconfig-asan for ESR 78
Bug 40252: Add --enable-rust-simd to our tor-browser mozconfig files
---
.mozconfig | 39 ++++++++++++++++++++++++
.mozconfig-android | 36 ++++++++++++++++++++++
.mozconfig-asan | 45 ++++++++++++++++++++++++++++
.mozconfig-mac | 56 +++++++++++++++++++++++++++++++++++
.mozconfig-mingw | 31 +++++++++++++++++++
browser/base/moz.build | 3 ++
browser/installer/Makefile.in | 8 +++++
browser/moz.configure | 8 ++---
build/moz.configure/old.configure | 6 ++++
mobile/android/confvars.sh | 9 ++++++
mobile/android/geckoview/build.gradle | 1 +
mobile/android/moz.configure | 17 +++++++++--
mobile/android/torbrowser.configure | 30 +++++++++++++++++++
old-configure.in | 49 ++++++++++++++++++++++++++++++
security/moz.build | 2 +-
security/nss/lib/ssl/Makefile | 2 +-
toolkit/modules/AppConstants.jsm | 9 ++++++
toolkit/modules/moz.build | 3 ++
18 files changed, 346 insertions(+), 8 deletions(-)
diff --git a/.mozconfig b/.mozconfig
new file mode 100755
index 000000000000..18cd1f9b6487
--- /dev/null
+++ b/.mozconfig
@@ -0,0 +1,39 @@
+. $topsrcdir/browser/config/mozconfig
+
+# This mozconfig file is not used in official Tor Browser builds.
+# It is only intended to be used when doing incremental Linux builds
+# during development. The platform-specific mozconfig configuration
+# files used in official Tor Browser releases can be found in the
+# tor-browser-build repo:
+# https://gitweb.torproject.org/builders/tor-browser-build.git/
+# under:
+# tor-browser-build/projects/firefox/mozconfig-$OS-$ARCH
+
+mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@
+mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
+export MOZILLA_OFFICIAL=1
+
+ac_add_options --enable-optimize
+ac_add_options --enable-rust-simd
+ac_add_options --enable-official-branding
+
+# Let's support GTK3 for ESR60
+ac_add_options --enable-default-toolkit=cairo-gtk3
+
+ac_add_options --disable-strip
+ac_add_options --disable-install-strip
+ac_add_options --disable-tests
+ac_add_options --disable-debug
+ac_add_options --disable-crashreporter
+ac_add_options --disable-webrtc
+ac_add_options --disable-parental-controls
+# Let's make sure no preference is enabling either Adobe's or Google's CDM.
+ac_add_options --disable-eme
+ac_add_options --enable-proxy-bypass-protection
+
+# Disable telemetry
+ac_add_options MOZ_TELEMETRY_REPORTING=
+
+ac_add_options --disable-tor-launcher
+ac_add_options --with-tor-browser-version=dev-build
+ac_add_options --disable-tor-browser-update
diff --git a/.mozconfig-android b/.mozconfig-android
new file mode 100755
index 000000000000..50015ec615ef
--- /dev/null
+++ b/.mozconfig-android
@@ -0,0 +1,36 @@
+mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-arm-linux-androideabi
+mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
+export MOZILLA_OFFICIAL=1
+
+ac_add_options --enable-optimize
+ac_add_options --enable-rust-simd
+ac_add_options --enable-official-branding
+
+# Android
+ac_add_options --enable-application=mobile/android
+ac_add_options --target=arm-linux-androideabi
+ac_add_options --with-android-ndk="$NDK_BASE" #Enter the android ndk location(ndk r17b)
+ac_add_options --with-android-sdk="$SDK_BASE" #Enter the android sdk location
+ac_add_options --with-branding=mobile/android/branding/alpha
+
+# Use Mozilla's Clang blobs
+CC="$HOME/.mozbuild/clang/bin/clang"
+CXX="$HOME/.mozbuild/clang/bin/clang++"
+
+#enable ccache to set amount of cache assigned for build.
+ac_add_options --with-ccache
+
+ac_add_options --enable-strip
+ac_add_options --disable-tests
+ac_add_options --disable-debug
+ac_add_options --disable-rust-debug
+
+ac_add_options --disable-updater
+ac_add_options --disable-crashreporter
+ac_add_options --disable-webrtc
+ac_add_options --disable-parental-controls
+
+ac_add_options --enable-proxy-bypass-protection
+
+# Disable telemetry
+ac_add_options MOZ_TELEMETRY_REPORTING=
diff --git a/.mozconfig-asan b/.mozconfig-asan
new file mode 100644
index 000000000000..98ea6ac6f3fe
--- /dev/null
+++ b/.mozconfig-asan
@@ -0,0 +1,45 @@
+. $topsrcdir/browser/config/mozconfig
+
+export CFLAGS="-fsanitize=address -Dxmalloc=myxmalloc"
+export CXXFLAGS="-fsanitize=address -Dxmalloc=myxmalloc"
+# We need to add -ldl explicitely due to bug 1213698
+export LDFLAGS="-fsanitize=address -ldl"
+
+# Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff
+# (which is part of mar-tools and is not distributed to end-users) with
+# ASan. See bug 17858.
+export HOST_CFLAGS=""
+export HOST_CXXFLAGS=""
+export HOST_LDFLAGS="-ldl"
+
+mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@
+mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
+export MOZILLA_OFFICIAL=1
+export BINDGEN_CFLAGS='--gcc-toolchain=/var/tmp/dist/gcc'
+
+ac_add_options --enable-address-sanitizer
+ac_add_options --disable-jemalloc
+ac_add_options --disable-elf-hack
+ac_add_options --with-clang-path=/var/tmp/dist/clang/bin/clang
+
+ac_add_options --enable-optimize
+ac_add_options --enable-rust-simd
+ac_add_options --enable-official-branding
+
+# Let's support GTK3 for ESR60
+ac_add_options --enable-default-toolkit=cairo-gtk3
+
+ac_add_options --enable-tor-browser-update
+
+ac_add_options --disable-strip
+ac_add_options --disable-install-strip
+ac_add_options --disable-tests
+ac_add_options --disable-debug
+ac_add_options --disable-crashreporter
+ac_add_options --disable-webrtc
+ac_add_options --disable-parental-controls
+ac_add_options --disable-eme
+ac_add_options --enable-proxy-bypass-protection
+
+# Disable telemetry
+ac_add_options MOZ_TELEMETRY_REPORTING=
diff --git a/.mozconfig-mac b/.mozconfig-mac
new file mode 100644
index 000000000000..26e2b6b92fdb
--- /dev/null
+++ b/.mozconfig-mac
@@ -0,0 +1,56 @@
+# ld needs libLTO.so from llvm
+mk_add_options "export LD_LIBRARY_PATH=$topsrcdir/clang/lib"
+
+CROSS_CCTOOLS_PATH=$topsrcdir/cctools
+CROSS_SYSROOT=$topsrcdir/MacOSX10.7.sdk
+CROSS_PRIVATE_FRAMEWORKS=$CROSS_SYSROOT/System/Library/PrivateFrameworks
+HARDENING_FLAGS="-Werror=format -Werror=format-security -fstack-protector-strong -D_FORTIFY_SOURCE=2"
+FLAGS="-target x86_64-apple-darwin10 -mlinker-version=136 -B $CROSS_CCTOOLS_PATH/bin -isysroot $CROSS_SYSROOT $HARDENING_FLAGS"
+
+export CC="$topsrcdir/clang/bin/clang $FLAGS"
+export CXX="$topsrcdir/clang/bin/clang++ $FLAGS"
+export CPP="$topsrcdir/clang/bin/clang $FLAGS -E"
+export LLVMCONFIG=$topsrcdir/clang/bin/llvm-config
+export LDFLAGS="-Wl,-syslibroot,$CROSS_SYSROOT -Wl,-dead_strip -Wl,-pie"
+export TOOLCHAIN_PREFIX=$CROSS_CCTOOLS_PATH/bin/x86_64-apple-darwin10-
+#TODO: bug 1184202 - would be nice if these could be detected with TOOLCHAIN_PREFIX automatically
+export AR=${TOOLCHAIN_PREFIX}ar
+export RANLIB=${TOOLCHAIN_PREFIX}ranlib
+export STRIP=${TOOLCHAIN_PREFIX}strip
+export OTOOL=${TOOLCHAIN_PREFIX}otool
+export DSYMUTIL=$topsrcdir/clang/bin/llvm-dsymutil
+
+export HOST_CC="$topsrcdir/clang/bin/clang"
+export HOST_CXX="$topsrcdir/clang/bin/clang++"
+export HOST_CPP="$topsrcdir/clang/bin/clang -E"
+export HOST_CFLAGS="-g"
+export HOST_CXXFLAGS="-g"
+export HOST_LDFLAGS="-g"
+
+ac_add_options --target=x86_64-apple-darwin
+ac_add_options --with-macos-private-frameworks=$CROSS_PRIVATE_FRAMEWORKS
+
+mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-macos
+mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
+export MOZILLA_OFFICIAL=1
+
+ac_add_options --enable-application=browser
+ac_add_options --enable-strip
+ac_add_options --enable-official-branding
+ac_add_options --enable-optimize
+ac_add_options --enable-rust-simd
+ac_add_options --disable-debug
+
+ac_add_options --enable-tor-browser-data-outside-app-dir
+ac_add_options --enable-tor-browser-update
+
+ac_add_options --disable-crashreporter
+ac_add_options --disable-webrtc
+ac_add_options --disable-parental-controls
+ac_add_options --disable-tests
+# Let's make sure no preference is enabling either Adobe's or Google's CDM.
+ac_add_options --disable-eme
+ac_add_options --enable-proxy-bypass-protection
+
+# Disable telemetry
+ac_add_options MOZ_TELEMETRY_REPORTING=
diff --git a/.mozconfig-mingw b/.mozconfig-mingw
new file mode 100644
index 000000000000..3ec6ff18a3e9
--- /dev/null
+++ b/.mozconfig-mingw
@@ -0,0 +1,31 @@
+CROSS_COMPILE=1
+
+ac_add_options --enable-application=browser
+ac_add_options --target=i686-w64-mingw32
+ac_add_options --with-toolchain-prefix=i686-w64-mingw32-
+ac_add_options --enable-default-toolkit=cairo-windows
+mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-mingw
+mk_add_options MOZ_APP_DISPLAYNAME="Tor Browser"
+export MOZILLA_OFFICIAL=1
+
+ac_add_options --disable-debug
+ac_add_options --enable-optimize
+ac_add_options --enable-rust-simd
+ac_add_options --enable-strip
+ac_add_options --enable-official-branding
+
+ac_add_options --enable-tor-browser-update
+ac_add_options --disable-bits-download
+
+# Let's make sure no preference is enabling either Adobe's or Google's CDM.
+ac_add_options --disable-eme
+ac_add_options --disable-crashreporter
+ac_add_options --disable-maintenance-service
+ac_add_options --disable-webrtc
+ac_add_options --disable-parental-controls
+ac_add_options --disable-tests
+ac_add_options --enable-proxy-bypass-protection
+
+# Disable telemetry
+ac_add_options MOZ_TELEMETRY_REPORTING=
+ac_add_options --disable-default-browser-agent
diff --git a/browser/base/moz.build b/browser/base/moz.build
index e136e0986a3c..ebb4cbf79fd0 100644
--- a/browser/base/moz.build
+++ b/browser/base/moz.build
@@ -71,4 +71,7 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('windows', 'gtk', 'cocoa'):
if CONFIG['MOZ_WIDGET_TOOLKIT'] in ('windows', 'gtk'):
DEFINES['MENUBAR_CAN_AUTOHIDE'] = 1
+if CONFIG['TOR_BROWSER_UPDATE']:
+ DEFINES['TOR_BROWSER_UPDATE'] = 1
+
JAR_MANIFESTS += ['jar.mn']
diff --git a/browser/installer/Makefile.in b/browser/installer/Makefile.in
index b861ad214a64..0325f0ffab9a 100644
--- a/browser/installer/Makefile.in
+++ b/browser/installer/Makefile.in
@@ -82,6 +82,14 @@ endif
endif
endif
+ifdef TOR_BROWSER_DISABLE_TOR_LAUNCHER
+DEFINES += -DTOR_BROWSER_DISABLE_TOR_LAUNCHER
+endif
+
+ifdef TOR_BROWSER_UPDATE
+DEFINES += -DTOR_BROWSER_UPDATE
+endif
+
ifneq (,$(filter WINNT Darwin Android,$(OS_TARGET)))
DEFINES += -DMOZ_SHARED_MOZGLUE=1
endif
diff --git a/browser/moz.configure b/browser/moz.configure
index a251050feb9b..3b6b377235ca 100644
--- a/browser/moz.configure
+++ b/browser/moz.configure
@@ -5,11 +5,11 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
imply_option('MOZ_PLACES', True)
-imply_option('MOZ_SERVICES_HEALTHREPORT', True)
+imply_option('MOZ_SERVICES_HEALTHREPORT', False)
imply_option('MOZ_SERVICES_SYNC', True)
-imply_option('MOZ_DEDICATED_PROFILES', True)
-imply_option('MOZ_BLOCK_PROFILE_DOWNGRADE', True)
-imply_option('MOZ_NORMANDY', True)
+imply_option('MOZ_DEDICATED_PROFILES', False)
+imply_option('MOZ_BLOCK_PROFILE_DOWNGRADE', False)
+imply_option('MOZ_NORMANDY', False)
with only_when(target_is_linux & compile_environment):
option(env='MOZ_NO_PIE_COMPAT',
diff --git a/build/moz.configure/old.configure b/build/moz.configure/old.configure
index 136abbcafa69..9b663a1bf4f1 100644
--- a/build/moz.configure/old.configure
+++ b/build/moz.configure/old.configure
@@ -248,6 +248,12 @@ def old_configure_options(*options):
'--with-user-appdir',
'--x-includes',
'--x-libraries',
+
+ # Tor additions.
+ '--with-tor-browser-version',
+ '--enable-tor-browser-update',
+ '--enable-tor-browser-data-outside-app-dir',
+ '--enable-tor-launcher',
)
def prepare_configure_options(host, target, all_options, *options):
# old-configure only supports the options listed in @old_configure_options
diff --git a/mobile/android/confvars.sh b/mobile/android/confvars.sh
index 77191834d240..47a6a8dbae1d 100644
--- a/mobile/android/confvars.sh
+++ b/mobile/android/confvars.sh
@@ -30,9 +30,18 @@ MOZ_ANDROID_BROWSER_INTENT_CLASS=org.mozilla.gecko.BrowserApp
MOZ_NO_SMART_CARDS=1
+# Adds MIME-type support for raw video
MOZ_RAW=1
# use custom widget for html:select
MOZ_USE_NATIVE_POPUP_WINDOWS=1
MOZ_APP_ID={aa3c5121-dab2-40e2-81ca-7ea25febc110}
+
+### Tor Browser for Android ###
+
+# Disable telemetry at compile-time
+unset MOZ_TELEMETRY_REPORTING
+
+# Disable data reporting at compile-time
+unset MOZ_DATA_REPORTING
diff --git a/mobile/android/geckoview/build.gradle b/mobile/android/geckoview/build.gradle
index 82d36c179c92..c1b51537031d 100644
--- a/mobile/android/geckoview/build.gradle
+++ b/mobile/android/geckoview/build.gradle
@@ -92,6 +92,7 @@ android {
buildConfigField 'String', "MOZ_APP_DISPLAYNAME", "\"${mozconfig.substs.MOZ_APP_DISPLAYNAME}\"";
buildConfigField 'String', "MOZ_APP_UA_NAME", "\"${mozconfig.substs.MOZ_APP_UA_NAME}\"";
buildConfigField 'String', "MOZ_UPDATE_CHANNEL", "\"${mozconfig.substs.MOZ_UPDATE_CHANNEL}\"";
+ buildConfigField 'String', "TOR_BROWSER_VERSION", "\"${mozconfig.substs.TOR_BROWSER_VERSION}\"";
// MOZILLA_VERSION is oddly quoted from autoconf, but we don't have to handle it specially in Gradle.
buildConfigField 'String', "MOZILLA_VERSION", "\"${mozconfig.substs.MOZILLA_VERSION}\"";
diff --git a/mobile/android/moz.configure b/mobile/android/moz.configure
index fa510f0a57d3..f7b4df4ac24a 100644
--- a/mobile/android/moz.configure
+++ b/mobile/android/moz.configure
@@ -10,7 +10,7 @@ project_flag('MOZ_ANDROID_EXCLUDE_FONTS',
project_flag('MOZ_ANDROID_HLS_SUPPORT',
help='Enable HLS (HTTP Live Streaming) support (currently using the ExoPlayer library)',
- default=True)
+ default=False)
option(env='FENNEC_NIGHTLY',
help='Enable experimental code for Fennec Nightly users. NOTE: This is *not* equivalent '
@@ -26,9 +26,12 @@ def fennec_nightly(nightly):
return bool(nightly)
imply_option('MOZ_NORMANDY', False)
-imply_option('MOZ_SERVICES_HEALTHREPORT', True)
imply_option('MOZ_ANDROID_HISTORY', True)
imply_option('--enable-small-chunk-size', True)
+# Comment this so we can imply |False| in torbrowser.configure
+# The Build system doesn't allow multiple imply_option()
+# calls with the same key.
+#imply_option('MOZ_SERVICES_HEALTHREPORT', True)
@depends(target)
def check_target(target):
@@ -39,6 +42,8 @@ def check_target(target):
'Build_Instructions/Simple_Firefox_for_Android_build '
'for more information about the necessary options.')
+include('torbrowser.configure')
+
include('../../toolkit/moz.configure')
include('../../build/moz.configure/android-sdk.configure')
include('../../build/moz.configure/java.configure')
@@ -50,3 +55,11 @@ option(env='MOZ_ANDROID_FAT_AAR_ARCHITECTURES',
help='Comma-separated list of Android CPU architectures like "armeabi-v7a,arm64-v8a,x86,x86_64"')
set_config('MOZ_ANDROID_FAT_AAR_ARCHITECTURES', depends('MOZ_ANDROID_FAT_AAR_ARCHITECTURES')(lambda x: x))
+
+project_flag('MOZ_ANDROID_NETWORK_STATE',
+ help='Include permission for accessing WiFi/network state on Android',
+ default=False)
+
+project_flag('MOZ_ANDROID_LOCATION',
+ help='Include permission for accessing fine and course-grain Location on Android',
+ default=False)
diff --git a/mobile/android/torbrowser.configure b/mobile/android/torbrowser.configure
new file mode 100644
index 000000000000..2ff6215eedc9
--- /dev/null
+++ b/mobile/android/torbrowser.configure
@@ -0,0 +1,30 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Set Tor Browser default config
+
+imply_option('MOZ_ANDROID_EXCLUDE_FONTS', False)
+
+# Disable uploading crash reports and dump files to an external server
+# This is still configured in old-configure. Uncomment when this moves
+# to the python config
+#imply_option('MOZ_CRASHREPORTER', False)
+
+# Disable uploading information about the browser configuration and
+# performance to an external server
+imply_option('MOZ_SERVICES_HEALTHREPORT', False)
+
+# Disable creating telemetry and data reports that are uploaded to an
+# external server
+# These aren't actually configure options. These are disabled in
+# confvars.sh, but they look like configure options so we'll document
+# them here, as well.
+#XXX: no confvars.sh here
+#imply_option('MOZ_TELEMETRY_REPORTING', False)
+#imply_option('MOZ_DATA_REPORTING', False)
+
+imply_option('MOZ_ANDROID_NETWORK_STATE', False);
+imply_option('MOZ_ANDROID_LOCATION', False);
diff --git a/old-configure.in b/old-configure.in
index dfb072b19cfb..2c3308a27657 100644
--- a/old-configure.in
+++ b/old-configure.in
@@ -1966,6 +1966,55 @@ if test -n "$MOZ_UPDATER"; then
AC_DEFINE(MOZ_UPDATER)
fi
+dnl ========================================================
+dnl Tor additions
+dnl ========================================================
+MOZ_ARG_WITH_STRING(tor-browser-version,
+[ --with-tor-browser-version=VERSION
+ Set Tor Browser version, e.g., 7.0a1],
+ TOR_BROWSER_VERSION="$withval")
+
+if test -z "$TOR_BROWSER_VERSION"; then
+ AC_MSG_ERROR([--with-tor-browser-version is required for Tor Browser.])
+fi
+
+MOZ_ARG_ENABLE_BOOL(tor-browser-update,
+[ --enable-tor-browser-update
+ Enable Tor Browser update],
+ TOR_BROWSER_UPDATE=1,
+ TOR_BROWSER_UPDATE= )
+
+if test -n "$TOR_BROWSER_UPDATE"; then
+ AC_DEFINE(TOR_BROWSER_UPDATE)
+fi
+
+MOZ_ARG_ENABLE_BOOL(tor-browser-data-outside-app-dir,
+[ --enable-tor-browser-data-outside-app-dir
+ Enable Tor Browser data outside of app directory],
+ TOR_BROWSER_DATA_OUTSIDE_APP_DIR=1,
+ TOR_BROWSER_DATA_OUTSIDE_APP_DIR= )
+
+if test -n "$TOR_BROWSER_DATA_OUTSIDE_APP_DIR"; then
+ AC_DEFINE(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
+fi
+
+AC_DEFINE_UNQUOTED(TOR_BROWSER_VERSION,$TOR_BROWSER_VERSION)
+AC_DEFINE_UNQUOTED(TOR_BROWSER_VERSION_QUOTED,"$TOR_BROWSER_VERSION")
+AC_SUBST(TOR_BROWSER_UPDATE)
+AC_SUBST(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
+
+MOZ_ARG_DISABLE_BOOL(tor-launcher,
+[ --disable-tor-launcher
+ Do not include Tor Launcher],
+ TOR_BROWSER_DISABLE_TOR_LAUNCHER=1,
+ TOR_BROWSER_DISABLE_TOR_LAUNCHER=)
+
+if test -n "$TOR_BROWSER_DISABLE_TOR_LAUNCHER"; then
+ AC_DEFINE(TOR_BROWSER_DISABLE_TOR_LAUNCHER)
+fi
+
+AC_SUBST(TOR_BROWSER_DISABLE_TOR_LAUNCHER)
+
dnl ========================================================
dnl parental controls (for Windows Vista)
dnl ========================================================
diff --git a/security/moz.build b/security/moz.build
index dec6f3ef7e21..f00f9fe5d7a7 100644
--- a/security/moz.build
+++ b/security/moz.build
@@ -85,7 +85,7 @@ gyp_vars['nss_dist_obj_dir'] = '$PRODUCT_DIR/dist/bin'
gyp_vars['disable_tests'] = 1
gyp_vars['disable_dbm'] = 1
gyp_vars['disable_libpkix'] = 1
-gyp_vars['enable_sslkeylogfile'] = 1
+gyp_vars['enable_sslkeylogfile'] = 0
# pkg-config won't reliably find zlib on our builders, so just force it.
# System zlib is only used for modutil and signtool unless
# SSL zlib is enabled, which we are disabling immediately below this.
diff --git a/security/nss/lib/ssl/Makefile b/security/nss/lib/ssl/Makefile
index 8a8b06f4b508..90571bb3e256 100644
--- a/security/nss/lib/ssl/Makefile
+++ b/security/nss/lib/ssl/Makefile
@@ -41,7 +41,7 @@ endif
# Enable key logging by default in debug builds, but not opt builds.
# Logging still needs to be enabled at runtime through env vars.
-NSS_ALLOW_SSLKEYLOGFILE ?= $(if $(BUILD_OPT),0,1)
+NSS_ALLOW_SSLKEYLOGFILE ?= 0
ifeq (1,$(NSS_ALLOW_SSLKEYLOGFILE))
DEFINES += -DNSS_ALLOW_SSLKEYLOGFILE=1
endif
diff --git a/toolkit/modules/AppConstants.jsm b/toolkit/modules/AppConstants.jsm
index 9b035435aed6..cd8ca2659626 100644
--- a/toolkit/modules/AppConstants.jsm
+++ b/toolkit/modules/AppConstants.jsm
@@ -341,6 +341,8 @@ this.AppConstants = Object.freeze({
MOZ_WIDGET_TOOLKIT: "@MOZ_WIDGET_TOOLKIT@",
ANDROID_PACKAGE_NAME: "@ANDROID_PACKAGE_NAME@",
+ TOR_BROWSER_VERSION: "@TOR_BROWSER_VERSION@",
+
DEBUG_JS_MODULES: "@DEBUG_JS_MODULES@",
MOZ_BING_API_CLIENTID: "@MOZ_BING_API_CLIENTID@",
@@ -418,4 +420,11 @@ this.AppConstants = Object.freeze({
#else
false,
#endif
+
+ TOR_BROWSER_UPDATE:
+#ifdef TOR_BROWSER_UPDATE
+ true,
+#else
+ false,
+#endif
});
diff --git a/toolkit/modules/moz.build b/toolkit/modules/moz.build
index e5858122fa1c..f000f35c126f 100644
--- a/toolkit/modules/moz.build
+++ b/toolkit/modules/moz.build
@@ -296,6 +296,9 @@ for var in ('MOZ_ALLOW_ADDON_SIDELOAD',
if CONFIG[var]:
DEFINES[var] = True
+if CONFIG['TOR_BROWSER_UPDATE']:
+ DEFINES['TOR_BROWSER_UPDATE'] = 1
+
JAR_MANIFESTS += ['jar.mn']
DEFINES['TOPOBJDIR'] = TOPOBJDIR
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 1642404 - add an option to show that an update is being downloaded r=bytesized, fluent-reviewers, flod
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit 5d5ea1ea2418372b58e8a8b40814fb4cc82375e5
Author: Mark Smith <mcs(a)pearlcrescent.com>
Date: Mon Jun 22 20:24:46 2020 +0000
Bug 1642404 - add an option to show that an update is being downloaded r=bytesized,fluent-reviewers,flod
Add support for a hidden preference named app.update.notifyDuringDownload
that, when set to true, causes a "Downloading update" message to appear
in the app menu during a MAR download. Clicking the message opens the
about box so the user can see detailed progress information.
Differential Revision: https://phabricator.services.mozilla.com/D77688
---
browser/app/profile/firefox.js | 4 ++
browser/components/BrowserGlue.jsm | 1 +
.../customizableui/content/panelUI.inc.xhtml | 2 +
.../components/customizableui/content/panelUI.js | 5 ++
.../test/browser_panelUINotifications.js | 62 ++++++++++++++++++++++
browser/locales/en-US/browser/appmenu.ftl | 2 +
.../themes/shared/customizableui/panelUI.inc.css | 3 ++
browser/themes/shared/notification-icons.inc.css | 1 +
browser/themes/shared/toolbarbutton-icons.inc.css | 1 +
toolkit/mozapps/update/UpdateListener.jsm | 50 +++++++++++------
toolkit/mozapps/update/UpdateService.jsm | 27 ++++++++++
.../mozapps/update/tests/browser/browser.bits.ini | 1 +
toolkit/mozapps/update/tests/browser/browser.ini | 1 +
.../update/tests/browser/browser.legacy.bits.ini | 1 +
.../update/tests/browser/browser.legacy.ini | 1 +
.../browser/browser_aboutDialog_bc_downloading.js | 17 ++++++
.../browser_aboutDialog_bc_downloading_notify.js | 58 ++++++++++++++++++++
toolkit/mozapps/update/tests/data/shared.js | 1 +
18 files changed, 222 insertions(+), 16 deletions(-)
diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index a7e0bd808254..479c68efdd8c 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -131,6 +131,10 @@ pref("app.update.download.promptMaxAttempts", 2);
// download a fresh installer.
pref("app.update.elevation.promptMaxAttempts", 2);
+// If set to true, a message will be displayed in the hamburger menu while
+// an update is being downloaded.
+pref("app.update.notifyDuringDownload", false);
+
// If set to true, the Update Service will automatically download updates if the
// user can apply updates. This pref is no longer used on Windows, except as the
// default value to migrate to the new location that this data is now stored
diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm
index 70f5ad8b85e4..0a3555f26432 100644
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@@ -769,6 +769,7 @@ const global = this;
const listeners = {
observers: {
+ "update-downloading": ["UpdateListener"],
"update-staged": ["UpdateListener"],
"update-downloaded": ["UpdateListener"],
"update-available": ["UpdateListener"],
diff --git a/browser/components/customizableui/content/panelUI.inc.xhtml b/browser/components/customizableui/content/panelUI.inc.xhtml
index e5c9c00c35e4..3a8b74b0a9f3 100644
--- a/browser/components/customizableui/content/panelUI.inc.xhtml
+++ b/browser/components/customizableui/content/panelUI.inc.xhtml
@@ -223,6 +223,8 @@
<vbox class="panel-subview-body">
<vbox id="appMenu-addon-banners"/>
<toolbarbutton id="appMenu-update-banner" class="panel-banner-item"
+ data-l10n-id="appmenuitem-update-banner"
+ data-l10n-attrs="label-update-downloading"
label-update-available="&updateAvailable.panelUI.label;"
label-update-manual="&updateManual.panelUI.label;"
label-update-unsupported="&updateUnsupported.panelUI.label;"
diff --git a/browser/components/customizableui/content/panelUI.js b/browser/components/customizableui/content/panelUI.js
index 1f6ed5caf839..a81be30f3ec7 100644
--- a/browser/components/customizableui/content/panelUI.js
+++ b/browser/components/customizableui/content/panelUI.js
@@ -65,6 +65,7 @@ const PanelUI = {
Services.obs.addObserver(this, "fullscreen-nav-toolbox");
Services.obs.addObserver(this, "appMenu-notifications");
+ Services.obs.addObserver(this, "show-update-progress");
XPCOMUtils.defineLazyPreferenceGetter(
this,
@@ -182,6 +183,7 @@ const PanelUI = {
Services.obs.removeObserver(this, "fullscreen-nav-toolbox");
Services.obs.removeObserver(this, "appMenu-notifications");
+ Services.obs.removeObserver(this, "show-update-progress");
window.removeEventListener("MozDOMFullscreen:Entered", this);
window.removeEventListener("MozDOMFullscreen:Exited", this);
@@ -271,6 +273,9 @@ const PanelUI = {
this._notifications = AppMenuNotifications.notifications;
this._updateNotifications(true);
break;
+ case "show-update-progress":
+ openAboutDialog();
+ break;
}
},
diff --git a/browser/components/customizableui/test/browser_panelUINotifications.js b/browser/components/customizableui/test/browser_panelUINotifications.js
index 39ae5435c453..cab471bc946f 100644
--- a/browser/components/customizableui/test/browser_panelUINotifications.js
+++ b/browser/components/customizableui/test/browser_panelUINotifications.js
@@ -156,6 +156,68 @@ add_task(async function testSecondaryActionWorkflow() {
});
});
+/**
+ * This tests that the PanelUI update downloading badge and banner
+ * notification are correctly displayed and that clicking the banner
+ * item calls the main action.
+ */
+add_task(async function testDownloadingBadge() {
+ let options = {
+ gBrowser: window.gBrowser,
+ url: "about:blank",
+ };
+
+ await BrowserTestUtils.withNewTab(options, async function(browser) {
+ let mainActionCalled = false;
+ let mainAction = {
+ callback: () => {
+ mainActionCalled = true;
+ },
+ };
+ // The downloading notification is always displayed in a dismissed state.
+ AppMenuNotifications.showNotification(
+ "update-downloading",
+ mainAction,
+ undefined,
+ { dismissed: true }
+ );
+ is(PanelUI.notificationPanel.state, "closed", "doorhanger is closed.");
+
+ is(
+ PanelUI.menuButton.getAttribute("badge-status"),
+ "update-downloading",
+ "Downloading badge is displaying on PanelUI button."
+ );
+
+ await gCUITestUtils.openMainMenu();
+ isnot(
+ PanelUI.menuButton.getAttribute("badge-status"),
+ "update-downloading",
+ "Downloading badge is hidden on PanelUI button."
+ );
+ let menuItem = PanelUI.mainView.querySelector(".panel-banner-item");
+ is(
+ menuItem.label,
+ menuItem.getAttribute("label-update-downloading"),
+ "Showing correct label (downloading)"
+ );
+ is(menuItem.hidden, false, "update-downloading menu item is showing.");
+
+ await gCUITestUtils.hideMainMenu();
+ is(
+ PanelUI.menuButton.getAttribute("badge-status"),
+ "update-downloading",
+ "Downloading badge is shown on PanelUI button."
+ );
+
+ await gCUITestUtils.openMainMenu();
+ menuItem.click();
+ ok(mainActionCalled, "Main action callback was called");
+
+ AppMenuNotifications.removeNotification(/.*/);
+ });
+});
+
/**
* We want to ensure a few things with this:
* - Adding a doorhanger will make a badge disappear
diff --git a/browser/locales/en-US/browser/appmenu.ftl b/browser/locales/en-US/browser/appmenu.ftl
index 12fd2bec3e6a..3026b2597287 100644
--- a/browser/locales/en-US/browser/appmenu.ftl
+++ b/browser/locales/en-US/browser/appmenu.ftl
@@ -4,6 +4,8 @@
## App Menu
+appmenuitem-update-banner =
+ .label-update-downloading = Downloading { -brand-shorter-name } update
appmenuitem-protection-dashboard-title = Protections Dashboard
appmenuitem-customize-mode =
.label = Customize…
diff --git a/browser/themes/shared/customizableui/panelUI.inc.css b/browser/themes/shared/customizableui/panelUI.inc.css
index 8a24f03c0ad6..c991daee0759 100644
--- a/browser/themes/shared/customizableui/panelUI.inc.css
+++ b/browser/themes/shared/customizableui/panelUI.inc.css
@@ -67,6 +67,7 @@
}
#PanelUI-menu-button[badge-status="update-available"] > .toolbarbutton-badge-stack > .toolbarbutton-badge,
+#PanelUI-menu-button[badge-status="update-downloading"] > .toolbarbutton-badge-stack > .toolbarbutton-badge,
#PanelUI-menu-button[badge-status="update-manual"] > .toolbarbutton-badge-stack > .toolbarbutton-badge,
#PanelUI-menu-button[badge-status="update-restart"] > .toolbarbutton-badge-stack > .toolbarbutton-badge,
#PanelUI-menu-button[badge-status="update-unsupported"] > .toolbarbutton-badge-stack > .toolbarbutton-badge {
@@ -80,6 +81,7 @@
}
#PanelUI-menu-button[badge-status="update-available"] > .toolbarbutton-badge-stack > .toolbarbutton-badge,
+#PanelUI-menu-button[badge-status="update-downloading"] > .toolbarbutton-badge-stack > .toolbarbutton-badge,
#PanelUI-menu-button[badge-status="update-manual"] > .toolbarbutton-badge-stack > .toolbarbutton-badge,
#PanelUI-menu-button[badge-status="update-restart"] > .toolbarbutton-badge-stack > .toolbarbutton-badge {
background: #74BF43 url(chrome://browser/skin/update-badge.svg) no-repeat center;
@@ -90,6 +92,7 @@
}
.panel-banner-item[notificationid="update-available"]::after,
+.panel-banner-item[notificationid="update-downloading"]::after,
.panel-banner-item[notificationid="update-manual"]::after,
.panel-banner-item[notificationid="update-restart"]::after {
background: #74BF43 url(chrome://browser/skin/update-badge.svg) no-repeat center;
diff --git a/browser/themes/shared/notification-icons.inc.css b/browser/themes/shared/notification-icons.inc.css
index 74d861200f45..f17ddae9dc79 100644
--- a/browser/themes/shared/notification-icons.inc.css
+++ b/browser/themes/shared/notification-icons.inc.css
@@ -401,6 +401,7 @@ html|*#webRTC-previewVideo {
/* UPDATE */
.popup-notification-icon[popupid="update-available"],
+.popup-notification-icon[popupid="update-downloading"],
.popup-notification-icon[popupid="update-manual"],
.popup-notification-icon[popupid="update-restart"] {
background: #74BF43 url(chrome://browser/skin/notification-icons/update.svg) no-repeat center;
diff --git a/browser/themes/shared/toolbarbutton-icons.inc.css b/browser/themes/shared/toolbarbutton-icons.inc.css
index 998537e1f57d..9514eb1d5338 100644
--- a/browser/themes/shared/toolbarbutton-icons.inc.css
+++ b/browser/themes/shared/toolbarbutton-icons.inc.css
@@ -290,6 +290,7 @@ toolbar[brighttext] {
}
#PanelUI-menu-button[badge-status="update-available"],
+#PanelUI-menu-button[badge-status="update-downloading"],
#PanelUI-menu-button[badge-status="update-manual"],
#PanelUI-menu-button[badge-status="update-restart"] {
list-style-image: url("chrome://browser/skin/menu-badged.svg");
diff --git a/toolkit/mozapps/update/UpdateListener.jsm b/toolkit/mozapps/update/UpdateListener.jsm
index 17919e914b11..110640628771 100644
--- a/toolkit/mozapps/update/UpdateListener.jsm
+++ b/toolkit/mozapps/update/UpdateListener.jsm
@@ -113,16 +113,18 @@ var UpdateListener = {
mainAction,
beforeShowDoorhanger
) {
+ const addTelemetry = id => {
+ // No telemetry for the "downloading" state.
+ if (type !== "downloading") {
+ Services.telemetry.getHistogramById(id).add(type);
+ }
+ };
let action = {
callback(win, fromDoorhanger) {
if (fromDoorhanger) {
- Services.telemetry
- .getHistogramById("UPDATE_NOTIFICATION_MAIN_ACTION_DOORHANGER")
- .add(type);
+ addTelemetry("UPDATE_NOTIFICATION_MAIN_ACTION_DOORHANGER");
} else {
- Services.telemetry
- .getHistogramById("UPDATE_NOTIFICATION_MAIN_ACTION_MENU")
- .add(type);
+ addTelemetry("UPDATE_NOTIFICATION_MAIN_ACTION_MENU");
}
mainAction(win);
},
@@ -131,13 +133,10 @@ var UpdateListener = {
let secondaryAction = {
callback() {
- Services.telemetry
- .getHistogramById("UPDATE_NOTIFICATION_DISMISSED")
- .add(type);
+ addTelemetry("UPDATE_NOTIFICATION_DISMISSED");
},
dismiss: true,
};
-
AppMenuNotifications.showNotification(
"update-" + type,
action,
@@ -145,13 +144,9 @@ var UpdateListener = {
{ dismissed, beforeShowDoorhanger }
);
if (dismissed) {
- Services.telemetry
- .getHistogramById("UPDATE_NOTIFICATION_BADGE_SHOWN")
- .add(type);
+ addTelemetry("UPDATE_NOTIFICATION_BADGE_SHOWN");
} else {
- Services.telemetry
- .getHistogramById("UPDATE_NOTIFICATION_SHOWN")
- .add(type);
+ addTelemetry("UPDATE_NOTIFICATION_SHOWN");
}
},
@@ -205,6 +200,15 @@ var UpdateListener = {
}
},
+ showUpdateDownloadingNotification() {
+ this.showUpdateNotification("downloading", true, true, () => {
+ // The user clicked on the "Downloading update" app menu item.
+ // Code in browser/components/customizableui/content/panelUI.js
+ // receives the following notification and opens the about dialog.
+ Services.obs.notifyObservers(null, "show-update-progress");
+ });
+ },
+
handleUpdateError(update, status) {
switch (status) {
case "download-attempt-failed":
@@ -287,6 +291,17 @@ var UpdateListener = {
}
},
+ handleUpdateDownloading(status) {
+ switch (status) {
+ case "downloading":
+ this.showUpdateDownloadingNotification();
+ break;
+ case "idle":
+ this.reset();
+ break;
+ }
+ },
+
observe(subject, topic, status) {
let update = subject && subject.QueryInterface(Ci.nsIUpdate);
@@ -299,6 +314,9 @@ var UpdateListener = {
}
this.handleUpdateAvailable(update, status);
break;
+ case "update-downloading":
+ this.handleUpdateDownloading(status);
+ break;
case "update-staged":
case "update-downloaded":
// An update check has found an update and downloaded / staged the
diff --git a/toolkit/mozapps/update/UpdateService.jsm b/toolkit/mozapps/update/UpdateService.jsm
index 0cc26f683078..8dd397f628f5 100644
--- a/toolkit/mozapps/update/UpdateService.jsm
+++ b/toolkit/mozapps/update/UpdateService.jsm
@@ -59,6 +59,7 @@ const PREF_APP_UPDATE_ELEVATE_ATTEMPTS = "app.update.elevate.attempts";
const PREF_APP_UPDATE_ELEVATE_MAXATTEMPTS = "app.update.elevate.maxAttempts";
const PREF_APP_UPDATE_LOG = "app.update.log";
const PREF_APP_UPDATE_LOG_FILE = "app.update.log.file";
+const PREF_APP_UPDATE_NOTIFYDURINGDOWNLOAD = "app.update.notifyDuringDownload";
const PREF_APP_UPDATE_PROMPTWAITTIME = "app.update.promptWaitTime";
const PREF_APP_UPDATE_SERVICE_ENABLED = "app.update.service.enabled";
const PREF_APP_UPDATE_SERVICE_ERRORS = "app.update.service.errors";
@@ -4446,6 +4447,24 @@ Downloader.prototype = {
return selectedPatch;
},
+ /**
+ * Whether or not the user wants to be notified that an update is being
+ * downloaded.
+ */
+ get _notifyDuringDownload() {
+ return Services.prefs.getBoolPref(
+ PREF_APP_UPDATE_NOTIFYDURINGDOWNLOAD,
+ false
+ );
+ },
+
+ _notifyDownloadStatusObservers: function Downloader_notifyDownloadStatusObservers() {
+ if (this._notifyDuringDownload) {
+ let status = this.updateService.isDownloading ? "downloading" : "idle";
+ Services.obs.notifyObservers(this._update, "update-downloading", status);
+ }
+ },
+
/**
* Whether or not we are currently downloading something.
*/
@@ -4687,6 +4706,9 @@ Downloader.prototype = {
.getService(Ci.nsIUpdateManager)
.saveUpdates();
}
+
+ this._notifyDownloadStatusObservers();
+
return STATE_DOWNLOADING;
},
@@ -5193,6 +5215,11 @@ Downloader.prototype = {
this._request = null;
+ // This notification must happen after _request is set to null so that
+ // the correct this.updateService.isDownloading value is available in
+ // _notifyDownloadStatusObservers().
+ this._notifyDownloadStatusObservers();
+
if (state == STATE_DOWNLOAD_FAILED) {
var allFailed = true;
// If we haven't already, attempt to download without BITS
diff --git a/toolkit/mozapps/update/tests/browser/browser.bits.ini b/toolkit/mozapps/update/tests/browser/browser.bits.ini
index 9355e22550f2..5a44d1e0f6bf 100644
--- a/toolkit/mozapps/update/tests/browser/browser.bits.ini
+++ b/toolkit/mozapps/update/tests/browser/browser.bits.ini
@@ -21,6 +21,7 @@ prefs =
# About Dialog Application Update Tests
[browser_aboutDialog_bc_downloading.js]
[browser_aboutDialog_bc_downloading_staging.js]
+[browser_aboutDialog_bc_downloading_notify.js]
[browser_aboutDialog_bc_downloaded.js]
[browser_aboutDialog_bc_downloaded_staging.js]
[browser_aboutDialog_bc_downloaded_staged.js]
diff --git a/toolkit/mozapps/update/tests/browser/browser.ini b/toolkit/mozapps/update/tests/browser/browser.ini
index 5ce14c9c2633..c4f3fd055bbf 100644
--- a/toolkit/mozapps/update/tests/browser/browser.ini
+++ b/toolkit/mozapps/update/tests/browser/browser.ini
@@ -15,6 +15,7 @@ prefs =
# About Dialog Application Update Tests
[browser_aboutDialog_bc_downloading.js]
[browser_aboutDialog_bc_downloading_staging.js]
+[browser_aboutDialog_bc_downloading_notify.js]
[browser_aboutDialog_bc_downloaded.js]
[browser_aboutDialog_bc_downloaded_staging.js]
[browser_aboutDialog_bc_downloaded_stagingFailure.js]
diff --git a/toolkit/mozapps/update/tests/browser/browser.legacy.bits.ini b/toolkit/mozapps/update/tests/browser/browser.legacy.bits.ini
index 7bf1f706a5b7..555eaea82cd6 100644
--- a/toolkit/mozapps/update/tests/browser/browser.legacy.bits.ini
+++ b/toolkit/mozapps/update/tests/browser/browser.legacy.bits.ini
@@ -20,6 +20,7 @@ prefs =
# About Dialog Application Update Tests
[browser_aboutDialog_bc_downloading.js]
[browser_aboutDialog_bc_downloading_staging.js]
+[browser_aboutDialog_bc_downloading_notify.js]
[browser_aboutDialog_bc_downloaded.js]
[browser_aboutDialog_bc_downloaded_staging.js]
[browser_aboutDialog_bc_downloaded_staged.js]
diff --git a/toolkit/mozapps/update/tests/browser/browser.legacy.ini b/toolkit/mozapps/update/tests/browser/browser.legacy.ini
index 0cf61d64f42e..e3f681f53236 100644
--- a/toolkit/mozapps/update/tests/browser/browser.legacy.ini
+++ b/toolkit/mozapps/update/tests/browser/browser.legacy.ini
@@ -14,6 +14,7 @@ prefs =
# About Dialog Application Update Tests
[browser_aboutDialog_bc_downloading.js]
[browser_aboutDialog_bc_downloading_staging.js]
+[browser_aboutDialog_bc_downloading_notify.js]
[browser_aboutDialog_bc_downloaded.js]
[browser_aboutDialog_bc_downloaded_staging.js]
[browser_aboutDialog_bc_downloaded_stagingFailure.js]
diff --git a/toolkit/mozapps/update/tests/browser/browser_aboutDialog_bc_downloading.js b/toolkit/mozapps/update/tests/browser/browser_aboutDialog_bc_downloading.js
index 776d637512ad..67ddd65205da 100644
--- a/toolkit/mozapps/update/tests/browser/browser_aboutDialog_bc_downloading.js
+++ b/toolkit/mozapps/update/tests/browser/browser_aboutDialog_bc_downloading.js
@@ -6,6 +6,10 @@
// Test for About Dialog background check for updates
// with the About Dialog opened during downloading.
add_task(async function aboutDialog_backgroundCheck_downloading() {
+ await SpecialPowers.pushPrefEnv({
+ set: [[PREF_APP_UPDATE_NOTIFYDURINGDOWNLOAD, false]],
+ });
+
let downloadInfo = [];
if (Services.prefs.getBoolPref(PREF_APP_UPDATE_BITS_ENABLED)) {
downloadInfo[0] = { patchType: "partial", bitsResult: "0" };
@@ -21,6 +25,17 @@ add_task(async function aboutDialog_backgroundCheck_downloading() {
waitForUpdateState: STATE_DOWNLOADING,
};
await runAboutDialogUpdateTest(params, [
+ async function aboutDialog_downloading() {
+ is(
+ PanelUI.notificationPanel.state,
+ "closed",
+ "The window's doorhanger is closed."
+ );
+ ok(
+ !PanelUI.menuButton.hasAttribute("badge-status"),
+ "The window does not have a badge."
+ );
+ },
{
panelId: "downloading",
checkActiveUpdate: { state: STATE_DOWNLOADING },
@@ -33,4 +48,6 @@ add_task(async function aboutDialog_backgroundCheck_downloading() {
continueFile: null,
},
]);
+
+ await SpecialPowers.popPrefEnv();
});
diff --git a/toolkit/mozapps/update/tests/browser/browser_aboutDialog_bc_downloading_notify.js b/toolkit/mozapps/update/tests/browser/browser_aboutDialog_bc_downloading_notify.js
new file mode 100644
index 000000000000..cf427b149a54
--- /dev/null
+++ b/toolkit/mozapps/update/tests/browser/browser_aboutDialog_bc_downloading_notify.js
@@ -0,0 +1,58 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+// Test for About Dialog background check for updates with the
+// "notify during download" feature turned on.
+add_task(async function aboutDialog_backgroundCheck_downloading_notify() {
+ await SpecialPowers.pushPrefEnv({
+ set: [[PREF_APP_UPDATE_NOTIFYDURINGDOWNLOAD, true]],
+ });
+
+ let downloadInfo = [];
+ if (Services.prefs.getBoolPref(PREF_APP_UPDATE_BITS_ENABLED)) {
+ downloadInfo[0] = { patchType: "partial", bitsResult: "0" };
+ } else {
+ downloadInfo[0] = { patchType: "partial", internalResult: "0" };
+ }
+
+ // Since the partial should be successful specify an invalid size for the
+ // complete update.
+ let params = {
+ queryString: "&useSlowDownloadMar=1&invalidCompleteSize=1",
+ backgroundUpdate: true,
+ waitForUpdateState: STATE_DOWNLOADING,
+ };
+ await runAboutDialogUpdateTest(params, [
+ async function aboutDialog_downloading_notification() {
+ is(
+ PanelUI.notificationPanel.state,
+ "closed",
+ "The window's doorhanger is closed."
+ );
+ ok(
+ PanelUI.menuButton.hasAttribute("badge-status"),
+ "The window has a badge."
+ );
+ is(
+ PanelUI.menuButton.getAttribute("badge-status"),
+ "update-downloading",
+ "The downloading badge is showing for the background window"
+ );
+ },
+ {
+ panelId: "downloading",
+ checkActiveUpdate: { state: STATE_DOWNLOADING },
+ continueFile: CONTINUE_DOWNLOAD,
+ downloadInfo,
+ },
+ {
+ panelId: "apply",
+ checkActiveUpdate: { state: STATE_PENDING },
+ continueFile: null,
+ },
+ ]);
+
+ await SpecialPowers.popPrefEnv();
+});
diff --git a/toolkit/mozapps/update/tests/data/shared.js b/toolkit/mozapps/update/tests/data/shared.js
index 51d9de99d7f2..5106aa5fc7a2 100644
--- a/toolkit/mozapps/update/tests/data/shared.js
+++ b/toolkit/mozapps/update/tests/data/shared.js
@@ -40,6 +40,7 @@ const PREF_APP_UPDATE_INTERVAL = "app.update.interval";
const PREF_APP_UPDATE_LASTUPDATETIME =
"app.update.lastUpdateTime.background-update-timer";
const PREF_APP_UPDATE_LOG = "app.update.log";
+const PREF_APP_UPDATE_NOTIFYDURINGDOWNLOAD = "app.update.notifyDuringDownload";
const PREF_APP_UPDATE_PROMPTWAITTIME = "app.update.promptWaitTime";
const PREF_APP_UPDATE_RETRYTIMEOUT = "app.update.socket.retryTimeout";
const PREF_APP_UPDATE_SERVICE_ENABLED = "app.update.service.enabled";
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 1642754 - Update prompts should not depend on how update was initiated r=bytesized
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit db954df8f4022be2cbffc3a1659f709483829820
Author: Mark Smith <mcs(a)pearlcrescent.com>
Date: Wed Jun 17 19:24:09 2020 +0000
Bug 1642754 - Update prompts should not depend on how update was initiated r=bytesized
Show update badge and doorhanger when entering the "pending"
state for foreground updates.
Differential Revision: https://phabricator.services.mozilla.com/D79903
---
toolkit/mozapps/update/UpdateService.jsm | 10 ++--------
.../browser/browser_aboutDialog_fc_downloadAuto.js | 18 +++++++++++++++++-
2 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/toolkit/mozapps/update/UpdateService.jsm b/toolkit/mozapps/update/UpdateService.jsm
index 8dd397f628f5..1dc86a073646 100644
--- a/toolkit/mozapps/update/UpdateService.jsm
+++ b/toolkit/mozapps/update/UpdateService.jsm
@@ -5002,8 +5002,6 @@ Downloader.prototype = {
}
}
- // XXX ehsan shouldShowPrompt should always be false here.
- // But what happens when there is already a UI showing?
var state = this._patch.state;
var shouldShowPrompt = false;
var shouldRegisterOnlineObserver = false;
@@ -5044,9 +5042,7 @@ Downloader.prototype = {
} else {
state = STATE_PENDING;
}
- if (this.background) {
- shouldShowPrompt = !getCanStageUpdates();
- }
+ shouldShowPrompt = !getCanStageUpdates();
AUSTLMY.pingDownloadCode(this.isCompleteUpdate, AUSTLMY.DWNLD_SUCCESS);
// Tell the updater.exe we're ready to apply.
@@ -5329,9 +5325,7 @@ Downloader.prototype = {
LOG(
"Downloader:onStopRequest - failed to stage update. Exception: " + e
);
- if (this.background) {
- shouldShowPrompt = true;
- }
+ shouldShowPrompt = true;
}
}
}
diff --git a/toolkit/mozapps/update/tests/browser/browser_aboutDialog_fc_downloadAuto.js b/toolkit/mozapps/update/tests/browser/browser_aboutDialog_fc_downloadAuto.js
index 6a8835251dec..be65ce8ddef1 100644
--- a/toolkit/mozapps/update/tests/browser/browser_aboutDialog_fc_downloadAuto.js
+++ b/toolkit/mozapps/update/tests/browser/browser_aboutDialog_fc_downloadAuto.js
@@ -15,7 +15,7 @@ add_task(async function aboutDialog_foregroundCheck_downloadAuto() {
// Since the partial should be successful specify an invalid size for the
// complete update.
- let params = { queryString: "&invalidCompleteSize=1" };
+ let params = { queryString: "&invalidCompleteSize=1&promptWaitTime=0" };
await runAboutDialogUpdateTest(params, [
{
panelId: "checkingForUpdates",
@@ -28,6 +28,22 @@ add_task(async function aboutDialog_foregroundCheck_downloadAuto() {
continueFile: CONTINUE_DOWNLOAD,
downloadInfo,
},
+ async function aboutDialog_restart_notification() {
+ is(
+ PanelUI.notificationPanel.state,
+ "closed",
+ "The window's doorhanger is closed."
+ );
+ ok(
+ PanelUI.menuButton.hasAttribute("badge-status"),
+ "The window has a badge."
+ );
+ is(
+ PanelUI.menuButton.getAttribute("badge-status"),
+ "update-restart",
+ "The restart badge is showing for the background window"
+ );
+ },
{
panelId: "apply",
checkActiveUpdate: { state: STATE_PENDING },
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 1585470 - Remove duplicate cpu-features.c definition when building GV without webrtc r=glandium
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit 6dda084ed7be86d9c612cfc42f5498838ca89aca
Author: Matthew Finkel <Matthew.Finkel(a)gmail.com>
Date: Thu Jul 9 19:10:34 2020 +0000
Bug 1585470 - Remove duplicate cpu-features.c definition when building GV without webrtc r=glandium
Differential Revision: https://phabricator.services.mozilla.com/D82120
---
media/libaom/moz.build | 5 -----
1 file changed, 5 deletions(-)
diff --git a/media/libaom/moz.build b/media/libaom/moz.build
index 2dec3de4581c..0b3ba0707df9 100644
--- a/media/libaom/moz.build
+++ b/media/libaom/moz.build
@@ -84,11 +84,6 @@ if CONFIG['OS_TARGET'] == 'Android':
# the OS they're on, so do it for them.
DEFINES['__linux__'] = True
- if not CONFIG['MOZ_WEBRTC']:
- SOURCES += [
- '%%%s/sources/android/cpufeatures/cpu-features.c' % CONFIG['ANDROID_NDK'],
- ]
-
for f in SOURCES:
if f.endswith('sse2.c'):
SOURCES[f].flags += CONFIG['SSE2_FLAGS']
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 28044: Integrate Tor Launcher into tor-browser
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit c2a789cd3baeec8eab4e8ab2f16de0df48d520be
Author: Kathy Brade <brade(a)pearlcrescent.com>
Date: Tue Feb 26 10:07:17 2019 -0500
Bug 28044: Integrate Tor Launcher into tor-browser
Build and package Tor Launcher as part of the browser (similar to
how pdfjs is handled).
If a Tor Launcher extension is present in the user's profile, it is
removed.
---
browser/extensions/moz.build | 5 +++++
browser/installer/package-manifest.in | 5 +++++
toolkit/mozapps/extensions/internal/XPIProvider.jsm | 10 ++++++++++
3 files changed, 20 insertions(+)
diff --git a/browser/extensions/moz.build b/browser/extensions/moz.build
index 4c9fa789d12a..fd2e65d01f02 100644
--- a/browser/extensions/moz.build
+++ b/browser/extensions/moz.build
@@ -12,3 +12,8 @@ DIRS += [
'webcompat',
'report-site-issue'
]
+
+if not CONFIG['TOR_BROWSER_DISABLE_TOR_LAUNCHER']:
+ DIRS += [
+ 'tor-launcher',
+ ]
diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in
index 7deaf1b51f9a..582a6e13d607 100644
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -248,6 +248,11 @@
@RESPATH@/browser/chrome/browser.manifest
@RESPATH@/browser/chrome/pdfjs.manifest
@RESPATH@/browser/chrome/pdfjs/*
+#ifndef TOR_BROWSER_DISABLE_TOR_LAUNCHER
+@RESPATH@/browser/chrome/torlauncher.manifest
+@RESPATH@/browser/chrome/torlauncher/*
+@RESPATH@/browser/@PREF_DIR@/torlauncher-prefs.js
+#endif
@RESPATH@/chrome/toolkit@JAREXT@
@RESPATH@/chrome/toolkit.manifest
@RESPATH@/chrome/recording.manifest
diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
index ba67e5f6bee8..bcdf6f40d5ed 100644
--- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
@@ -1462,6 +1462,16 @@ var XPIStates = {
for (let [id, file] of loc.readAddons()) {
knownIds.delete(id);
+ // Since it is now part of the browser, uninstall the Tor Launcher
+ // extension. This will remove the Tor Launcher .xpi from user
+ // profiles on macOS.
+ if (id === "tor-launcher(a)torproject.org") {
+ logger.debug("Uninstalling the Tor Launcher extension.");
+ loc.installer.uninstallAddon(id);
+ changed = true;
+ continue;
+ }
+
let xpiState = loc.get(id);
if (!xpiState) {
// If the location is not supported for sideloading, skip new
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 12620: TorBrowser regression tests
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit d2adc485957659c7526dc1ebd15d73c9263811c8
Author: Arthur Edelstein <arthuredelstein(a)gmail.com>
Date: Wed Aug 27 16:25:00 2014 -0700
Bug 12620: TorBrowser regression tests
Regression tests for Bug #2950: Make Permissions Manager memory-only
Regression tests for TB4: Tor Browser's Firefox preference overrides.
Note: many more functional tests could be made here
Regression tests for #2874: Block Components.interfaces from content
Bug 18923: Add a script to run all Tor Browser specific tests
Regression tests for Bug #16441: Suppress "Reset Tor Browser" prompt.
---
run-tbb-tests | 66 +++++++++++++++++++++++++++++++++++
tbb-tests-ignore.txt | 13 +++++++
tbb-tests/browser.ini | 5 +++
tbb-tests/browser_tor_TB4.js | 35 +++++++++++++++++++
tbb-tests/browser_tor_bug2950.js | 74 ++++++++++++++++++++++++++++++++++++++++
tbb-tests/mochitest.ini | 3 ++
tbb-tests/moz.build | 10 ++++++
tbb-tests/test_tor_bug2874.html | 25 ++++++++++++++
toolkit/toolkit.mozbuild | 3 +-
9 files changed, 233 insertions(+), 1 deletion(-)
diff --git a/run-tbb-tests b/run-tbb-tests
new file mode 100755
index 000000000000..bc09839f9f05
--- /dev/null
+++ b/run-tbb-tests
@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# This script runs all the Mochitest tests that have been added or
+# modified since the last ffxbld commit.
+#
+# It does not currently run XPCShell tests. We should change this if we
+# start using this type or other types of tests.
+#
+# The logs of the tests are stored in the tbb-tests.log file.
+# Ignored tests are listed in the tbb-tests-ignore.txt file.
+#
+# https://trac.torproject.org/projects/tor/ticket/18923
+
+IFS=$'\n'
+
+if [ -n "$USE_TESTS_LIST" ] && [ -f tbb-tests-list.txt ]
+then
+ echo "Using tests list from file tbb-tests-list.txt"
+ tests=($(cat tbb-tests-list.txt))
+else
+ ffxbld_commit=$(git log -500 --format='oneline' | grep "TB3: Tor Browser's official .mozconfigs." \
+ | head -1 | cut -d ' ' -f 1)
+
+ tests=($(git diff --name-status "$ffxbld_commit" HEAD | \
+ grep -e '^[AM].*/test_[^/]\+\.\(html\|xul\)$' \
+ -e '^[AM].*/browser_[^/]\+\.js$' \
+ | sed 's/^[AM]\s\+//'))
+fi
+
+echo 'The following tests will be run:'
+for i in "${!tests[@]}"
+do
+ if [ -z "$USE_TESTS_LIST" ] \
+ && grep -q "^${tests[$i]}$" tbb-tests-ignore.txt
+ then
+ unset "tests[$i]"
+ continue
+ fi
+ echo "- ${tests[$i]}"
+done
+
+if [ -n "$WRITE_TESTS_LIST" ]
+then
+ rm -f tbb-tests-list.txt
+ for i in "${!tests[@]}"
+ do
+ echo "${tests[$i]}" >> tbb-tests-list.txt
+ done
+ exit 0
+fi
+
+rm -f tbb-tests.log
+echo $'\n''Starting tests'
+# We need `security.nocertdb = false` because of #18087. That pref is
+# forced to have the same value as `browser.privatebrowsing.autostart` in
+# torbutton, so we just set `browser.privatebrowsing.autostart=false` here.
+./mach mochitest --log-tbpl tbb-tests.log \
+ --setpref network.file.path_blacklist='' \
+ --setpref extensions.torbutton.use_nontor_proxy=true \
+ --setpref browser.privatebrowsing.autostart=false \
+ "${tests[@]}"
+
+echo "*************************"
+echo "*************************"
+echo "Summary of failed tests:"
+grep --color=never TEST-UNEXPECTED-FAIL tbb-tests.log
diff --git a/tbb-tests-ignore.txt b/tbb-tests-ignore.txt
new file mode 100644
index 000000000000..ee3927a9e7c4
--- /dev/null
+++ b/tbb-tests-ignore.txt
@@ -0,0 +1,13 @@
+browser/extensions/onboarding/test/browser/browser_onboarding_accessibility.js
+browser/extensions/onboarding/test/browser/browser_onboarding_keyboard.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification_2.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification_3.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification_4.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification_5.js
+browser/extensions/onboarding/test/browser/browser_onboarding_notification_click_auto_complete_tour.js
+browser/extensions/onboarding/test/browser/browser_onboarding_select_default_tour.js
+browser/extensions/onboarding/test/browser/browser_onboarding_skip_tour.js
+browser/extensions/onboarding/test/browser/browser_onboarding_tours.js
+browser/extensions/onboarding/test/browser/browser_onboarding_tourset.js
+browser/extensions/onboarding/test/browser/browser_onboarding_uitour.js
diff --git a/tbb-tests/browser.ini b/tbb-tests/browser.ini
new file mode 100644
index 000000000000..f481660f1417
--- /dev/null
+++ b/tbb-tests/browser.ini
@@ -0,0 +1,5 @@
+[DEFAULT]
+
+[browser_tor_bug2950.js]
+[browser_tor_omnibox.js]
+[browser_tor_TB4.js]
diff --git a/tbb-tests/browser_tor_TB4.js b/tbb-tests/browser_tor_TB4.js
new file mode 100644
index 000000000000..8bb12f360e5e
--- /dev/null
+++ b/tbb-tests/browser_tor_TB4.js
@@ -0,0 +1,35 @@
+// # Test for TB4: Tor Browser's Firefox preference overrides
+// This is a minimal test to check whether the 000-tor-browser.js
+// pref overrides are being used at all or not. More comprehensive
+// pref tests are maintained in the tor-browser-bundle-testsuite project.
+
+function test() {
+
+let expectedPrefs = [
+ // Homepage
+ ["browser.startup.homepage", "about:tor"],
+
+ // Disable the "Refresh" prompt that is displayed for stale profiles.
+ ["browser.disableResetPrompt", true],
+
+ // Version placeholder
+ ["torbrowser.version", "dev-build"],
+ ];
+
+let getPref = function (prefName) {
+ let type = Services.prefs.getPrefType(prefName);
+ if (type === Services.prefs.PREF_INT) return Services.prefs.getIntPref(prefName);
+ if (type === Services.prefs.PREF_BOOL) return Services.prefs.getBoolPref(prefName);
+ if (type === Services.prefs.PREF_STRING) return Services.prefs.getCharPref(prefName);
+ // Something went wrong.
+ throw new Error("Can't access pref " + prefName);
+};
+
+let testPref = function([key, expectedValue]) {
+ let foundValue = getPref(key);
+ is(foundValue, expectedValue, "Pref '" + key + "' should be '" + expectedValue +"'.");
+};
+
+expectedPrefs.map(testPref);
+
+} // end function test()
diff --git a/tbb-tests/browser_tor_bug2950.js b/tbb-tests/browser_tor_bug2950.js
new file mode 100644
index 000000000000..16e41344a3c4
--- /dev/null
+++ b/tbb-tests/browser_tor_bug2950.js
@@ -0,0 +1,74 @@
+// # Regression tests for tor Bug #2950, Make Permissions Manager memory-only
+// Ensures that permissions.sqlite file in profile directory is not written to,
+// even when we write a value to Firefox's permissions database.
+
+// The requisite test() function.
+function test() {
+
+// Needed because of asynchronous part later in the test.
+waitForExplicitFinish();
+
+// Shortcut
+let Ci = Components.interfaces;
+
+// ## utility functions
+
+// __principal(spec)__.
+// Creates a principal instance from a spec
+// (string address such as "https://www.torproject.org").
+let principal = spec => Services.scriptSecurityManager.createContentPrincipalFromOrigin(spec);
+
+// __setPermission(spec, key, value)__.
+// Sets the site permission of type key to value, for the site located at address spec.
+let setPermission = (spec, key, value) => SitePermissions.setForPrincipal(principal(spec), key, value);
+
+// __getPermission(spec, key)__.
+// Reads the site permission value for permission type key, for the site
+// located at address spec.
+let getPermission = (spec, key) => SitePermissions.getForPrincipal(principal(spec), key);
+
+// __profileDirPath__.
+// The Firefox Profile directory. Expected location of various persistent files.
+let profileDirPath = Services.dirsvc.get("ProfD", Components.interfaces.nsIFile).path;
+
+// __fileInProfile(fileName)__.
+// Returns an nsIFile instance corresponding to a file in the Profile directory.
+let fileInProfile = fileName => FileUtils.File(profileDirPath + "/" + fileName);
+
+// ## Now let's run the test.
+
+let SITE = "https://www.torproject.org",
+ KEY = "popup";
+
+let permissionsFile = fileInProfile("permissions.sqlite"),
+ lastModifiedTime = null,
+ newModifiedTime = null;
+if (permissionsFile.exists()) {
+ lastModifiedTime = permissionsFile.lastModifiedTime;
+}
+// Read the original value of the permission.
+let originalValue = getPermission(SITE, KEY);
+
+// We need to delay by at least 1000 ms, because that's the granularity
+// of file time stamps, it seems.
+window.setTimeout(
+ function () {
+ // Set the permission to a new value.
+ setPermission(SITE, KEY, SitePermissions.BLOCK);
+ // Now read back the permission value again.
+ let newReadValue = getPermission(SITE, KEY);
+ // Compare to confirm that the permission
+ // value was successfully changed.
+ Assert.notDeepEqual(originalValue, newReadValue, "Set a value in permissions db (perhaps in memory).");
+ // If file existed or now exists, get the current time stamp.
+ if (permissionsFile.exists()) {
+ newModifiedTime = permissionsFile.lastModifiedTime;
+ }
+ // If file was created or modified since we began this test,
+ // then permissions db is not memory only. Complain!
+ is(lastModifiedTime, newModifiedTime, "Don't write to permissions.sqlite file on disk.");
+ // We are done with the test.
+ finish();
+ }, 1100);
+
+} // test()
diff --git a/tbb-tests/mochitest.ini b/tbb-tests/mochitest.ini
new file mode 100644
index 000000000000..cc5172733bbe
--- /dev/null
+++ b/tbb-tests/mochitest.ini
@@ -0,0 +1,3 @@
+[DEFAULT]
+
+[test_tor_bug2874.html]
diff --git a/tbb-tests/moz.build b/tbb-tests/moz.build
new file mode 100644
index 000000000000..de8a41a67a5c
--- /dev/null
+++ b/tbb-tests/moz.build
@@ -0,0 +1,10 @@
+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+MOCHITEST_MANIFESTS += ['mochitest.ini']
+
+BROWSER_CHROME_MANIFESTS += [ 'browser.ini' ]
+
diff --git a/tbb-tests/test_tor_bug2874.html b/tbb-tests/test_tor_bug2874.html
new file mode 100644
index 000000000000..c0a956e9f687
--- /dev/null
+++ b/tbb-tests/test_tor_bug2874.html
@@ -0,0 +1,25 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+Tor bug
+https://trac.torproject.org/projects/tor/ticket/2874
+-->
+<head>
+ <meta charset="utf-8">
+ <title>Test for Tor Bug 2874</title>
+ <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+ <script type="application/javascript">
+ is(typeof Components, 'undefined', "The global window object should not expose a Components property to untrusted content.");
+ </script>
+</head>
+<body>
+<a target="_blank" href="https://trac.torproject.org/projects/tor/ticket/2874">Tor Bug 2874</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+
+</div>
+<pre id="test">
+</pre>
+</body>
+</html>
diff --git a/toolkit/toolkit.mozbuild b/toolkit/toolkit.mozbuild
index d092b8b22346..6e35a4602300 100644
--- a/toolkit/toolkit.mozbuild
+++ b/toolkit/toolkit.mozbuild
@@ -96,7 +96,8 @@ if CONFIG['MOZ_WEBRTC'] and CONFIG['COMPILE_ENVIRONMENT']:
]
if CONFIG['ENABLE_TESTS']:
- DIRS += ['/testing/specialpowers']
+ DIRS += ['/testing/specialpowers',
+ '/tbb-tests']
DIRS += [
'/testing/gtest',
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 10760: Integrate TorButton to TorBrowser core
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit b26a0aa30368b94bc26c0b397c50a654f96673f4
Author: Alex Catarineu <acat(a)torproject.org>
Date: Wed Feb 19 23:05:08 2020 +0100
Bug 10760: Integrate TorButton to TorBrowser core
Because of the non-restartless nature of Torbutton, it required
a two-stage installation process. On mobile, it was a problem,
because it was not loading when the user opened the browser for
the first time.
Moving it to tor-browser and making it a system extension allows it
to load when the user opens the browser for first time.
Additionally, this patch also fixes Bug 27611.
Bug 26321: New Circuit and New Identity menu items
Bug 14392: Make about:tor behave like other initial pages.
Bug 25013: Add torbutton as a tor-browser submodule
---
.gitmodules | 3 ++
browser/base/content/aboutDialog.xhtml | 38 +++++++++++------
browser/base/content/browser-doctype.inc | 6 +++
browser/base/content/browser-menubar.inc | 49 ++++++++++++++++------
browser/base/content/browser-sets.inc | 2 +
browser/base/content/browser.js | 1 +
browser/base/content/browser.xhtml | 9 ++++
.../controlcenter/content/identityPanel.inc.xhtml | 17 ++++++++
.../customizableui/content/panelUI.inc.xhtml | 17 +++++++-
browser/installer/package-manifest.in | 2 +
docshell/base/nsAboutRedirector.cpp | 6 ++-
docshell/build/components.conf | 1 +
mobile/android/installer/package-manifest.in | 4 ++
toolkit/moz.build | 1 +
.../mozapps/extensions/internal/XPIProvider.jsm | 9 ++++
toolkit/torproject/torbutton | 1 +
.../lib/environments/browser-window.js | 6 ++-
17 files changed, 142 insertions(+), 30 deletions(-)
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 000000000000..2f03bd8e22df
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "toolkit/torproject/torbutton"]
+ path = toolkit/torproject/torbutton
+ url = https://git.torproject.org/torbutton.git
diff --git a/browser/base/content/aboutDialog.xhtml b/browser/base/content/aboutDialog.xhtml
index 69cbf846bbef..5274cbc02831 100644
--- a/browser/base/content/aboutDialog.xhtml
+++ b/browser/base/content/aboutDialog.xhtml
@@ -7,11 +7,11 @@
<?xml-stylesheet href="chrome://global/skin/global.css" type="text/css"?>
<?xml-stylesheet href="chrome://browser/content/aboutDialog.css" type="text/css"?>
<?xml-stylesheet href="chrome://branding/content/aboutDialog.css" type="text/css"?>
+<?xml-stylesheet href="chrome://torbutton/skin/aboutDialog.css" type="text/css"?>
+<!-- We need to include the localization DTDs until we migrate to Fluent -->
<!DOCTYPE window [
-#ifdef XP_MACOSX
#include browser-doctype.inc
-#endif
]>
<window xmlns:html="http://www.w3.org/1999/xhtml"
@@ -28,7 +28,7 @@
data-l10n-id="aboutDialog-title"
#endif
role="dialog"
- aria-describedby="version distribution distributionId communityDesc contributeDesc trademark"
+ aria-describedby="version distribution distributionId projectDesc helpDesc trademark trademarkTor"
>
#ifdef XP_MACOSX
#include macWindow.inc.xhtml
@@ -132,24 +132,36 @@
<label is="text-link" useoriginprincipal="true" href="about:credits" data-l10n-name="community-exp-creditsLink"></label>
</description>
</vbox>
- <description class="text-blurb" id="communityDesc" data-l10n-id="community-2">
- <label is="text-link" href="http://www.mozilla.org/" data-l10n-name="community-mozillaLink"></label>
- <label is="text-link" useoriginprincipal="true" href="about:credits" data-l10n-name="community-creditsLink"></label>
+ <!-- Keep communityDesc and contributeDesc to avoid JS errors trying to hide them -->
+ <description class="text-blurb" id="communityDesc" data-l10n-id="community-2" hidden="true"></description>
+ <description class="text-blurb" id="contributeDesc" data-l10n-id="helpus" hidden="true"></description>
+ <description class="text-blurb" id="projectDesc">
+ &project.start;
+ <label is="text-link" href="https://www.torproject.org/">
+ &project.tpoLink;
+ </label>&project.end;
</description>
- <description class="text-blurb" id="contributeDesc" data-l10n-id="helpus">
- <label is="text-link" href="https://donate.mozilla.org/?utm_source=firefox&utm_medium=referral&…" data-l10n-name="helpus-donateLink"></label>
- <label is="text-link" href="http://www.mozilla.org/contribute/" data-l10n-name="helpus-getInvolvedLink"></label>
+ <description class="text-blurb" id="helpDesc">
+ &help.start;
+ <label is="text-link" href="https://donate.torproject.org/">
+ &help.donateLink;
+ </label>
+ &help.or;
+ <label is="text-link" href="https://community.torproject.org/">
+ &help.getInvolvedLink;
+ </label>&help.end;
</description>
</vbox>
</vbox>
</hbox>
<vbox id="bottomBox">
- <hbox pack="center">
- <label is="text-link" class="bottom-link" useoriginprincipal="true" href="about:license" data-l10n-id="bottomLinks-license"></label>
- <label is="text-link" class="bottom-link" useoriginprincipal="true" href="about:rights" data-l10n-id="bottomLinks-rights"></label>
- <label is="text-link" class="bottom-link" href="https://www.mozilla.org/privacy/" data-l10n-id="bottomLinks-privacy"></label>
+ <hbox id="newBottom" pack="center" position="1">
+ <label is="text-link" class="bottom-link" href="https://support.torproject.org/">&bottomLinks.questions;</label>
+ <label is="text-link" class="bottom-link" href="https://community.torproject.org/relay/">&bottomLinks.grow;</label>
+ <label is="text-link" class="bottom-link" useoriginprincipal="true" href="about:license">&bottomLinks.license;</label>
</hbox>
<description id="trademark" data-l10n-id="trademarkInfo"></description>
+ <description id="trademarkTor">&tor.TrademarkStatement;</description>
</vbox>
</vbox>
diff --git a/browser/base/content/browser-doctype.inc b/browser/base/content/browser-doctype.inc
index 9aa278773158..48cf6cd3eda0 100644
--- a/browser/base/content/browser-doctype.inc
+++ b/browser/base/content/browser-doctype.inc
@@ -14,3 +14,9 @@
%syncBrandDTD;
<!ENTITY % brandingsDTD SYSTEM "chrome://browser/locale/brandings.dtd">
%brandingsDTD;
+<!ENTITY % torbuttonDTD SYSTEM "chrome://torbutton/locale/torbutton.dtd">
+%torbuttonDTD;
+<!ENTITY % aboutTorDTD SYSTEM "chrome://torbutton/locale/aboutTor.dtd">
+%aboutTorDTD;
+<!ENTITY % aboutDialogDTD SYSTEM "chrome://torbutton/locale/aboutDialog.dtd">
+%aboutDialogDTD;
diff --git a/browser/base/content/browser-menubar.inc b/browser/base/content/browser-menubar.inc
index 267ec91707ba..6f4aa9289c35 100644
--- a/browser/base/content/browser-menubar.inc
+++ b/browser/base/content/browser-menubar.inc
@@ -33,6 +33,18 @@
command="Tools:NonFissionWindow"
accesskey="s" label="New Non-Fission Window"/>
#endif
+ <menuseparator/>
+ <menuitem id="menu_newIdentity"
+ accesskey="&torbutton.context_menu.new_identity_key;"
+ key="torbutton-new-identity-key"
+ label="&torbutton.context_menu.new_identity;"
+ oncommand="torbutton_new_identity();"/>
+ <menuitem id="menu_newCircuit"
+ accesskey="&torbutton.context_menu.new_circuit_key;"
+ key="torbutton-new-circuit-key"
+ label="&torbutton.context_menu.new_circuit;"
+ oncommand="torbutton_new_circuit();"/>
+ <menuseparator/>
<menuitem id="menu_openLocation"
hidden="true"
command="Browser:OpenLocation"
@@ -455,17 +467,28 @@
#endif
data-l10n-id="menu-help">
<menupopup id="menu_HelpPopup" onpopupshowing="buildHelpMenu();">
- <menuitem id="menu_openHelp"
+ <!-- dummy elements to avoid 'getElementById' errors -->
+ <box id="feedbackPage"/>
+ <box id="helpSafeMode"/>
+ <box id="menu_HelpPopup_reportPhishingtoolmenu"/>
+ <box id="menu_HelpPopup_reportPhishingErrortoolmenu"/>
+ <!-- Add Tor Browser manual link -->
+ <menuitem id="torBrowserUserManual"
+ oncommand="gBrowser.selectedTab = gBrowser.addTab('https://tb-manual.torproject.org/' + Services.locale.requestedLocale, {triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal()});"
+ label="&aboutTor.torbrowser_user_manual.label;"
+ accesskey="&aboutTor.torbrowser_user_manual.accesskey;"/>
+ <!-- Bug 18905: Hide unused help menu items -->
+ <!-- <menuitem id="menu_openHelp"
oncommand="openHelpLink('firefox-help')"
onclick="checkForMiddleClick(this, event);"
data-l10n-id="menu-help-product"
#ifdef XP_MACOSX
- key="key_openHelpMac"/>
+ key="key_openHelpMac"/> -->
#else
- />
+ /> -->
#endif
- <menuitem id="menu_openTour"
- oncommand="openTourPage();" data-l10n-id="menu-help-show-tour"/>
+ <!-- <menuitem id="menu_openTour"
+ oncommand="openTourPage();" data-l10n-id="menu-help-show-tour"/> -->
<menuitem id="help_importFromAnotherBrowser"
command="cmd_help_importFromAnotherBrowser" data-l10n-id="menu-help-import-from-another-browser"/>
<menuitem id="menu_keyboardShortcuts"
@@ -474,22 +497,22 @@
<menuitem id="troubleShooting"
oncommand="openTroubleshootingPage()"
onclick="checkForMiddleClick(this, event);" data-l10n-id="menu-help-troubleshooting-info"/>
- <menuitem id="feedbackPage"
+ <!-- <menuitem id="feedbackPage"
oncommand="openFeedbackPage()"
- onclick="checkForMiddleClick(this, event);" data-l10n-id="menu-help-feedback-page"/>
- <menuitem id="helpSafeMode"
- oncommand="safeModeRestart();" data-l10n-id="menu-help-safe-mode-without-addons"/>
- <menuitem id="menu_HelpPopup_reportPhishingtoolmenu"
+ onclick="checkForMiddleClick(this, event);" data-l10n-id="menu-help-feedback-page"/> -->
+ <!-- <menuitem id="helpSafeMode"
+ oncommand="safeModeRestart();" data-l10n-id="menu-help-safe-mode-without-addons"/> -->
+ <!-- <menuitem id="menu_HelpPopup_reportPhishingtoolmenu"
disabled="true"
oncommand="openUILink(gSafeBrowsing.getReportURL('Phish'), event, {triggeringPrincipal: Services.scriptSecurityManager.createNullPrincipal({})});"
onclick="checkForMiddleClick(this, event);"
- hidden="true" data-l10n-id="menu-help-report-deceptive-site"/>
- <menuitem id="menu_HelpPopup_reportPhishingErrortoolmenu"
+ hidden="true" data-l10n-id="menu-help-report-deceptive-site"/> -->
+ <!-- <menuitem id="menu_HelpPopup_reportPhishingErrortoolmenu"
disabled="true"
oncommand="ReportFalseDeceptiveSite();"
onclick="checkForMiddleClick(this, event);"
data-l10n-id="menu-help-not-deceptive"
- hidden="true"/>
+ hidden="true"/> -->
<menuseparator id="helpPolicySeparator"
hidden="true"/>
<menuitem id="helpPolicySupport"
diff --git a/browser/base/content/browser-sets.inc b/browser/base/content/browser-sets.inc
index aae94e8d4654..fa71bfb37a84 100644
--- a/browser/base/content/browser-sets.inc
+++ b/browser/base/content/browser-sets.inc
@@ -374,4 +374,6 @@
data-l10n-id="hide-other-apps-shortcut"
modifiers="accel,alt"/>
#endif
+ <key id="torbutton-new-identity-key" modifiers="accel shift" key="U" oncommand="torbutton_new_identity()"/>
+ <key id="torbutton-new-circuit-key" modifiers="accel shift" key="L" oncommand="torbutton_new_circuit()"/>
</keyset>
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 5eb38ba78282..3c342dedd5d4 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -620,6 +620,7 @@ var gPageIcons = {
};
var gInitialPages = [
+ "about:tor",
"about:blank",
"about:newtab",
"about:home",
diff --git a/browser/base/content/browser.xhtml b/browser/base/content/browser.xhtml
index 62825bfd206a..229fc2a26dd2 100644
--- a/browser/base/content/browser.xhtml
+++ b/browser/base/content/browser.xhtml
@@ -29,6 +29,8 @@
<?xml-stylesheet href="chrome://browser/skin/searchbar.css" type="text/css"?>
<?xml-stylesheet href="chrome://browser/skin/places/tree-icons.css" type="text/css"?>
<?xml-stylesheet href="chrome://browser/skin/places/editBookmark.css" type="text/css"?>
+<?xml-stylesheet href="chrome://torbutton/skin/tor-circuit-display.css" type="text/css"?>
+<?xml-stylesheet href="chrome://torbutton/skin/torbutton.css" type="text/css"?>
# All DTD information is stored in a separate file so that it can be shared by
# hiddenWindowMac.xhtml.
@@ -105,11 +107,18 @@
Services.scriptloader.loadSubScript("chrome://browser/content/places/places-menupopup.js", this);
Services.scriptloader.loadSubScript("chrome://browser/content/search/autocomplete-popup.js", this);
Services.scriptloader.loadSubScript("chrome://browser/content/search/searchbar.js", this);
+ Services.scriptloader.loadSubScript("chrome://torbutton/content/tor-circuit-display.js", this);
+ Services.scriptloader.loadSubScript("chrome://torbutton/content/torbutton.js", this);
window.onload = gBrowserInit.onLoad.bind(gBrowserInit);
window.onunload = gBrowserInit.onUnload.bind(gBrowserInit);
window.onclose = WindowIsClosing;
+ //onLoad Handler
+ try {
+ window.addEventListener("load", torbutton_init, false);
+ } catch (e) {}
+
window.addEventListener("MozBeforeInitialXULLayout",
gBrowserInit.onBeforeInitialXULLayout.bind(gBrowserInit), { once: true });
diff --git a/browser/components/controlcenter/content/identityPanel.inc.xhtml b/browser/components/controlcenter/content/identityPanel.inc.xhtml
index 77c0b9b2413f..a8edda858e41 100644
--- a/browser/components/controlcenter/content/identityPanel.inc.xhtml
+++ b/browser/components/controlcenter/content/identityPanel.inc.xhtml
@@ -60,6 +60,23 @@
oncommand="gIdentityHandler.showSecuritySubView();"/>
</hbox>
+ <!-- Circuit display section -->
+ <hbox id="circuit-display-container" class="identity-popup-section">
+ <vbox id="circuit-display-content" flex="1" role="group"
+ aria-labelledby="circuit-display-headline">
+ <hbox id="circuit-display-header" align="center">
+ <label id="circuit-display-headline"
+ role="heading" aria-level="2">&torbutton.circuit_display.title;</label>
+ </hbox>
+ <html:ul id="circuit-display-nodes" dir="auto"/>
+ </vbox>
+ <vbox id="circuit-reload-content" flex="1">
+ <html:button id="circuit-reload-button"
+ onclick="torbutton_new_circuit()">&torbutton.circuit_display.new_circuit;</html:button>
+ <hbox id="circuit-guard-note-container"/>
+ </vbox>
+ </hbox>
+
<!-- Permissions Section -->
<hbox class="identity-popup-section"
when-connection="not-secure secure secure-ev secure-cert-user-overridden file extension cert-error-page">
diff --git a/browser/components/customizableui/content/panelUI.inc.xhtml b/browser/components/customizableui/content/panelUI.inc.xhtml
index 3a8b74b0a9f3..bdb8a7c227cf 100644
--- a/browser/components/customizableui/content/panelUI.inc.xhtml
+++ b/browser/components/customizableui/content/panelUI.inc.xhtml
@@ -265,7 +265,8 @@
class="subviewbutton subviewbutton-iconic"
label="&newPrivateWindow.label;"
key="key_privatebrowsing"
- command="Tools:PrivateBrowsing"/>
+ command="Tools:PrivateBrowsing"
+ hidden="true"/>
#ifdef NIGHTLY_BUILD
<toolbarbutton id="appMenu-fission-window-button"
class="subviewbutton subviewbutton-iconic"
@@ -281,7 +282,19 @@
<toolbarbutton id="appMenuRestoreLastSession"
label="&appMenuHistory.restoreSession.label;"
class="subviewbutton subviewbutton-iconic"
- command="Browser:RestoreLastSession"/>
+ command="Browser:RestoreLastSession"
+ hidden="true"/>
+ <toolbarseparator/>
+ <toolbarbutton id="appMenuNewIdentity"
+ class="subviewbutton subviewbutton-iconic"
+ key="torbutton-new-identity-key"
+ label="&torbutton.context_menu.new_identity;"
+ oncommand="torbutton_new_identity();"/>
+ <toolbarbutton id="appMenuNewCircuit"
+ class="subviewbutton subviewbutton-iconic"
+ key="torbutton-new-circuit-key"
+ label="&torbutton.context_menu.new_circuit;"
+ oncommand="torbutton_new_circuit();"/>
<toolbarseparator/>
<toolbaritem id="appMenu-zoom-controls" class="toolbaritem-combined-buttons" closemenu="none">
<!-- Use a spacer, because panel sizing code gets confused when using CSS methods. -->
diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in
index 582a6e13d607..3722bf2ee22b 100644
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -253,6 +253,8 @@
@RESPATH@/browser/chrome/torlauncher/*
@RESPATH@/browser/@PREF_DIR@/torlauncher-prefs.js
#endif
+@RESPATH@/chrome/torbutton.manifest
+@RESPATH@/chrome/torbutton/*
@RESPATH@/chrome/toolkit@JAREXT@
@RESPATH@/chrome/toolkit.manifest
@RESPATH@/chrome/recording.manifest
diff --git a/docshell/base/nsAboutRedirector.cpp b/docshell/base/nsAboutRedirector.cpp
index 730fd6aea654..051f239c76ac 100644
--- a/docshell/base/nsAboutRedirector.cpp
+++ b/docshell/base/nsAboutRedirector.cpp
@@ -146,7 +146,11 @@ static const RedirEntry kRedirMap[] = {
{"crashcontent", "about:blank",
nsIAboutModule::HIDE_FROM_ABOUTABOUT |
nsIAboutModule::URI_CAN_LOAD_IN_CHILD |
- nsIAboutModule::URI_MUST_LOAD_IN_CHILD}};
+ nsIAboutModule::URI_MUST_LOAD_IN_CHILD},
+ {"tor", "chrome://torbutton/content/aboutTor/aboutTor.xhtml",
+ nsIAboutModule::URI_MUST_LOAD_IN_CHILD |
+ nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
+ nsIAboutModule::ALLOW_SCRIPT}};
static const int kRedirTotal = mozilla::ArrayLength(kRedirMap);
NS_IMETHODIMP
diff --git a/docshell/build/components.conf b/docshell/build/components.conf
index 6d7253d01631..2d56ea33389d 100644
--- a/docshell/build/components.conf
+++ b/docshell/build/components.conf
@@ -27,6 +27,7 @@ about_pages = [
'srcdoc',
'support',
'telemetry',
+ 'tor',
'url-classifier',
'webrtc',
]
diff --git a/mobile/android/installer/package-manifest.in b/mobile/android/installer/package-manifest.in
index 17d6471c4742..055eb4717447 100644
--- a/mobile/android/installer/package-manifest.in
+++ b/mobile/android/installer/package-manifest.in
@@ -137,6 +137,10 @@
@BINPATH@/chrome/devtools@JAREXT@
@BINPATH@/chrome/devtools.manifest
+; Torbutton
+@BINPATH@/chrome/torbutton@JAREXT@
+@BINPATH@/chrome/torbutton.manifest
+
; [Default Preferences]
; All the pref files must be part of base to prevent migration bugs
#ifdef MOZ_GECKOVIEW_JAR
diff --git a/toolkit/moz.build b/toolkit/moz.build
index b6f792da7124..3451334de15c 100644
--- a/toolkit/moz.build
+++ b/toolkit/moz.build
@@ -23,6 +23,7 @@ DIRS += [
'pluginproblem',
'profile',
'themes',
+ 'torproject/torbutton',
]
if CONFIG['OS_ARCH'] == 'WINNT' and CONFIG['MOZ_DEFAULT_BROWSER_AGENT']:
diff --git a/toolkit/mozapps/extensions/internal/XPIProvider.jsm b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
index bcdf6f40d5ed..bf31932b59f1 100644
--- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
@@ -1462,6 +1462,15 @@ var XPIStates = {
for (let [id, file] of loc.readAddons()) {
knownIds.delete(id);
+ // Uninstall torbutton if it is installed in the user profile
+ if (id === "torbutton(a)torproject.org" &&
+ loc.name === KEY_APP_PROFILE) {
+ logger.debug("Uninstalling torbutton from user profile.");
+ loc.installer.uninstallAddon(id);
+ changed = true;
+ continue;
+ }
+
// Since it is now part of the browser, uninstall the Tor Launcher
// extension. This will remove the Tor Launcher .xpi from user
// profiles on macOS.
diff --git a/toolkit/torproject/torbutton b/toolkit/torproject/torbutton
new file mode 160000
index 000000000000..f5a747e06001
--- /dev/null
+++ b/toolkit/torproject/torbutton
@@ -0,0 +1 @@
+Subproject commit f5a747e06001898e80ef2b0676ed264eb20be349
diff --git a/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/browser-window.js b/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/browser-window.js
index 76e03f2d49bb..2ff107b553b2 100644
--- a/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/browser-window.js
+++ b/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/browser-window.js
@@ -75,7 +75,11 @@ function getGlobalScriptIncludes(scriptPath) {
"browser/components/search/content/"
)
.replace("chrome://browser/content/", "browser/base/content/")
- .replace("chrome://global/content/", "toolkit/content/");
+ .replace("chrome://global/content/", "toolkit/content/")
+ .replace(
+ "chrome://torbutton/content/",
+ "toolkit/torproject/torbutton/chrome/content/"
+ );
for (let mapping of Object.getOwnPropertyNames(MAPPINGS)) {
if (sourceFile.includes(mapping)) {
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Add TorStrings module for localization
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit 8967db0758786f60ff218378dfd41db27cdf9468
Author: Alex Catarineu <acat(a)torproject.org>
Date: Fri Jul 24 21:15:20 2020 +0200
Add TorStrings module for localization
---
browser/modules/TorStrings.jsm | 490 +++++++++++++++++++++++++++++++++++++++++
browser/modules/moz.build | 1 +
2 files changed, 491 insertions(+)
diff --git a/browser/modules/TorStrings.jsm b/browser/modules/TorStrings.jsm
new file mode 100644
index 000000000000..e8a8d37ae373
--- /dev/null
+++ b/browser/modules/TorStrings.jsm
@@ -0,0 +1,490 @@
+"use strict";
+
+var EXPORTED_SYMBOLS = ["TorStrings"];
+
+const { XPCOMUtils } = ChromeUtils.import(
+ "resource://gre/modules/XPCOMUtils.jsm"
+);
+const { Services } = ChromeUtils.import(
+ "resource://gre/modules/Services.jsm"
+);
+const { getLocale } = ChromeUtils.import(
+ "resource://torbutton/modules/utils.js"
+);
+
+XPCOMUtils.defineLazyGlobalGetters(this, ["DOMParser"]);
+XPCOMUtils.defineLazyGetter(this, "domParser", () => {
+ const parser = new DOMParser();
+ parser.forceEnableDTD();
+ return parser;
+});
+
+/*
+ Tor DTD String Bundle
+
+ DTD strings loaded from torbutton/tor-launcher, but provide a fallback in case they aren't available
+*/
+class TorDTDStringBundle {
+ constructor(aBundleURLs, aPrefix) {
+ let locations = [];
+ for (const [index, url] of aBundleURLs.entries()) {
+ locations.push(`<!ENTITY % dtd_${index} SYSTEM "${url}">%dtd_${index};`);
+ }
+ this._locations = locations;
+ this._prefix = aPrefix;
+ }
+
+ // copied from testing/marionette/l10n.js
+ localizeEntity(urls, id) {
+ // Use the DOM parser to resolve the entity and extract its real value
+ let header = `<?xml version="1.0"?><!DOCTYPE elem [${this._locations.join(
+ ""
+ )}]>`;
+ let elem = `<elem id="elementID">&${id};</elem>`;
+ let doc = domParser.parseFromString(header + elem, "text/xml");
+ let element = doc.querySelector("elem[id='elementID']");
+
+ if (element === null) {
+ throw new Error(`Entity with id='${id}' hasn't been found`);
+ }
+
+ return element.textContent;
+ }
+
+ getString(key, fallback) {
+ if (key) {
+ try {
+ return this.localizeEntity(this._bundleURLs, `${this._prefix}${key}`);
+ } catch (e) {}
+ }
+
+ // on failure, assign the fallback if it exists
+ if (fallback) {
+ return fallback;
+ }
+ // otherwise return string key
+ return `$(${key})`;
+ }
+}
+
+/*
+ Tor Property String Bundle
+
+ Property strings loaded from torbutton/tor-launcher, but provide a fallback in case they aren't available
+*/
+class TorPropertyStringBundle {
+ constructor(aBundleURL, aPrefix) {
+ try {
+ this._bundle = Services.strings.createBundle(aBundleURL);
+ } catch (e) {}
+
+ this._prefix = aPrefix;
+ }
+
+ getString(key, fallback) {
+ if (key) {
+ try {
+ return this._bundle.GetStringFromName(`${this._prefix}${key}`);
+ } catch (e) {}
+ }
+
+ // on failure, assign the fallback if it exists
+ if (fallback) {
+ return fallback;
+ }
+ // otherwise return string key
+ return `$(${key})`;
+ }
+}
+
+/*
+ Security Level Strings
+*/
+var TorStrings = {
+ /*
+ Tor Browser Security Level Strings
+ */
+ securityLevel: (function() {
+ let tsb = new TorDTDStringBundle(
+ ["chrome://torbutton/locale/torbutton.dtd"],
+ "torbutton.prefs.sec_"
+ );
+ let getString = function(key, fallback) {
+ return tsb.getString(key, fallback);
+ };
+
+ // read localized strings from torbutton; but use hard-coded en-US strings as fallbacks in case of error
+ let retval = {
+ securityLevel: getString("caption", "Security Level"),
+ customWarning: getString("custom_warning", "Custom"),
+ overview: getString(
+ "overview",
+ "Disable certain web features that can be used to attack your security and anonymity."
+ ),
+ standard: {
+ level: getString("standard_label", "Standard"),
+ tooltip: getString("standard_tooltip", "Security Level : Standard"),
+ summary: getString(
+ "standard_description",
+ "All Tor Browser and website features are enabled."
+ ),
+ },
+ safer: {
+ level: getString("safer_label", "Safer"),
+ tooltip: getString("safer_tooltip", "Security Level : Safer"),
+ summary: getString(
+ "safer_description",
+ "Disables website features that are often dangerous, causing some sites to lose functionality."
+ ),
+ description1: getString(
+ "js_on_https_sites_only",
+ "JavaScript is disabled on non-HTTPS sites."
+ ),
+ description2: getString(
+ "limit_typography",
+ "Some fonts and math symbols are disabled."
+ ),
+ description3: getString(
+ "click_to_play_media",
+ "Audio and video (HTML5 media), and WebGL are click-to-play."
+ ),
+ },
+ safest: {
+ level: getString("safest_label", "Safest"),
+ tooltip: getString("safest_tooltip", "Security Level : Safest"),
+ summary: getString(
+ "safest_description",
+ "Only allows website features required for static sites and basic services. These changes affect images, media, and scripts."
+ ),
+ description1: getString(
+ "js_disabled",
+ "JavaScript is disabled by default on all sites."
+ ),
+ description2: getString(
+ "limit_graphics_and_typography",
+ "Some fonts, icons, math symbols, and images are disabled."
+ ),
+ description3: getString(
+ "click_to_play_media",
+ "Audio and video (HTML5 media), and WebGL are click-to-play."
+ ),
+ },
+ custom: {
+ summary: getString(
+ "custom_summary",
+ "Your custom browser preferences have resulted in unusual security settings. For security and privacy reasons, we recommend you choose one of the default security levels."
+ ),
+ },
+ learnMore: getString("learn_more_label", "Learn more"),
+ learnMoreURL: `https://tb-manual.torproject.org/${getLocale()}/security-settings/`,
+ restoreDefaults: getString("restore_defaults", "Restore Defaults"),
+ advancedSecuritySettings: getString(
+ "advanced_security_settings",
+ "Advanced Security Settings\u2026"
+ ),
+ };
+ return retval;
+ })() /* Security Level Strings */,
+
+ /*
+ Tor about:preferences#tor Strings
+ */
+ settings: (function() {
+ let tsb = new TorDTDStringBundle(
+ ["chrome://torlauncher/locale/network-settings.dtd"],
+ ""
+ );
+ let getString = function(key, fallback) {
+ return tsb.getString(key, fallback);
+ };
+
+ let retval = {
+ categoryTitle: getString("torPreferences.categoryTitle", "Tor"),
+ torPreferencesHeading: getString(
+ "torPreferences.torSettings",
+ "Tor Settings"
+ ),
+ torPreferencesDescription: getString(
+ "torPreferences.torSettingsDescription",
+ "Tor Browser routes your traffic over the Tor Network, run by thousands of volunteers around the world."
+ ),
+ learnMore: getString("torPreferences.learnMore", "Learn More"),
+ bridgesHeading: getString("torPreferences.bridges", "Bridges"),
+ bridgesDescription: getString(
+ "torPreferences.bridgesDescription",
+ "Bridges help you access the Tor Network in places where Tor is blocked. Depending on where you are, one bridge may work better than another."
+ ),
+ useBridge: getString("torPreferences.useBridge", "Use a bridge"),
+ selectBridge: getString(
+ "torsettings.useBridges.default",
+ "Select a bridge"
+ ),
+ requestBridgeFromTorProject: getString(
+ "torsettings.useBridges.bridgeDB",
+ "Request a bridge from torproject.org"
+ ),
+ requestNewBridge: getString(
+ "torPreferences.requestNewBridge",
+ "Request a New Bridge\u2026"
+ ),
+ provideBridge: getString(
+ "torPreferences.provideBridge",
+ "Provide a bridge"
+ ),
+ provideBridgeDirections: getString(
+ "torsettings.useBridges.label",
+ "Enter bridge information from a trusted source."
+ ),
+ provideBridgePlaceholder: getString(
+ "torsettings.useBridges.placeholder",
+ "type address:port (one per line)"
+ ),
+ advancedHeading: getString("torPreferences.advanced", "Advanced"),
+ advancedDescription: getString(
+ "torPreferences.advancedDescription",
+ "Configure how Tor Browser connects to the internet."
+ ),
+ useLocalProxy: getString("torsettings.useProxy.checkbox", "I use a proxy to connect to the Internet"),
+ proxyType: getString("torsettings.useProxy.type", "Proxy Type"),
+ proxyTypeSOCKS4: getString("torsettings.useProxy.type.socks4", "SOCKS4"),
+ proxyTypeSOCKS5: getString("torsettings.useProxy.type.socks5", "SOCKS5"),
+ proxyTypeHTTP: getString("torsettings.useProxy.type.http", "HTTP/HTTPS"),
+ proxyAddress: getString("torsettings.useProxy.address", "Address"),
+ proxyAddressPlaceholder: getString(
+ "torsettings.useProxy.address.placeholder",
+ "IP address or hostname"
+ ),
+ proxyPort: getString("torsettings.useProxy.port", "Port"),
+ proxyUsername: getString("torsettings.useProxy.username", "Username"),
+ proxyPassword: getString("torsettings.useProxy.password", "Password"),
+ proxyUsernamePasswordPlaceholder: getString(
+ "torsettings.optional",
+ "Optional"
+ ),
+ useFirewall: getString(
+ "torsettings.firewall.checkbox",
+ "This computer goes through a firewall that only allows connections to certain ports"
+ ),
+ allowedPorts: getString(
+ "torsettings.firewall.allowedPorts",
+ "Allowed Ports"
+ ),
+ allowedPortsPlaceholder: getString(
+ "torPreferences.firewallPortsPlaceholder",
+ "Comma-seperated values"
+ ),
+ requestBridgeDialogTitle: getString(
+ "torPreferences.requestBridgeDialogTitle",
+ "Request Bridge"
+ ),
+ submitCaptcha: getString(
+ "torsettings.useBridges.captchaSubmit",
+ "Submit"
+ ),
+ contactingBridgeDB: getString(
+ "torPreferences.requestBridgeDialogWaitPrompt",
+ "Contacting BridgeDB. Please Wait."
+ ),
+ solveTheCaptcha: getString(
+ "torPreferences.requestBridgeDialogSolvePrompt",
+ "Solve the CAPTCHA to request a bridge."
+ ),
+ captchaTextboxPlaceholder: getString(
+ "torsettings.useBridges.captchaSolution.placeholder",
+ "Enter the characters from the image"
+ ),
+ incorrectCaptcha: getString(
+ "torPreferences.requestBridgeErrorBadSolution",
+ "The solution is not correct. Please try again."
+ ),
+ showTorDaemonLogs: getString(
+ "torPreferences.viewTorLogs",
+ "View the Tor logs."
+ ),
+ showLogs: getString("torPreferences.viewLogs", "View Logs\u2026"),
+ torLogDialogTitle: getString(
+ "torPreferences.torLogsDialogTitle",
+ "Tor Logs"
+ ),
+ copyLog: getString("torsettings.copyLog", "Copy Tor Log to Clipboard"),
+
+ learnMoreTorBrowserURL: `https://tb-manual.torproject.org/${getLocale()}/about/`,
+ learnMoreBridgesURL: `https://tb-manual.torproject.org/${getLocale()}/bridges/`,
+ learnMoreNetworkSettingsURL: `about:blank`,
+ };
+
+ return retval;
+ })() /* Tor Network Settings Strings */,
+
+ /*
+ Tor Onion Services Strings, e.g., for the authentication prompt.
+ */
+ onionServices: (function() {
+ let tsb = new TorPropertyStringBundle(
+ "chrome://torbutton/locale/torbutton.properties",
+ "onionServices."
+ );
+ let getString = function(key, fallback) {
+ return tsb.getString(key, fallback);
+ };
+
+ const kProblemLoadingSiteFallback = "Problem Loading Onionsite";
+ const kLongDescFallback = "Details: %S";
+
+ let retval = {
+ learnMore: getString("learnMore", "Learn more"),
+ learnMoreURL: `https://support.torproject.org/${getLocale()}/onionservices/client-auth/`,
+ errorPage: {
+ browser: getString("errorPage.browser", "Browser"),
+ network: getString("errorPage.network", "Network"),
+ onionSite: getString("errorPage.onionSite", "Onionsite"),
+ },
+ descNotFound: { // Tor SOCKS error 0xF0
+ pageTitle: getString("descNotFound.pageTitle", kProblemLoadingSiteFallback),
+ header: getString("descNotFound.header", "Onionsite Not Found"),
+ longDescription: getString("descNotFound.longDescription", kLongDescFallback),
+ },
+ descInvalid: { // Tor SOCKS error 0xF1
+ pageTitle: getString("descInvalid.pageTitle", kProblemLoadingSiteFallback),
+ header: getString("descInvalid.header", "Onionsite Cannot Be Reached"),
+ longDescription: getString("descInvalid.longDescription", kLongDescFallback),
+ },
+ introFailed: { // Tor SOCKS error 0xF2
+ pageTitle: getString("introFailed.pageTitle", kProblemLoadingSiteFallback),
+ header: getString("introFailed.header", "Onionsite Has Disconnected"),
+ longDescription: getString("introFailed.longDescription", kLongDescFallback),
+ },
+ rendezvousFailed: { // Tor SOCKS error 0xF3
+ pageTitle: getString("rendezvousFailed.pageTitle", kProblemLoadingSiteFallback),
+ header: getString("rendezvousFailed.header", "Unable to Connect to Onionsite"),
+ longDescription: getString("rendezvousFailed.longDescription", kLongDescFallback),
+ },
+ clientAuthMissing: { // Tor SOCKS error 0xF4
+ pageTitle: getString("clientAuthMissing.pageTitle", "Authorization Required"),
+ header: getString("clientAuthMissing.header", "Onionsite Requires Authentication"),
+ longDescription: getString("clientAuthMissing.longDescription", kLongDescFallback),
+ },
+ clientAuthIncorrect: { // Tor SOCKS error 0xF5
+ pageTitle: getString("clientAuthIncorrect.pageTitle", "Authorization Failed"),
+ header: getString("clientAuthIncorrect.header", "Onionsite Authentication Failed"),
+ longDescription: getString("clientAuthIncorrect.longDescription", kLongDescFallback),
+ },
+ badAddress: { // Tor SOCKS error 0xF6
+ pageTitle: getString("badAddress.pageTitle", kProblemLoadingSiteFallback),
+ header: getString("badAddress.header", "Invalid Onionsite Address"),
+ longDescription: getString("badAddress.longDescription", kLongDescFallback),
+ },
+ introTimedOut: { // Tor SOCKS error 0xF7
+ pageTitle: getString("introTimedOut.pageTitle", kProblemLoadingSiteFallback),
+ header: getString("introTimedOut.header", "Onionsite Circuit Creation Timed Out"),
+ longDescription: getString("introTimedOut.longDescription", kLongDescFallback),
+ },
+ authPrompt: {
+ description:
+ getString("authPrompt.description2", "%S is requesting that you authenticate."),
+ keyPlaceholder: getString("authPrompt.keyPlaceholder", "Enter your key"),
+ done: getString("authPrompt.done", "Done"),
+ doneAccessKey: getString("authPrompt.doneAccessKey", "d"),
+ invalidKey: getString("authPrompt.invalidKey", "Invalid key"),
+ failedToSetKey:
+ getString("authPrompt.failedToSetKey", "Failed to set key"),
+ },
+ authPreferences: {
+ header: getString("authPreferences.header", "Onion Services Authentication"),
+ overview: getString("authPreferences.overview", "Some onion services require that you identify yourself with a key"),
+ savedKeys: getString("authPreferences.savedKeys", "Saved Keys"),
+ dialogTitle: getString("authPreferences.dialogTitle", "Onion Services Keys"),
+ dialogIntro: getString("authPreferences.dialogIntro", "Keys for the following onionsites are stored on your computer"),
+ onionSite: getString("authPreferences.onionSite", "Onionsite"),
+ onionKey: getString("authPreferences.onionKey", "Key"),
+ remove: getString("authPreferences.remove", "Remove"),
+ removeAll: getString("authPreferences.removeAll", "Remove All"),
+ failedToGetKeys: getString("authPreferences.failedToGetKeys", "Failed to get keys"),
+ failedToRemoveKey: getString("authPreferences.failedToRemoveKey", "Failed to remove key"),
+ },
+ };
+
+ return retval;
+ })() /* Tor Onion Services Strings */,
+
+ /*
+ OnionLocation
+ */
+ onionLocation: (function() {
+ const tsb = new TorPropertyStringBundle(
+ ["chrome://torbutton/locale/torbutton.properties"],
+ "onionLocation."
+ );
+ const getString = function(key, fallback) {
+ return tsb.getString(key, fallback);
+ };
+
+ const retval = {
+ alwaysPrioritize: getString(
+ "alwaysPrioritize",
+ "Always Prioritize Onionsites"
+ ),
+ alwaysPrioritizeAccessKey: getString("alwaysPrioritizeAccessKey", "a"),
+ notNow: getString("notNow", "Not Now"),
+ notNowAccessKey: getString("notNowAccessKey", "n"),
+ description: getString(
+ "description",
+ "Website publishers can protect users by adding a security layer. This prevents eavesdroppers from knowing that you are the one visiting that website."
+ ),
+ tryThis: getString("tryThis", "Try this: Onionsite"),
+ onionAvailable: getString("onionAvailable", "Onionsite available"),
+ learnMore: getString("learnMore", "Learn more"),
+ learnMoreURL: `https://tb-manual.torproject.org/${getLocale()}/onion-services/`,
+ always: getString("always", "Always"),
+ askEverytime: getString("askEverytime", "Ask you every time"),
+ prioritizeOnionsDescription: getString(
+ "prioritizeOnionsDescription",
+ "Prioritize onionsites when they are available."
+ ),
+ onionServicesTitle: getString("onionServicesTitle", "Onion Services"),
+ };
+
+ return retval;
+ })() /* OnionLocation */,
+
+ /*
+ Tor Deamon Configuration Key Strings
+ */
+
+ // TODO: proper camel case
+ configKeys: {
+ /* Bridge Conf Settings */
+ useBridges: "UseBridges",
+ bridgeList: "Bridge",
+ /* Proxy Conf Strings */
+ socks4Proxy: "Socks4Proxy",
+ socks5Proxy: "Socks5Proxy",
+ socks5ProxyUsername: "Socks5ProxyUsername",
+ socks5ProxyPassword: "Socks5ProxyPassword",
+ httpsProxy: "HTTPSProxy",
+ httpsProxyAuthenticator: "HTTPSProxyAuthenticator",
+ /* Firewall Conf Strings */
+ reachableAddresses: "ReachableAddresses",
+
+ /* BridgeDB Strings */
+ clientTransportPlugin: "ClientTransportPlugin",
+ },
+
+ /*
+ about:config preference keys
+ */
+
+ preferenceKeys: {
+ defaultBridgeType: "extensions.torlauncher.default_bridge_type",
+ recommendedBridgeType:
+ "extensions.torlauncher.default_bridge_recommended_type",
+ },
+
+ /*
+ about:config preference branches
+ */
+ preferenceBranches: {
+ defaultBridge: "extensions.torlauncher.default_bridge.",
+ bridgeDBBridges: "extensions.torlauncher.bridgedb_bridge.",
+ },
+};
diff --git a/browser/modules/moz.build b/browser/modules/moz.build
index cbb94cf736a0..88f2a55d6f49 100644
--- a/browser/modules/moz.build
+++ b/browser/modules/moz.build
@@ -154,6 +154,7 @@ EXTRA_JS_MODULES += [
'TabUnloader.jsm',
'ThemeVariableMap.jsm',
'TopSiteAttribution.jsm',
+ 'TorStrings.jsm',
'TransientPrefs.jsm',
'webrtcUI.jsm',
'ZoomUI.jsm',
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 3547: Block all plugins.
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit 16fdeb954d06879af5f1a89e678babdf3f7e271f
Author: Mike Perry <mikeperry-git(a)torproject.org>
Date: Tue Dec 4 16:03:13 2012 -0800
Bug 3547: Block all plugins.
We cannot use the @mozilla.org/extensions/blocklist;1 service, because we
actually want to stop plugins from ever entering the browser's process space
and/or executing code (for example, AV plugins that collect statistics/analyse
urls, magical toolbars that phone home or "help" the user, skype buttons that
ruin our day, and censorship filters). Hence we rolled our own.
See https://trac.torproject.org/projects/tor/ticket/3547#comment:6 for musings
on a better way. Until then, it is delta-darwinism for us.
---
dom/plugins/base/PluginFinder.cpp | 3 +++
1 file changed, 3 insertions(+)
diff --git a/dom/plugins/base/PluginFinder.cpp b/dom/plugins/base/PluginFinder.cpp
index 4e1c1fd53698..cace7d4ef6ba 100644
--- a/dom/plugins/base/PluginFinder.cpp
+++ b/dom/plugins/base/PluginFinder.cpp
@@ -480,6 +480,9 @@ nsresult PluginFinder::ScanPluginsDirectory(nsIFile* pluginsDir,
*aPluginsChanged = false;
+ // Block all plugins
+ return NS_OK;
+
#ifdef PLUGIN_LOGGING
nsAutoCString dirPath;
pluginsDir->GetNativePath(dirPath);
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 16439: Remove screencasting code
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit 18bb0e179eb40bc3acf4001881e99defbb54264c
Author: Kathy Brade <brade(a)pearlcrescent.com>
Date: Wed Jun 24 11:01:11 2015 -0400
Bug 16439: Remove screencasting code
We avoid including the screencasting code on mobile (it got ripped out
for desktop in bug 1393582) by simply excluding the related JS modules
from Tor Browser.
---
toolkit/modules/moz.build | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/toolkit/modules/moz.build b/toolkit/modules/moz.build
index f000f35c126f..e1f1eb5759c5 100644
--- a/toolkit/modules/moz.build
+++ b/toolkit/modules/moz.build
@@ -260,10 +260,11 @@ if 'Android' != CONFIG['OS_TARGET']:
]
else:
DEFINES['ANDROID'] = True
- EXTRA_JS_MODULES += [
- 'secondscreen/RokuApp.jsm',
- 'secondscreen/SimpleServiceDiscovery.jsm',
- ]
+ if not CONFIG['TOR_BROWSER_VERSION']:
+ EXTRA_JS_MODULES += [
+ 'secondscreen/RokuApp.jsm',
+ 'secondscreen/SimpleServiceDiscovery.jsm',
+ ]
if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'windows':
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 12974: Disable NTLM and Negotiate HTTP Auth
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit 2b73f277b971dce46e9bc92d69d2a58252205d97
Author: Mike Perry <mikeperry-git(a)torproject.org>
Date: Wed Aug 27 15:19:10 2014 -0700
Bug 12974: Disable NTLM and Negotiate HTTP Auth
This is technically an embargoed Mozilla bug, so I probably shouldn't provide
too many details.
Suffice to say that NTLM and Negotiate auth are bad for Tor users, and I doubt
very many (or any of them) actually need it.
The Mozilla bug is https://bugzilla.mozilla.org/show_bug.cgi?id=1046421
---
extensions/auth/nsHttpNegotiateAuth.cpp | 4 ++++
netwerk/protocol/http/nsHttpNTLMAuth.cpp | 3 +++
2 files changed, 7 insertions(+)
diff --git a/extensions/auth/nsHttpNegotiateAuth.cpp b/extensions/auth/nsHttpNegotiateAuth.cpp
index 99720475b9dd..1c08fcf3da7e 100644
--- a/extensions/auth/nsHttpNegotiateAuth.cpp
+++ b/extensions/auth/nsHttpNegotiateAuth.cpp
@@ -152,6 +152,10 @@ nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel* authChannel,
nsIAuthModule* rawModule = (nsIAuthModule*)*continuationState;
*identityInvalid = false;
+
+ /* Always fail Negotiate auth for Tor Browser. We don't need it. */
+ return NS_ERROR_ABORT;
+
if (rawModule) {
return NS_OK;
}
diff --git a/netwerk/protocol/http/nsHttpNTLMAuth.cpp b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
index 0a30de051014..891aaadfd758 100644
--- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
@@ -168,6 +168,9 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel* channel,
*identityInvalid = false;
+ /* Always fail Negotiate auth for Tor Browser. We don't need it. */
+ return NS_ERROR_ABORT;
+
// Start a new auth sequence if the challenge is exactly "NTLM".
// If native NTLM auth apis are available and enabled through prefs,
// try to use them.
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 9173: Change the default Firefox profile directory to be TBB-relative.
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit 52f9073ee75bfba66ca71ab811172d491567e994
Author: Kathy Brade <brade(a)pearlcrescent.com>
Date: Fri Oct 18 15:20:06 2013 -0400
Bug 9173: Change the default Firefox profile directory to be TBB-relative.
This should eliminate our need to rely on a wrapper script that
sets /Users/arthur and launches Firefox with -profile.
---
toolkit/profile/nsToolkitProfileService.cpp | 5 +-
toolkit/xre/nsAppRunner.cpp | 2 +-
toolkit/xre/nsConsoleWriter.cpp | 2 +-
toolkit/xre/nsXREDirProvider.cpp | 150 ++++++----------------------
toolkit/xre/nsXREDirProvider.h | 16 +--
xpcom/io/nsAppFileLocationProvider.cpp | 97 +++++++-----------
6 files changed, 84 insertions(+), 188 deletions(-)
diff --git a/toolkit/profile/nsToolkitProfileService.cpp b/toolkit/profile/nsToolkitProfileService.cpp
index dc4811313b5e..a3e50f8c00d3 100644
--- a/toolkit/profile/nsToolkitProfileService.cpp
+++ b/toolkit/profile/nsToolkitProfileService.cpp
@@ -723,10 +723,11 @@ nsresult nsToolkitProfileService::Init() {
NS_ASSERTION(gDirServiceProvider, "No dirserviceprovider!");
nsresult rv;
- rv = nsXREDirProvider::GetUserAppDataDirectory(getter_AddRefs(mAppData));
+ rv = gDirServiceProvider->GetUserAppDataDirectory(getter_AddRefs(mAppData));
NS_ENSURE_SUCCESS(rv, rv);
- rv = nsXREDirProvider::GetUserLocalDataDirectory(getter_AddRefs(mTempData));
+ rv =
+ gDirServiceProvider->GetUserLocalDataDirectory(getter_AddRefs(mTempData));
NS_ENSURE_SUCCESS(rv, rv);
rv = mAppData->Clone(getter_AddRefs(mProfileDBFile));
diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
index 8b5bce27cdc4..e3e7f785ada9 100644
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -3182,7 +3182,7 @@ int XREMain::XRE_mainInit(bool* aExitFlag) {
if ((mAppData->flags & NS_XRE_ENABLE_CRASH_REPORTER) &&
NS_SUCCEEDED(CrashReporter::SetExceptionHandler(xreBinDirectory))) {
nsCOMPtr<nsIFile> file;
- rv = nsXREDirProvider::GetUserAppDataDirectory(getter_AddRefs(file));
+ rv = mDirProvider.GetUserAppDataDirectory(getter_AddRefs(file));
if (NS_SUCCEEDED(rv)) {
CrashReporter::SetUserAppDataDirectory(file);
}
diff --git a/toolkit/xre/nsConsoleWriter.cpp b/toolkit/xre/nsConsoleWriter.cpp
index 0a2c0c342893..46735a293a00 100644
--- a/toolkit/xre/nsConsoleWriter.cpp
+++ b/toolkit/xre/nsConsoleWriter.cpp
@@ -29,7 +29,7 @@ void WriteConsoleLog() {
} else {
if (!gLogConsoleErrors) return;
- rv = nsXREDirProvider::GetUserAppDataDirectory(getter_AddRefs(lfile));
+ rv = gDirServiceProvider->GetUserAppDataDirectory(getter_AddRefs(lfile));
if (NS_FAILED(rv)) return;
lfile->AppendNative(NS_LITERAL_CSTRING("console.log"));
diff --git a/toolkit/xre/nsXREDirProvider.cpp b/toolkit/xre/nsXREDirProvider.cpp
index 7641ef683c39..f80cb2827349 100644
--- a/toolkit/xre/nsXREDirProvider.cpp
+++ b/toolkit/xre/nsXREDirProvider.cpp
@@ -32,6 +32,7 @@
#include "nsArrayEnumerator.h"
#include "nsEnumeratorUtils.h"
#include "nsReadableUtils.h"
+#include "nsXPCOMPrivate.h" // for XPCOM_FILE_PATH_SEPARATOR
#include "SpecialSystemDirectory.h"
@@ -249,9 +250,6 @@ nsresult nsXREDirProvider::GetUserProfilesRootDir(nsIFile** aResult) {
nsresult rv = GetUserDataDirectory(getter_AddRefs(file), false);
if (NS_SUCCEEDED(rv)) {
-#if !defined(XP_UNIX) || defined(XP_MACOSX)
- rv = file->AppendNative(NS_LITERAL_CSTRING("Profiles"));
-#endif
// We must create the profile directory here if it does not exist.
nsresult tmp = EnsureDirectoryExists(file);
if (NS_FAILED(tmp)) {
@@ -267,9 +265,6 @@ nsresult nsXREDirProvider::GetUserProfilesLocalDir(nsIFile** aResult) {
nsresult rv = GetUserDataDirectory(getter_AddRefs(file), true);
if (NS_SUCCEEDED(rv)) {
-#if !defined(XP_UNIX) || defined(XP_MACOSX)
- rv = file->AppendNative(NS_LITERAL_CSTRING("Profiles"));
-#endif
// We must create the profile directory here if it does not exist.
nsresult tmp = EnsureDirectoryExists(file);
if (NS_FAILED(tmp)) {
@@ -1403,7 +1398,7 @@ nsresult nsXREDirProvider::SetUserDataProfileDirectory(nsCOMPtr<nsIFile>& aFile,
nsresult nsXREDirProvider::GetUserDataDirectoryHome(nsIFile** aFile,
bool aLocal) {
// Copied from nsAppFileLocationProvider (more or less)
- nsresult rv;
+ NS_ENSURE_ARG_POINTER(aFile);
nsCOMPtr<nsIFile> localDir;
if (aLocal && gDataDirHomeLocal) {
@@ -1413,81 +1408,39 @@ nsresult nsXREDirProvider::GetUserDataDirectoryHome(nsIFile** aFile,
return gDataDirHome->Clone(aFile);
}
-#if defined(XP_MACOSX)
- FSRef fsRef;
- OSType folderType;
- if (aLocal) {
- folderType = kCachedDataFolderType;
- } else {
-# ifdef MOZ_THUNDERBIRD
- folderType = kDomainLibraryFolderType;
-# else
- folderType = kApplicationSupportFolderType;
-# endif
- }
- OSErr err = ::FSFindFolder(kUserDomain, folderType, kCreateFolder, &fsRef);
- NS_ENSURE_FALSE(err, NS_ERROR_FAILURE);
-
- rv = NS_NewNativeLocalFile(EmptyCString(), true, getter_AddRefs(localDir));
+ nsresult rv = GetAppDir()->Clone(getter_AddRefs(localDir));
NS_ENSURE_SUCCESS(rv, rv);
- nsCOMPtr<nsILocalFileMac> dirFileMac = do_QueryInterface(localDir);
- NS_ENSURE_TRUE(dirFileMac, NS_ERROR_UNEXPECTED);
-
- rv = dirFileMac->InitWithFSRef(&fsRef);
- NS_ENSURE_SUCCESS(rv, rv);
+ int levelsToRemove = 1; // In FF21+, appDir points to browser subdirectory.
+#if defined(XP_MACOSX)
+ levelsToRemove += 2;
+#endif
+ while (localDir && (levelsToRemove > 0)) {
+ // When crawling up the hierarchy, components named "." do not count.
+ nsAutoCString removedName;
+ rv = localDir->GetNativeLeafName(removedName);
+ NS_ENSURE_SUCCESS(rv, rv);
+ bool didRemove = !removedName.Equals(".");
- localDir = dirFileMac;
-#elif defined(XP_IOS)
- nsAutoCString userDir;
- if (GetUIKitDirectory(aLocal, userDir)) {
- rv = NS_NewNativeLocalFile(userDir, true, getter_AddRefs(localDir));
- } else {
- rv = NS_ERROR_FAILURE;
- }
- NS_ENSURE_SUCCESS(rv, rv);
-#elif defined(XP_WIN)
- nsString path;
- if (aLocal) {
- rv = GetShellFolderPath(FOLDERID_LocalAppData, path);
- if (NS_FAILED(rv)) rv = GetRegWindowsAppDataFolder(aLocal, path);
- }
- if (!aLocal || NS_FAILED(rv)) {
- rv = GetShellFolderPath(FOLDERID_RoamingAppData, path);
- if (NS_FAILED(rv)) {
- if (!aLocal) rv = GetRegWindowsAppDataFolder(aLocal, path);
- }
+ // Remove a directory component.
+ nsCOMPtr<nsIFile> parentDir;
+ rv = localDir->GetParent(getter_AddRefs(parentDir));
+ NS_ENSURE_SUCCESS(rv, rv);
+ localDir = parentDir;
+ if (didRemove) --levelsToRemove;
}
- NS_ENSURE_SUCCESS(rv, rv);
- rv = NS_NewLocalFile(path, true, getter_AddRefs(localDir));
-#elif defined(XP_UNIX)
- const char* homeDir = getenv("HOME");
- if (!homeDir || !*homeDir) return NS_ERROR_FAILURE;
+ if (!localDir) return NS_ERROR_FAILURE;
-# ifdef ANDROID /* We want (ProfD == ProfLD) on Android. */
- aLocal = false;
-# endif
+ rv = localDir->AppendRelativeNativePath(
+ NS_LITERAL_CSTRING("TorBrowser" XPCOM_FILE_PATH_SEPARATOR
+ "Data" XPCOM_FILE_PATH_SEPARATOR "Browser"));
+ NS_ENSURE_SUCCESS(rv, rv);
if (aLocal) {
- // If $XDG_CACHE_HOME is defined use it, otherwise use $HOME/.cache.
- const char* cacheHome = getenv("XDG_CACHE_HOME");
- if (cacheHome && *cacheHome) {
- rv = NS_NewNativeLocalFile(nsDependentCString(cacheHome), true,
- getter_AddRefs(localDir));
- } else {
- rv = NS_NewNativeLocalFile(nsDependentCString(homeDir), true,
- getter_AddRefs(localDir));
- if (NS_SUCCEEDED(rv))
- rv = localDir->AppendNative(NS_LITERAL_CSTRING(".cache"));
- }
- } else {
- rv = NS_NewNativeLocalFile(nsDependentCString(homeDir), true,
- getter_AddRefs(localDir));
+ rv = localDir->AppendNative(NS_LITERAL_CSTRING("Caches"));
+ NS_ENSURE_SUCCESS(rv, rv);
}
-#else
-# error "Don't know how to get product dir on your platform"
-#endif
NS_IF_ADDREF(*aFile = localDir);
return rv;
@@ -1670,39 +1623,23 @@ nsresult nsXREDirProvider::AppendProfilePath(nsIFile* aFile, bool aLocal) {
}
nsAutoCString profile;
- nsAutoCString appName;
- nsAutoCString vendor;
if (gAppData->profile) {
profile = gAppData->profile;
- } else {
- appName = gAppData->name;
- vendor = gAppData->vendor;
}
- nsresult rv = NS_OK;
+ nsresult rv = NS_ERROR_FAILURE;
#if defined(XP_MACOSX)
if (!profile.IsEmpty()) {
rv = AppendProfileString(aFile, profile.get());
- } else {
- // Note that MacOS ignores the vendor when creating the profile hierarchy -
- // all application preferences directories live alongside one another in
- // ~/Library/Application Support/
- rv = aFile->AppendNative(appName);
+ NS_ENSURE_SUCCESS(rv, rv);
}
- NS_ENSURE_SUCCESS(rv, rv);
#elif defined(XP_WIN)
if (!profile.IsEmpty()) {
rv = AppendProfileString(aFile, profile.get());
- } else {
- if (!vendor.IsEmpty()) {
- rv = aFile->AppendNative(vendor);
- NS_ENSURE_SUCCESS(rv, rv);
- }
- rv = aFile->AppendNative(appName);
+ NS_ENSURE_SUCCESS(rv, rv);
}
- NS_ENSURE_SUCCESS(rv, rv);
#elif defined(ANDROID)
// The directory used for storing profiles
@@ -1712,11 +1649,6 @@ nsresult nsXREDirProvider::AppendProfilePath(nsIFile* aFile, bool aLocal) {
rv = aFile->AppendNative(nsDependentCString("mozilla"));
NS_ENSURE_SUCCESS(rv, rv);
#elif defined(XP_UNIX)
- nsAutoCString folder;
- // Make it hidden (by starting with "."), except when local (the
- // profile is already under ~/.cache or XDG_CACHE_HOME).
- if (!aLocal) folder.Assign('.');
-
if (!profile.IsEmpty()) {
// Skip any leading path characters
const char* profileStart = profile.get();
@@ -1724,32 +1656,16 @@ nsresult nsXREDirProvider::AppendProfilePath(nsIFile* aFile, bool aLocal) {
// On the off chance that someone wanted their folder to be hidden don't
// let it become ".."
- if (*profileStart == '.' && !aLocal) profileStart++;
+ if (*profileStart == '.') profileStart++;
+ // Make it hidden (by starting with ".").
+ nsAutoCString folder(".");
folder.Append(profileStart);
ToLowerCase(folder);
rv = AppendProfileString(aFile, folder.BeginReading());
- } else {
- if (!vendor.IsEmpty()) {
- folder.Append(vendor);
- ToLowerCase(folder);
-
- rv = aFile->AppendNative(folder);
- NS_ENSURE_SUCCESS(rv, rv);
-
- folder.Truncate();
- }
-
- // This can be the case in tests.
- if (!appName.IsEmpty()) {
- folder.Append(appName);
- ToLowerCase(folder);
-
- rv = aFile->AppendNative(folder);
- }
+ NS_ENSURE_SUCCESS(rv, rv);
}
- NS_ENSURE_SUCCESS(rv, rv);
#else
# error "Don't know how to get profile path on your platform"
diff --git a/toolkit/xre/nsXREDirProvider.h b/toolkit/xre/nsXREDirProvider.h
index e55b4e153c56..b9678d4ec577 100644
--- a/toolkit/xre/nsXREDirProvider.h
+++ b/toolkit/xre/nsXREDirProvider.h
@@ -63,15 +63,19 @@ class nsXREDirProvider final : public nsIDirectoryServiceProvider2,
void DoShutdown();
- static nsresult GetUserAppDataDirectory(nsIFile** aFile) {
+ nsresult GetUserAppDataDirectory(nsIFile** aFile) {
return GetUserDataDirectory(aFile, false);
}
- static nsresult GetUserLocalDataDirectory(nsIFile** aFile) {
+ nsresult GetUserLocalDataDirectory(nsIFile** aFile) {
return GetUserDataDirectory(aFile, true);
}
// GetUserDataDirectory gets the profile path from gAppData.
- static nsresult GetUserDataDirectory(nsIFile** aFile, bool aLocal);
+
+ // This function now calls GetAppDir(), so it cannot be static anymore.
+ // The same happens with all the functions (in)directly calling this one (the
+ // rest of Get*Directory functions in this file)
+ nsresult GetUserDataDirectory(nsIFile** aFile, bool aLocal);
/* make sure you clone it, if you need to do stuff to it */
nsIFile* GetGREDir() { return mGREDir; }
@@ -112,9 +116,9 @@ class nsXREDirProvider final : public nsIDirectoryServiceProvider2,
protected:
nsresult GetFilesInternal(const char* aProperty,
nsISimpleEnumerator** aResult);
- static nsresult GetUserDataDirectoryHome(nsIFile** aFile, bool aLocal);
- static nsresult GetSysUserExtensionsDirectory(nsIFile** aFile);
- static nsresult GetSysUserExtensionsDevDirectory(nsIFile** aFile);
+ nsresult GetUserDataDirectoryHome(nsIFile** aFile, bool aLocal);
+ nsresult GetSysUserExtensionsDirectory(nsIFile** aFile);
+ nsresult GetSysUserExtensionsDevDirectory(nsIFile** aFile);
#if defined(XP_UNIX) || defined(XP_MACOSX)
static nsresult GetSystemExtensionsDirectory(nsIFile** aFile);
#endif
diff --git a/xpcom/io/nsAppFileLocationProvider.cpp b/xpcom/io/nsAppFileLocationProvider.cpp
index 915e8bc7361e..81551a8e3893 100644
--- a/xpcom/io/nsAppFileLocationProvider.cpp
+++ b/xpcom/io/nsAppFileLocationProvider.cpp
@@ -15,6 +15,7 @@
#include "nsSimpleEnumerator.h"
#include "prenv.h"
#include "nsCRT.h"
+#include "nsXPCOMPrivate.h" // for XPCOM_FILE_PATH_SEPARATOR
#if defined(MOZ_WIDGET_COCOA)
# include <Carbon/Carbon.h>
# include "nsILocalFileMac.h"
@@ -233,9 +234,8 @@ nsresult nsAppFileLocationProvider::CloneMozBinDirectory(nsIFile** aLocalFile) {
// GetProductDirectory - Gets the directory which contains the application data
// folder
//
-// UNIX : ~/.mozilla/
-// WIN : <Application Data folder on user's machine>\Mozilla
-// Mac : :Documents:Mozilla:
+// UNIX and WIN : <App Folder>/TorBrowser/Data/Browser
+// Mac : <App Folder>/../../TorBrowser/Data/Browser
//----------------------------------------------------------------------------------------
nsresult nsAppFileLocationProvider::GetProductDirectory(nsIFile** aLocalFile,
bool aLocal) {
@@ -247,49 +247,45 @@ nsresult nsAppFileLocationProvider::GetProductDirectory(nsIFile** aLocalFile,
bool exists;
nsCOMPtr<nsIFile> localDir;
-#if defined(MOZ_WIDGET_COCOA)
- FSRef fsRef;
- OSType folderType =
- aLocal ? (OSType)kCachedDataFolderType : (OSType)kDomainLibraryFolderType;
- OSErr err = ::FSFindFolder(kUserDomain, folderType, kCreateFolder, &fsRef);
- if (err) {
- return NS_ERROR_FAILURE;
+ rv = CloneMozBinDirectory(getter_AddRefs(localDir));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ int levelsToRemove = 1; // In FF21+, bin dir points to browser subdirectory.
+#if defined(XP_MACOSX)
+ levelsToRemove += 2;
+#endif
+ while (localDir && (levelsToRemove > 0)) {
+ // When crawling up the hierarchy, components named "." do not count.
+ nsAutoCString removedName;
+ rv = localDir->GetNativeLeafName(removedName);
+ NS_ENSURE_SUCCESS(rv, rv);
+ bool didRemove = !removedName.Equals(".");
+
+ // Remove a directory component.
+ nsCOMPtr<nsIFile> parentDir;
+ rv = localDir->GetParent(getter_AddRefs(parentDir));
+ NS_ENSURE_SUCCESS(rv, rv);
+ localDir = parentDir;
+
+ if (didRemove) {
+ --levelsToRemove;
+ }
}
- NS_NewLocalFile(EmptyString(), true, getter_AddRefs(localDir));
+
if (!localDir) {
return NS_ERROR_FAILURE;
}
- nsCOMPtr<nsILocalFileMac> localDirMac(do_QueryInterface(localDir));
- rv = localDirMac->InitWithFSRef(&fsRef);
- if (NS_FAILED(rv)) {
- return rv;
- }
-#elif defined(XP_WIN)
- nsCOMPtr<nsIProperties> directoryService =
- do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv);
- if (NS_FAILED(rv)) {
- return rv;
- }
- const char* prop = aLocal ? NS_WIN_LOCAL_APPDATA_DIR : NS_WIN_APPDATA_DIR;
- rv = directoryService->Get(prop, NS_GET_IID(nsIFile),
- getter_AddRefs(localDir));
- if (NS_FAILED(rv)) {
- return rv;
- }
-#elif defined(XP_UNIX)
- rv = NS_NewNativeLocalFile(nsDependentCString(PR_GetEnv("HOME")), true,
- getter_AddRefs(localDir));
- if (NS_FAILED(rv)) {
- return rv;
- }
-#else
-# error dont_know_how_to_get_product_dir_on_your_platform
-#endif
- rv = localDir->AppendRelativeNativePath(DEFAULT_PRODUCT_DIR);
- if (NS_FAILED(rv)) {
- return rv;
+ rv = localDir->AppendRelativeNativePath(
+ NS_LITERAL_CSTRING("TorBrowser" XPCOM_FILE_PATH_SEPARATOR
+ "Data" XPCOM_FILE_PATH_SEPARATOR "Browser"));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ if (aLocal) {
+ rv = localDir->AppendNative(NS_LITERAL_CSTRING("Caches"));
+ NS_ENSURE_SUCCESS(rv, rv);
}
+
rv = localDir->Exists(&exists);
if (NS_SUCCEEDED(rv) && !exists) {
@@ -308,10 +304,6 @@ nsresult nsAppFileLocationProvider::GetProductDirectory(nsIFile** aLocalFile,
//----------------------------------------------------------------------------------------
// GetDefaultUserProfileRoot - Gets the directory which contains each user
// profile dir
-//
-// UNIX : ~/.mozilla/
-// WIN : <Application Data folder on user's machine>\Mozilla\Profiles
-// Mac : :Documents:Mozilla:Profiles:
//----------------------------------------------------------------------------------------
nsresult nsAppFileLocationProvider::GetDefaultUserProfileRoot(
nsIFile** aLocalFile, bool aLocal) {
@@ -327,23 +319,6 @@ nsresult nsAppFileLocationProvider::GetDefaultUserProfileRoot(
return rv;
}
-#if defined(MOZ_WIDGET_COCOA) || defined(XP_WIN)
- // These 3 platforms share this part of the path - do them as one
- rv = localDir->AppendRelativeNativePath(NS_LITERAL_CSTRING("Profiles"));
- if (NS_FAILED(rv)) {
- return rv;
- }
-
- bool exists;
- rv = localDir->Exists(&exists);
- if (NS_SUCCEEDED(rv) && !exists) {
- rv = localDir->Create(nsIFile::DIRECTORY_TYPE, 0775);
- }
- if (NS_FAILED(rv)) {
- return rv;
- }
-#endif
-
localDir.forget(aLocalFile);
return rv;
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 14631: Improve profile access error messages.
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit ec7ff9e498aa2709796b0b69121755b201072a62
Author: Kathy Brade <brade(a)pearlcrescent.com>
Date: Tue Feb 24 13:50:23 2015 -0500
Bug 14631: Improve profile access error messages.
Instead of always reporting that the profile is locked, display specific
messages for "access denied" and "read-only file system".
To allow for localization, get profile-related error strings from Torbutton.
Use app display name ("Tor Browser") in profile-related error alerts.
---
.../mozapps/profile/profileSelection.properties | 5 +
toolkit/profile/nsToolkitProfileService.cpp | 57 +++++++-
toolkit/profile/nsToolkitProfileService.h | 13 +-
toolkit/xre/nsAppRunner.cpp | 155 ++++++++++++++++++---
4 files changed, 207 insertions(+), 23 deletions(-)
diff --git a/toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties b/toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties
index 2be092bf4c4b..922b52cb1385 100644
--- a/toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties
+++ b/toolkit/locales/en-US/chrome/mozapps/profile/profileSelection.properties
@@ -12,6 +12,11 @@ restartMessageUnlocker=%S is already running, but is not responding. The old %S
restartMessageNoUnlockerMac=A copy of %S is already open. Only one copy of %S can be open at a time.
restartMessageUnlockerMac=A copy of %S is already open. The running copy of %S will quit in order to open this one.
+# LOCALIZATION NOTE (profileProblemTitle, profileReadOnly, profileReadOnlyMac, profileAccessDenied): Messages displayed when the browser profile cannot be accessed or written to. %S is the application name.
+profileProblemTitle=%S Profile Problem
+profileReadOnly=You cannot run %S from a read-only file system. Please copy %S to another location before trying to use it.
+profileReadOnlyMac=You cannot run %S from a read-only file system. Please copy %S to your Desktop or Applications folder before trying to use it.
+profileAccessDenied=%S does not have permission to access the profile. Please adjust your file system permissions and try again.
# Profile manager
# LOCALIZATION NOTE (profileTooltip): First %S is the profile name, second %S is the path to the profile folder.
profileTooltip=Profile: ‘%S’ - Path: ‘%S’
diff --git a/toolkit/profile/nsToolkitProfileService.cpp b/toolkit/profile/nsToolkitProfileService.cpp
index a3e50f8c00d3..3f32bd95f9c9 100644
--- a/toolkit/profile/nsToolkitProfileService.cpp
+++ b/toolkit/profile/nsToolkitProfileService.cpp
@@ -1161,9 +1161,10 @@ nsToolkitProfileService::SelectStartupProfile(
}
bool wasDefault;
+ ProfileStatus profileStatus;
nsresult rv =
SelectStartupProfile(&argc, argv.get(), aIsResetting, aRootDir, aLocalDir,
- aProfile, aDidCreate, &wasDefault);
+ aProfile, aDidCreate, &wasDefault, profileStatus);
// Since we were called outside of the normal startup path complete any
// startup tasks.
@@ -1196,7 +1197,8 @@ nsToolkitProfileService::SelectStartupProfile(
nsresult nsToolkitProfileService::SelectStartupProfile(
int* aArgc, char* aArgv[], bool aIsResetting, nsIFile** aRootDir,
nsIFile** aLocalDir, nsIToolkitProfile** aProfile, bool* aDidCreate,
- bool* aWasDefaultSelection) {
+ bool* aWasDefaultSelection, ProfileStatus& aProfileStatus) {
+ aProfileStatus = PROFILE_STATUS_OK;
if (mStartupProfileSelected) {
return NS_ERROR_ALREADY_INITIALIZED;
}
@@ -1290,6 +1292,13 @@ nsresult nsToolkitProfileService::SelectStartupProfile(
rv = XRE_GetFileFromPath(arg, getter_AddRefs(lf));
NS_ENSURE_SUCCESS(rv, rv);
+ aProfileStatus = CheckProfileWriteAccess(lf);
+ if (PROFILE_STATUS_OK != aProfileStatus) {
+ NS_ADDREF(*aRootDir = lf);
+ NS_ADDREF(*aLocalDir = lf);
+ return NS_ERROR_FAILURE;
+ }
+
// Make sure that the profile path exists and it's a directory.
bool exists;
rv = lf->Exists(&exists);
@@ -2079,3 +2088,47 @@ nsresult XRE_GetFileFromPath(const char* aPath, nsIFile** aResult) {
# error Platform-specific logic needed here.
#endif
}
+
+// Check for write permission to the profile directory by trying to create a
+// new file (after ensuring that no file with the same name exists).
+ProfileStatus nsToolkitProfileService::CheckProfileWriteAccess(
+ nsIFile* aProfileDir) {
+#if defined(XP_UNIX)
+ NS_NAMED_LITERAL_STRING(writeTestFileName, ".parentwritetest");
+#else
+ NS_NAMED_LITERAL_STRING(writeTestFileName, "parent.writetest");
+#endif
+
+ nsCOMPtr<nsIFile> writeTestFile;
+ nsresult rv = aProfileDir->Clone(getter_AddRefs(writeTestFile));
+ if (NS_SUCCEEDED(rv)) rv = writeTestFile->Append(writeTestFileName);
+
+ if (NS_SUCCEEDED(rv)) {
+ bool doesExist = false;
+ rv = writeTestFile->Exists(&doesExist);
+ if (NS_SUCCEEDED(rv) && doesExist) rv = writeTestFile->Remove(true);
+ }
+
+ if (NS_SUCCEEDED(rv)) {
+ rv = writeTestFile->Create(nsIFile::NORMAL_FILE_TYPE, 0666);
+ (void)writeTestFile->Remove(true);
+ }
+
+ ProfileStatus status =
+ NS_SUCCEEDED(rv) ? PROFILE_STATUS_OK : PROFILE_STATUS_OTHER_ERROR;
+ if (NS_ERROR_FILE_ACCESS_DENIED == rv)
+ status = PROFILE_STATUS_ACCESS_DENIED;
+ else if (NS_ERROR_FILE_READ_ONLY == rv)
+ status = PROFILE_STATUS_READ_ONLY;
+
+ return status;
+}
+
+ProfileStatus nsToolkitProfileService::CheckProfileWriteAccess(
+ nsIToolkitProfile* aProfile) {
+ nsCOMPtr<nsIFile> profileDir;
+ nsresult rv = aProfile->GetRootDir(getter_AddRefs(profileDir));
+ if (NS_FAILED(rv)) return PROFILE_STATUS_OTHER_ERROR;
+
+ return CheckProfileWriteAccess(profileDir);
+}
diff --git a/toolkit/profile/nsToolkitProfileService.h b/toolkit/profile/nsToolkitProfileService.h
index f2a238312b95..cfb1964ee1d7 100644
--- a/toolkit/profile/nsToolkitProfileService.h
+++ b/toolkit/profile/nsToolkitProfileService.h
@@ -15,6 +15,14 @@
#include "nsProfileLock.h"
#include "nsINIParser.h"
+enum ProfileStatus {
+ PROFILE_STATUS_OK,
+ PROFILE_STATUS_ACCESS_DENIED,
+ PROFILE_STATUS_READ_ONLY,
+ PROFILE_STATUS_IS_LOCKED,
+ PROFILE_STATUS_OTHER_ERROR
+};
+
class nsToolkitProfile final
: public nsIToolkitProfile,
public mozilla::LinkedListElement<RefPtr<nsToolkitProfile>> {
@@ -79,10 +87,13 @@ class nsToolkitProfileService final : public nsIToolkitProfileService {
nsresult SelectStartupProfile(int* aArgc, char* aArgv[], bool aIsResetting,
nsIFile** aRootDir, nsIFile** aLocalDir,
nsIToolkitProfile** aProfile, bool* aDidCreate,
- bool* aWasDefaultSelection);
+ bool* aWasDefaultSelection,
+ ProfileStatus& aProfileStatus);
nsresult CreateResetProfile(nsIToolkitProfile** aNewProfile);
nsresult ApplyResetProfile(nsIToolkitProfile* aOldProfile);
void CompleteStartup();
+ static ProfileStatus CheckProfileWriteAccess(nsIToolkitProfile* aProfile);
+ static ProfileStatus CheckProfileWriteAccess(nsIFile* aProfileDir);
private:
friend class nsToolkitProfile;
diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
index e3e7f785ada9..8de43a8c4cfc 100644
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -1731,6 +1731,91 @@ nsresult LaunchChild(bool aBlankCommandLine) {
return NS_ERROR_LAUNCHED_CHILD_PROCESS;
}
+static nsresult GetOverrideStringBundleForLocale(nsIStringBundleService* aSBS,
+ const char* aTorbuttonURI,
+ const char* aLocale,
+ nsIStringBundle** aResult) {
+ NS_ENSURE_ARG(aSBS);
+ NS_ENSURE_ARG(aTorbuttonURI);
+ NS_ENSURE_ARG(aLocale);
+ NS_ENSURE_ARG(aResult);
+
+ const char* kFormatStr =
+ "jar:%s!/chrome/torbutton/locale/%s/torbutton.properties";
+ nsPrintfCString strBundleURL(kFormatStr, aTorbuttonURI, aLocale);
+ nsresult rv = aSBS->CreateBundle(strBundleURL.get(), aResult);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // To ensure that we have a valid string bundle, try to retrieve a string
+ // that we know exists.
+ nsAutoString val;
+ rv = (*aResult)->GetStringFromName("profileProblemTitle", val);
+ if (!NS_SUCCEEDED(rv)) *aResult = nullptr; // No good. Discard it.
+
+ return rv;
+}
+
+static void GetOverrideStringBundle(nsIStringBundleService* aSBS,
+ nsIStringBundle** aResult) {
+ if (!aSBS || !aResult) return;
+
+ *aResult = nullptr;
+
+ // Build Torbutton file URI string by starting from GREDir.
+ RefPtr<nsXREDirProvider> dirProvider = nsXREDirProvider::GetSingleton();
+ if (!dirProvider) return;
+
+ nsCOMPtr<nsIFile> greDir = dirProvider->GetGREDir();
+ if (!greDir) return;
+
+ // Create file URI, extract as string, and append omni.ja relative path.
+ nsCOMPtr<nsIURI> uri;
+ nsAutoCString uriString;
+ if (NS_FAILED(NS_NewFileURI(getter_AddRefs(uri), greDir)) ||
+ NS_FAILED(uri->GetSpec(uriString))) {
+ return;
+ }
+
+ uriString.Append("omni.ja");
+
+ nsAutoCString userAgentLocale;
+ if (!NS_SUCCEEDED(
+ Preferences::GetCString("intl.locale.requested", userAgentLocale))) {
+ return;
+ }
+
+ nsresult rv = GetOverrideStringBundleForLocale(
+ aSBS, uriString.get(), userAgentLocale.get(), aResult);
+ if (NS_FAILED(rv)) {
+ // Try again using base locale, e.g., "en" vs. "en-US".
+ int16_t offset = userAgentLocale.FindChar('-', 1);
+ if (offset > 0) {
+ nsAutoCString shortLocale(Substring(userAgentLocale, 0, offset));
+ rv = GetOverrideStringBundleForLocale(aSBS, uriString.get(),
+ shortLocale.get(), aResult);
+ }
+ }
+}
+
+static nsresult GetFormattedString(nsIStringBundle* aOverrideBundle,
+ nsIStringBundle* aMainBundle,
+ const char* aName,
+ const nsTArray<nsString>& aParams,
+ nsAString& aResult) {
+ NS_ENSURE_ARG(aName);
+
+ nsresult rv = NS_ERROR_FAILURE;
+ if (aOverrideBundle) {
+ rv = aOverrideBundle->FormatStringFromName(aName, aParams, aResult);
+ }
+
+ // If string was not found in override bundle, use main (browser) bundle.
+ if (NS_FAILED(rv) && aMainBundle)
+ rv = aMainBundle->FormatStringFromName(aName, aParams, aResult);
+
+ return rv;
+}
+
static const char kProfileProperties[] =
"chrome://mozapps/locale/profile/profileSelection.properties";
@@ -1779,7 +1864,7 @@ static nsresult ProfileMissingDialog(nsINativeAppSupport* aNative) {
sbs->CreateBundle(kProfileProperties, getter_AddRefs(sb));
NS_ENSURE_TRUE_LOG(sbs, NS_ERROR_FAILURE);
- NS_ConvertUTF8toUTF16 appName(gAppData->name);
+ NS_ConvertUTF8toUTF16 appName(MOZ_APP_DISPLAYNAME);
AutoTArray<nsString, 2> params = {appName, appName};
// profileMissing
@@ -1801,11 +1886,12 @@ static nsresult ProfileMissingDialog(nsINativeAppSupport* aNative) {
}
}
-static ReturnAbortOnError ProfileLockedDialog(nsIFile* aProfileDir,
- nsIFile* aProfileLocalDir,
- nsIProfileUnlocker* aUnlocker,
- nsINativeAppSupport* aNative,
- nsIProfileLock** aResult) {
+static ReturnAbortOnError ProfileErrorDialog(nsIFile* aProfileDir,
+ nsIFile* aProfileLocalDir,
+ ProfileStatus aStatus,
+ nsIProfileUnlocker* aUnlocker,
+ nsINativeAppSupport* aNative,
+ nsIProfileLock** aResult) {
nsresult rv;
bool exists;
@@ -1833,24 +1919,39 @@ static ReturnAbortOnError ProfileLockedDialog(nsIFile* aProfileDir,
sbs->CreateBundle(kProfileProperties, getter_AddRefs(sb));
NS_ENSURE_TRUE_LOG(sbs, NS_ERROR_FAILURE);
- NS_ConvertUTF8toUTF16 appName(gAppData->name);
+ nsCOMPtr<nsIStringBundle> overrideSB;
+ GetOverrideStringBundle(sbs, getter_AddRefs(overrideSB));
+
+ NS_ConvertUTF8toUTF16 appName(MOZ_APP_DISPLAYNAME);
AutoTArray<nsString, 3> params = {appName, appName, appName};
nsAutoString killMessage;
#ifndef XP_MACOSX
- rv = sb->FormatStringFromName(
- aUnlocker ? "restartMessageUnlocker" : "restartMessageNoUnlocker2",
- params, killMessage);
+ static const char kRestartUnlocker[] = "restartMessageUnlocker";
+ static const char kRestartNoUnlocker[] = "restartMessageNoUnlocker2";
+ static const char kReadOnly[] = "profileReadOnly";
#else
- rv = sb->FormatStringFromName(
- aUnlocker ? "restartMessageUnlockerMac" : "restartMessageNoUnlockerMac",
- params, killMessage);
+ static const char kRestartUnlocker[] = "restartMessageUnlockerMac";
+ static const char kRestartNoUnlocker[] = "restartMessageNoUnlockerMac";
+ static const char kReadOnly[] = "profileReadOnlyMac";
#endif
+ static const char kAccessDenied[] = "profileAccessDenied";
+
+ const char* errorKey = aUnlocker ? kRestartUnlocker : kRestartNoUnlocker;
+ if (PROFILE_STATUS_READ_ONLY == aStatus)
+ errorKey = kReadOnly;
+ else if (PROFILE_STATUS_ACCESS_DENIED == aStatus)
+ errorKey = kAccessDenied;
+ rv = GetFormattedString(overrideSB, sb, errorKey, params, killMessage);
NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE);
+ const char* titleKey = ((PROFILE_STATUS_READ_ONLY == aStatus) ||
+ (PROFILE_STATUS_ACCESS_DENIED == aStatus))
+ ? "profileProblemTitle"
+ : "restartTitle";
params.SetLength(1);
nsAutoString killTitle;
- rv = sb->FormatStringFromName("restartTitle", params, killTitle);
+ rv = sb->FormatStringFromName(titleKey, params, killTitle);
NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE);
if (gfxPlatform::IsHeadless()) {
@@ -2008,6 +2109,13 @@ static nsCOMPtr<nsIToolkitProfile> gResetOldProfile;
static nsresult LockProfile(nsINativeAppSupport* aNative, nsIFile* aRootDir,
nsIFile* aLocalDir, nsIToolkitProfile* aProfile,
nsIProfileLock** aResult) {
+ ProfileStatus status =
+ (aProfile ? nsToolkitProfileService::CheckProfileWriteAccess(aProfile)
+ : nsToolkitProfileService::CheckProfileWriteAccess(aRootDir));
+ if (PROFILE_STATUS_OK != status)
+ return ProfileErrorDialog(aRootDir, aLocalDir, status, nullptr, aNative,
+ aResult);
+
// If you close Firefox and very quickly reopen it, the old Firefox may
// still be closing down. Rather than immediately showing the
// "Firefox is running but is not responding" message, we spend a few
@@ -2034,7 +2142,8 @@ static nsresult LockProfile(nsINativeAppSupport* aNative, nsIFile* aRootDir,
} while (TimeStamp::Now() - start <
TimeDuration::FromSeconds(kLockRetrySeconds));
- return ProfileLockedDialog(aRootDir, aLocalDir, unlocker, aNative, aResult);
+ return ProfileErrorDialog(aRootDir, aLocalDir, PROFILE_STATUS_IS_LOCKED,
+ unlocker, aNative, aResult);
}
// Pick a profile. We need to end up with a profile root dir, local dir and
@@ -2049,7 +2158,8 @@ static nsresult LockProfile(nsINativeAppSupport* aNative, nsIFile* aRootDir,
static nsresult SelectProfile(nsToolkitProfileService* aProfileSvc,
nsINativeAppSupport* aNative, nsIFile** aRootDir,
nsIFile** aLocalDir, nsIToolkitProfile** aProfile,
- bool* aWasDefaultSelection) {
+ bool* aWasDefaultSelection,
+ nsIProfileLock** aResult) {
StartupTimeline::Record(StartupTimeline::SELECT_PROFILE);
nsresult rv;
@@ -2095,9 +2205,14 @@ static nsresult SelectProfile(nsToolkitProfileService* aProfileSvc,
// Ask the profile manager to select the profile directories to use.
bool didCreate = false;
- rv = aProfileSvc->SelectStartupProfile(&gArgc, gArgv, gDoProfileReset,
- aRootDir, aLocalDir, aProfile,
- &didCreate, aWasDefaultSelection);
+ ProfileStatus profileStatus = PROFILE_STATUS_OK;
+ rv = aProfileSvc->SelectStartupProfile(
+ &gArgc, gArgv, gDoProfileReset, aRootDir, aLocalDir, aProfile, &didCreate,
+ aWasDefaultSelection, profileStatus);
+ if (PROFILE_STATUS_OK != profileStatus) {
+ return ProfileErrorDialog(*aRootDir, *aLocalDir, profileStatus, nullptr,
+ aNative, aResult);
+ }
if (rv == NS_ERROR_SHOW_PROFILE_MANAGER) {
return ShowProfileManager(aProfileSvc, aNative);
@@ -3927,7 +4042,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) {
nsCOMPtr<nsIToolkitProfile> profile;
rv = SelectProfile(mProfileSvc, mNativeApp, getter_AddRefs(mProfD),
getter_AddRefs(mProfLD), getter_AddRefs(profile),
- &wasDefaultSelection);
+ &wasDefaultSelection, getter_AddRefs(mProfileLock));
if (rv == NS_ERROR_LAUNCHED_CHILD_PROCESS || rv == NS_ERROR_ABORT) {
*aExitFlag = true;
return 0;
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 13252: Do not store data in the app bundle
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit 75ecb6df8728eb0776dbd760342cd871a54ae65a
Author: Kathy Brade <brade(a)pearlcrescent.com>
Date: Fri Mar 18 14:20:02 2016 -0400
Bug 13252: Do not store data in the app bundle
When --enable-tor-browser-data-outside-app-dir is enabled,
all user data is stored in a directory named
TorBrowser-Data which is located next to the application directory.
Display an informative error message if the TorBrowser-Data
directory cannot be created due to an "access denied" or a
"read only volume" error.
On Mac OS, add support for the --invisible command line option which
is used by the meek-http-helper to avoid showing an icon for the
helper browser on the dock.
---
toolkit/xre/nsAppRunner.cpp | 76 +++++++++++++++---
toolkit/xre/nsXREDirProvider.cpp | 43 +++++-----
toolkit/xre/nsXREDirProvider.h | 6 ++
xpcom/io/TorFileUtils.cpp | 142 +++++++++++++++++++++++++++++++++
xpcom/io/TorFileUtils.h | 33 ++++++++
xpcom/io/moz.build | 5 ++
xpcom/io/nsAppFileLocationProvider.cpp | 53 +++++-------
7 files changed, 290 insertions(+), 68 deletions(-)
diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
index 8de43a8c4cfc..9854332f6917 100644
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -1886,6 +1886,8 @@ static nsresult ProfileMissingDialog(nsINativeAppSupport* aNative) {
}
}
+// If aUnlocker is NULL, it is also OK for the following arguments to be NULL:
+// aProfileDir, aProfileLocalDir, aResult.
static ReturnAbortOnError ProfileErrorDialog(nsIFile* aProfileDir,
nsIFile* aProfileLocalDir,
ProfileStatus aStatus,
@@ -1894,17 +1896,19 @@ static ReturnAbortOnError ProfileErrorDialog(nsIFile* aProfileDir,
nsIProfileLock** aResult) {
nsresult rv;
- bool exists;
- aProfileDir->Exists(&exists);
- if (!exists) {
- return ProfileMissingDialog(aNative);
+ if (aProfileDir) {
+ bool exists;
+ aProfileDir->Exists(&exists);
+ if (!exists) {
+ return ProfileMissingDialog(aNative);
+ }
}
ScopedXPCOMStartup xpcom;
rv = xpcom.Initialize();
NS_ENSURE_SUCCESS(rv, rv);
- mozilla::Telemetry::WriteFailedProfileLock(aProfileDir);
+ if (aProfileDir) mozilla::Telemetry::WriteFailedProfileLock(aProfileDir);
rv = xpcom.SetWindowCreator(aNative);
NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE);
@@ -1994,7 +1998,8 @@ static ReturnAbortOnError ProfileErrorDialog(nsIFile* aProfileDir,
}
} else {
#ifdef MOZ_WIDGET_ANDROID
- if (java::GeckoAppShell::UnlockProfile()) {
+ if (aProfileDir && aProfileLocalDir && aResult &&
+ java::GeckoAppShell::UnlockProfile()) {
return NS_LockProfilePath(aProfileDir, aProfileLocalDir, nullptr,
aResult);
}
@@ -2102,6 +2107,23 @@ static ReturnAbortOnError ShowProfileManager(
return LaunchChild(false);
}
+#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR
+static ProfileStatus CheckTorBrowserDataWriteAccess(nsIFile* aAppDir) {
+ // Check whether we can write to the directory that will contain
+ // TorBrowser-Data.
+ nsCOMPtr<nsIFile> tbDataDir;
+ RefPtr<nsXREDirProvider> dirProvider = nsXREDirProvider::GetSingleton();
+ if (!dirProvider) return PROFILE_STATUS_OTHER_ERROR;
+ nsresult rv =
+ dirProvider->GetTorBrowserUserDataDir(getter_AddRefs(tbDataDir));
+ NS_ENSURE_SUCCESS(rv, PROFILE_STATUS_OTHER_ERROR);
+ nsCOMPtr<nsIFile> tbDataDirParent;
+ rv = tbDataDir->GetParent(getter_AddRefs(tbDataDirParent));
+ NS_ENSURE_SUCCESS(rv, PROFILE_STATUS_OTHER_ERROR);
+ return nsToolkitProfileService::CheckProfileWriteAccess(tbDataDirParent);
+}
+#endif
+
static bool gDoMigration = false;
static bool gDoProfileReset = false;
static nsCOMPtr<nsIToolkitProfile> gResetOldProfile;
@@ -3178,6 +3200,14 @@ int XREMain::XRE_mainInit(bool* aExitFlag) {
if (PR_GetEnv("XRE_MAIN_BREAK")) NS_BREAK();
#endif
+#if defined(XP_MACOSX) && defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
+ bool hideDockIcon = (CheckArg("invisible") == ARG_FOUND);
+ if (hideDockIcon) {
+ ProcessSerialNumber psn = {0, kCurrentProcess};
+ TransformProcessType(&psn, kProcessTransformToBackgroundApplication);
+ }
+#endif
+
IncreaseDescriptorLimits();
#ifdef USE_GLX_TEST
@@ -4026,7 +4056,34 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) {
return 0;
}
+#if (defined(MOZ_UPDATER) && !defined(MOZ_WIDGET_ANDROID)) || \
+ defined(TOR_BROWSER_DATA_OUTSIDE_APP_DIR)
+ nsCOMPtr<nsIFile> exeFile, exeDir;
+ bool persistent;
+ rv = mDirProvider.GetFile(XRE_EXECUTABLE_FILE, &persistent,
+ getter_AddRefs(exeFile));
+ NS_ENSURE_SUCCESS(rv, 1);
+ rv = exeFile->GetParent(getter_AddRefs(exeDir));
+ NS_ENSURE_SUCCESS(rv, 1);
+#endif
+
rv = NS_NewToolkitProfileService(getter_AddRefs(mProfileSvc));
+#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR
+ if (NS_FAILED(rv)) {
+ // NS_NewToolkitProfileService() returns a generic NS_ERROR_FAILURE error
+ // if creation of the TorBrowser-Data directory fails due to access denied
+ // or because of a read-only disk volume. Do an extra check here to detect
+ // these errors so we can display an informative error message.
+ ProfileStatus status = CheckTorBrowserDataWriteAccess(exeDir);
+ if ((PROFILE_STATUS_ACCESS_DENIED == status) ||
+ (PROFILE_STATUS_READ_ONLY == status)) {
+ ProfileErrorDialog(nullptr, nullptr, status, nullptr, mNativeApp,
+ nullptr);
+ return 1;
+ }
+ }
+ #endif
+
if (rv == NS_ERROR_FILE_ACCESS_DENIED) {
PR_fprintf(PR_STDERR,
"Error: Access was denied while trying to open files in "
@@ -4095,7 +4152,6 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) {
#if defined(MOZ_UPDATER) && !defined(MOZ_WIDGET_ANDROID)
// Check for and process any available updates
nsCOMPtr<nsIFile> updRoot;
- bool persistent;
rv = mDirProvider.GetFile(XRE_UPDATE_ROOT_DIR, &persistent,
getter_AddRefs(updRoot));
// XRE_UPDATE_ROOT_DIR may fail. Fallback to appDir if failed
@@ -4131,12 +4187,6 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) {
if (CheckArg("test-process-updates")) {
SaveToEnv("MOZ_TEST_PROCESS_UPDATES=1");
}
- nsCOMPtr<nsIFile> exeFile, exeDir;
- rv = mDirProvider.GetFile(XRE_EXECUTABLE_FILE, &persistent,
- getter_AddRefs(exeFile));
- NS_ENSURE_SUCCESS(rv, 1);
- rv = exeFile->GetParent(getter_AddRefs(exeDir));
- NS_ENSURE_SUCCESS(rv, 1);
ProcessUpdates(mDirProvider.GetGREDir(), exeDir, updRoot, gRestartArgc,
gRestartArgv, mAppData->version);
if (EnvHasValue("MOZ_TEST_PROCESS_UPDATES")) {
diff --git a/toolkit/xre/nsXREDirProvider.cpp b/toolkit/xre/nsXREDirProvider.cpp
index f80cb2827349..335a340ea3e9 100644
--- a/toolkit/xre/nsXREDirProvider.cpp
+++ b/toolkit/xre/nsXREDirProvider.cpp
@@ -51,6 +51,8 @@
# include "nsIPK11Token.h"
#endif
+#include "TorFileUtils.h"
+
#include <stdlib.h>
#ifdef XP_WIN
@@ -1408,34 +1410,18 @@ nsresult nsXREDirProvider::GetUserDataDirectoryHome(nsIFile** aFile,
return gDataDirHome->Clone(aFile);
}
- nsresult rv = GetAppDir()->Clone(getter_AddRefs(localDir));
+ nsresult rv = GetTorBrowserUserDataDir(getter_AddRefs(localDir));
NS_ENSURE_SUCCESS(rv, rv);
- int levelsToRemove = 1; // In FF21+, appDir points to browser subdirectory.
-#if defined(XP_MACOSX)
- levelsToRemove += 2;
-#endif
- while (localDir && (levelsToRemove > 0)) {
- // When crawling up the hierarchy, components named "." do not count.
- nsAutoCString removedName;
- rv = localDir->GetNativeLeafName(removedName);
- NS_ENSURE_SUCCESS(rv, rv);
- bool didRemove = !removedName.Equals(".");
-
- // Remove a directory component.
- nsCOMPtr<nsIFile> parentDir;
- rv = localDir->GetParent(getter_AddRefs(parentDir));
- NS_ENSURE_SUCCESS(rv, rv);
- localDir = parentDir;
- if (didRemove) --levelsToRemove;
- }
-
- if (!localDir) return NS_ERROR_FAILURE;
-
+#if !defined(ANDROID)
+#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR
+ rv = localDir->AppendNative(NS_LITERAL_CSTRING("Browser"));
+#else
rv = localDir->AppendRelativeNativePath(
- NS_LITERAL_CSTRING("TorBrowser" XPCOM_FILE_PATH_SEPARATOR
- "Data" XPCOM_FILE_PATH_SEPARATOR "Browser"));
+ NS_LITERAL_CSTRING("Data" XPCOM_FILE_PATH_SEPARATOR "Browser"));
+#endif
NS_ENSURE_SUCCESS(rv, rv);
+#endif
if (aLocal) {
rv = localDir->AppendNative(NS_LITERAL_CSTRING("Caches"));
@@ -1541,6 +1527,15 @@ nsresult nsXREDirProvider::GetUserDataDirectory(nsIFile** aFile, bool aLocal) {
return NS_OK;
}
+nsresult nsXREDirProvider::GetTorBrowserUserDataDir(nsIFile** aFile) {
+ NS_ENSURE_ARG_POINTER(aFile);
+ nsCOMPtr<nsIFile> exeFile;
+ bool per = false;
+ nsresult rv = GetFile(XRE_EXECUTABLE_FILE, &per, getter_AddRefs(exeFile));
+ NS_ENSURE_SUCCESS(rv, rv);
+ return TorBrowser_GetUserDataDir(exeFile, aFile);
+}
+
nsresult nsXREDirProvider::EnsureDirectoryExists(nsIFile* aDirectory) {
nsresult rv = aDirectory->Create(nsIFile::DIRECTORY_TYPE, 0700);
diff --git a/toolkit/xre/nsXREDirProvider.h b/toolkit/xre/nsXREDirProvider.h
index b9678d4ec577..2aa2face5974 100644
--- a/toolkit/xre/nsXREDirProvider.h
+++ b/toolkit/xre/nsXREDirProvider.h
@@ -113,6 +113,12 @@ class nsXREDirProvider final : public nsIDirectoryServiceProvider2,
*/
nsresult GetProfileDir(nsIFile** aResult);
+ /**
+ * Get the TorBrowser user data directory by calling the
+ * TorBrowser_GetUserDataDir() utility function.
+ */
+ nsresult GetTorBrowserUserDataDir(nsIFile** aFile);
+
protected:
nsresult GetFilesInternal(const char* aProperty,
nsISimpleEnumerator** aResult);
diff --git a/xpcom/io/TorFileUtils.cpp b/xpcom/io/TorFileUtils.cpp
new file mode 100644
index 000000000000..bddf8d7bbd95
--- /dev/null
+++ b/xpcom/io/TorFileUtils.cpp
@@ -0,0 +1,142 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "TorFileUtils.h"
+#include "nsString.h"
+#ifdef MOZ_WIDGET_COCOA
+#include <Carbon/Carbon.h>
+#include "nsILocalFileMac.h"
+#endif
+
+static nsresult GetAppRootDir(nsIFile *aExeFile, nsIFile** aFile);
+
+//-----------------------------------------------------------------------------
+nsresult
+TorBrowser_GetUserDataDir(nsIFile *aExeFile, nsIFile** aFile)
+{
+ NS_ENSURE_ARG_POINTER(aFile);
+ nsCOMPtr<nsIFile> tbDataDir;
+
+#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR
+ nsAutoCString tbDataLeafName(NS_LITERAL_CSTRING("TorBrowser-Data"));
+ nsCOMPtr<nsIFile> appRootDir;
+ nsresult rv = GetAppRootDir(aExeFile, getter_AddRefs(appRootDir));
+ NS_ENSURE_SUCCESS(rv, rv);
+#ifndef XP_MACOSX
+ // On all platforms except Mac OS, we always operate in a "portable" mode
+ // where the TorBrowser-Data directory is located next to the application.
+ rv = appRootDir->GetParent(getter_AddRefs(tbDataDir));
+ NS_ENSURE_SUCCESS(rv, rv);
+ rv = tbDataDir->AppendNative(tbDataLeafName);
+ NS_ENSURE_SUCCESS(rv, rv);
+#else
+ // For Mac OS, determine whether we should store user data in the OS's
+ // standard location (i.e., under ~/Library/Application Support). We use
+ // the OS location if (1) the application is installed in a directory whose
+ // path contains "/Applications" or (2) the TorBrowser-Data directory does
+ // not exist and cannot be created (which probably means we lack write
+ // permission to the directory that contains the application).
+ nsAutoString appRootPath;
+ rv = appRootDir->GetPath(appRootPath);
+ NS_ENSURE_SUCCESS(rv, rv);
+ bool useOSLocation = (appRootPath.Find("/Applications",
+ true /* ignore case */) >= 0);
+ if (!useOSLocation) {
+ // We hope to use the portable (aka side-by-side) approach, but before we
+ // commit to that, let's ensure that we can create the TorBrowser-Data
+ // directory. If it already exists, we will try to use it; if not and we
+ // fail to create it, we will switch to ~/Library/Application Support.
+ rv = appRootDir->GetParent(getter_AddRefs(tbDataDir));
+ NS_ENSURE_SUCCESS(rv, rv);
+ rv = tbDataDir->AppendNative(tbDataLeafName);
+ NS_ENSURE_SUCCESS(rv, rv);
+ bool exists = false;
+ rv = tbDataDir->Exists(&exists);
+ if (NS_SUCCEEDED(rv) && !exists)
+ rv = tbDataDir->Create(nsIFile::DIRECTORY_TYPE, 0700);
+ useOSLocation = NS_FAILED(rv);
+ }
+
+ if (useOSLocation) {
+ // We are using ~/Library/Application Support/TorBrowser-Data. We do not
+ // need to create that directory here because the code in nsXREDirProvider
+ // will do so (and the user should always have write permission for
+ // ~/Library/Application Support; if they do not we have no more options).
+ FSRef fsRef;
+ OSErr err = ::FSFindFolder(kUserDomain, kApplicationSupportFolderType,
+ kCreateFolder, &fsRef);
+ NS_ENSURE_FALSE(err, NS_ERROR_FAILURE);
+ // To convert the FSRef returned by FSFindFolder() into an nsIFile that
+ // points to ~/Library/Application Support, we first create an empty
+ // nsIFile object (no path) and then use InitWithFSRef() to set the
+ // path.
+ rv = NS_NewNativeLocalFile(EmptyCString(), true,
+ getter_AddRefs(tbDataDir));
+ NS_ENSURE_SUCCESS(rv, rv);
+ nsCOMPtr<nsILocalFileMac> dirFileMac = do_QueryInterface(tbDataDir);
+ if (!dirFileMac)
+ return NS_ERROR_UNEXPECTED;
+ rv = dirFileMac->InitWithFSRef(&fsRef);
+ NS_ENSURE_SUCCESS(rv, rv);
+ rv = tbDataDir->AppendNative(tbDataLeafName);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+#endif
+
+#elif defined(ANDROID)
+ // Tor Browser Android stores data in the app home directory.
+ const char* homeDir = getenv("HOME");
+ if (!homeDir || !*homeDir)
+ return NS_ERROR_FAILURE;
+ nsresult rv = NS_NewNativeLocalFile(nsDependentCString(homeDir), true,
+ getter_AddRefs(tbDataDir));
+#else
+ // User data is embedded within the application directory (i.e.,
+ // TOR_BROWSER_DATA_OUTSIDE_APP_DIR is not defined).
+ nsresult rv = GetAppRootDir(aExeFile, getter_AddRefs(tbDataDir));
+ NS_ENSURE_SUCCESS(rv, rv);
+ rv = tbDataDir->AppendNative(NS_LITERAL_CSTRING("TorBrowser"));
+ NS_ENSURE_SUCCESS(rv, rv);
+#endif
+
+ tbDataDir.forget(aFile);
+ return NS_OK;
+}
+
+static nsresult
+GetAppRootDir(nsIFile *aExeFile, nsIFile** aFile)
+{
+ NS_ENSURE_ARG_POINTER(aExeFile);
+ NS_ENSURE_ARG_POINTER(aFile);
+ nsCOMPtr<nsIFile> appRootDir = aExeFile;
+
+ int levelsToRemove = 1; // Remove firefox (the executable file).
+#if defined(XP_MACOSX)
+ levelsToRemove += 2; // On Mac OS, we must also remove Contents/MacOS.
+#endif
+ while (appRootDir && (levelsToRemove > 0)) {
+ // When crawling up the hierarchy, components named "." do not count.
+ nsAutoCString removedName;
+ nsresult rv = appRootDir->GetNativeLeafName(removedName);
+ NS_ENSURE_SUCCESS(rv, rv);
+ bool didRemove = !removedName.Equals(".");
+
+ // Remove a directory component.
+ nsCOMPtr<nsIFile> parentDir;
+ rv = appRootDir->GetParent(getter_AddRefs(parentDir));
+ NS_ENSURE_SUCCESS(rv, rv);
+ appRootDir = parentDir;
+
+ if (didRemove)
+ --levelsToRemove;
+ }
+
+ if (!appRootDir)
+ return NS_ERROR_FAILURE;
+
+ appRootDir.forget(aFile);
+ return NS_OK;
+}
diff --git a/xpcom/io/TorFileUtils.h b/xpcom/io/TorFileUtils.h
new file mode 100644
index 000000000000..d5e86abf9685
--- /dev/null
+++ b/xpcom/io/TorFileUtils.h
@@ -0,0 +1,33 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef TorFileUtils_h__
+#define TorFileUtils_h__
+
+#include "nsIFile.h"
+
+/**
+ * TorBrowser_GetUserDataDir
+ *
+ * Retrieve the Tor Browser user data directory.
+ * When built with --enable-tor-browser-data-outside-app-dir, the directory
+ * is next to the application directory, except on Mac OS where it may be
+ * there or it may be at ~/Library/Application Support/TorBrowser-Data (the
+ * latter location is used if the .app bundle is in a directory whose path
+ * contains /Applications or if we lack write access to the directory that
+ * contains the .app).
+ * When built without --enable-tor-browser-data-outside-app-dir, this
+ * directory is TorBrowser.app/TorBrowser.
+ *
+ * @param aExeFile The firefox executable.
+ * @param aFile Out parameter that is set to the Tor Browser user data
+ * directory.
+ * @return NS_OK on success. Error otherwise.
+ */
+extern nsresult
+TorBrowser_GetUserDataDir(nsIFile *aExeFile, nsIFile** aFile);
+
+#endif // !TorFileUtils_h__
diff --git a/xpcom/io/moz.build b/xpcom/io/moz.build
index a165b491bc56..b0eb74f4c56d 100644
--- a/xpcom/io/moz.build
+++ b/xpcom/io/moz.build
@@ -86,6 +86,7 @@ EXPORTS += [
'nsUnicharInputStream.h',
'nsWildCard.h',
'SpecialSystemDirectory.h',
+ 'TorFileUtils.h',
]
EXPORTS.mozilla += [
@@ -135,6 +136,10 @@ UNIFIED_SOURCES += [
'SpecialSystemDirectory.cpp',
]
+SOURCES += [
+ 'TorFileUtils.cpp',
+]
+
if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa':
SOURCES += [
'CocoaFileUtils.mm',
diff --git a/xpcom/io/nsAppFileLocationProvider.cpp b/xpcom/io/nsAppFileLocationProvider.cpp
index 81551a8e3893..9f95e5cbec2d 100644
--- a/xpcom/io/nsAppFileLocationProvider.cpp
+++ b/xpcom/io/nsAppFileLocationProvider.cpp
@@ -28,6 +28,8 @@
# include <sys/param.h>
#endif
+#include "TorFileUtils.h"
+
// WARNING: These hard coded names need to go away. They need to
// come from localizable resources
@@ -234,8 +236,14 @@ nsresult nsAppFileLocationProvider::CloneMozBinDirectory(nsIFile** aLocalFile) {
// GetProductDirectory - Gets the directory which contains the application data
// folder
//
+#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR
+// UNIX and WIN : <App Folder>/../TorBrowser-Data/Browser
+// Mac : <App Folder>/../../../TorBrowser-Data/Browser OR
+// ~/Library/Application Support/TorBrowser-Data/Browser
+#else
// UNIX and WIN : <App Folder>/TorBrowser/Data/Browser
// Mac : <App Folder>/../../TorBrowser/Data/Browser
+#endif
//----------------------------------------------------------------------------------------
nsresult nsAppFileLocationProvider::GetProductDirectory(nsIFile** aLocalFile,
bool aLocal) {
@@ -243,42 +251,25 @@ nsresult nsAppFileLocationProvider::GetProductDirectory(nsIFile** aLocalFile,
return NS_ERROR_INVALID_ARG;
}
- nsresult rv;
+ nsresult rv = NS_ERROR_UNEXPECTED;
bool exists;
- nsCOMPtr<nsIFile> localDir;
+ nsCOMPtr<nsIFile> localDir, exeFile;
- rv = CloneMozBinDirectory(getter_AddRefs(localDir));
+ nsCOMPtr<nsIProperties> directoryService(
+ do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv));
+ NS_ENSURE_SUCCESS(rv, rv);
+ rv = directoryService->Get(XRE_EXECUTABLE_FILE, NS_GET_IID(nsIFile),
+ getter_AddRefs(exeFile));
+ NS_ENSURE_SUCCESS(rv, rv);
+ rv = TorBrowser_GetUserDataDir(exeFile, getter_AddRefs(localDir));
NS_ENSURE_SUCCESS(rv, rv);
- int levelsToRemove = 1; // In FF21+, bin dir points to browser subdirectory.
-#if defined(XP_MACOSX)
- levelsToRemove += 2;
-#endif
- while (localDir && (levelsToRemove > 0)) {
- // When crawling up the hierarchy, components named "." do not count.
- nsAutoCString removedName;
- rv = localDir->GetNativeLeafName(removedName);
- NS_ENSURE_SUCCESS(rv, rv);
- bool didRemove = !removedName.Equals(".");
-
- // Remove a directory component.
- nsCOMPtr<nsIFile> parentDir;
- rv = localDir->GetParent(getter_AddRefs(parentDir));
- NS_ENSURE_SUCCESS(rv, rv);
- localDir = parentDir;
-
- if (didRemove) {
- --levelsToRemove;
- }
- }
-
- if (!localDir) {
- return NS_ERROR_FAILURE;
- }
-
+#ifdef TOR_BROWSER_DATA_OUTSIDE_APP_DIR
+ rv = localDir->AppendNative(NS_LITERAL_CSTRING("Browser"));
+#else
rv = localDir->AppendRelativeNativePath(
- NS_LITERAL_CSTRING("TorBrowser" XPCOM_FILE_PATH_SEPARATOR
- "Data" XPCOM_FILE_PATH_SEPARATOR "Browser"));
+ NS_LITERAL_CSTRING("Data" XPCOM_FILE_PATH_SEPARATOR "Browser"));
+#endif
NS_ENSURE_SUCCESS(rv, rv);
if (aLocal) {
1
0
[tor-browser/tor-browser-78.12.0esr-10.5-1] Bug 13028: Prevent potential proxy bypass cases.
by sysrqb@torproject.org 09 Jul '21
by sysrqb@torproject.org 09 Jul '21
09 Jul '21
commit 589c5b0200ef92b0e6b46ca11b58d7cca88534eb
Author: Mike Perry <mikeperry-git(a)torproject.org>
Date: Mon Sep 29 14:30:19 2014 -0700
Bug 13028: Prevent potential proxy bypass cases.
It looks like these cases should only be invoked in the NSS command line
tools, and not the browser, but I decided to patch them anyway because there
literally is a maze of network function pointers being passed around, and it's
very hard to tell if some random code might not pass in the proper proxied
versions of the networking code here by accident.
---
security/nss/lib/certhigh/ocsp.c | 8 ++++++++
.../lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c | 21 +++++++++++++++++++++
2 files changed, 29 insertions(+)
diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c
index cea8456606bf..86fa971cfbef 100644
--- a/security/nss/lib/certhigh/ocsp.c
+++ b/security/nss/lib/certhigh/ocsp.c
@@ -2932,6 +2932,14 @@ ocsp_ConnectToHost(const char *host, PRUint16 port)
PRNetAddr addr;
char *netdbbuf = NULL;
+ // XXX: Do we need a unittest ifdef here? We don't want to break the tests, but
+ // we want to ensure nothing can ever hit this code in production.
+#if 1
+ printf("Tor Browser BUG: Attempted OSCP direct connect to %s, port %u\n", host,
+ port);
+ goto loser;
+#endif
+
sock = PR_NewTCPSocket();
if (sock == NULL)
goto loser;
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
index e8698376b5be..85791d84a932 100644
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
@@ -1334,6 +1334,13 @@ pkix_pl_Socket_Create(
plContext),
PKIX_COULDNOTCREATESOCKETOBJECT);
+ // XXX: Do we need a unittest ifdef here? We don't want to break the tests, but
+ // we want to ensure nothing can ever hit this code in production.
+#if 1
+ printf("Tor Browser BUG: Attempted pkix direct socket connect\n");
+ PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
+#endif
+
socket->isServer = isServer;
socket->timeout = timeout;
socket->clientSock = NULL;
@@ -1433,6 +1440,13 @@ pkix_pl_Socket_CreateByName(
localCopyName = PL_strdup(serverName);
+ // XXX: Do we need a unittest ifdef here? We don't want to break the tests, but
+ // we want to ensure nothing can ever hit this code in production.
+#if 1
+ printf("Tor Browser BUG: Attempted pkix direct connect to %s\n", serverName);
+ PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
+#endif
+
sepPtr = strchr(localCopyName, ':');
/* First strip off the portnum, if present, from the end of the name */
if (sepPtr) {
@@ -1582,6 +1596,13 @@ pkix_pl_Socket_CreateByHostAndPort(
PKIX_ENTER(SOCKET, "pkix_pl_Socket_CreateByHostAndPort");
PKIX_NULLCHECK_THREE(hostname, pStatus, pSocket);
+ // XXX: Do we need a unittest ifdef here? We don't want to break the tests, but
+ // we want to ensure nothing can ever hit this code in production.
+#if 1
+ printf("Tor Browser BUG: Attempted pkix direct connect to %s, port %u\n", hostname,
+ portnum);
+ PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
+#endif
prstatus = PR_GetHostByName(hostname, buf, sizeof(buf), &hostent);
1
0