- tbb-commits - lists.torproject.org

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-128.5.0esr-14.5-1-build2
by morgan (＠morgan) 25 Nov '24

25 Nov '24

morgan pushed new tag mullvad-browser-128.5.0esr-14.5-1-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-128.5.0esr-14.5-1-build2
by morgan (＠morgan) 25 Nov '24

25 Nov '24

morgan pushed new tag tor-browser-128.5.0esr-14.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.5.0esr-14.5-1] 4 commits: Bug 1836921 - Improve dialogs a=dmeehan
by morgan (＠morgan) 25 Nov '24

25 Nov '24

morgan pushed to branch mullvad-browser-128.5.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser Commits: b50d0c88 by Arturo Mejia at 2024-11-25T21:58:05+00:00 Bug 1836921 - Improve dialogs a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D226961 Differential Revision: https://phabricator.services.mozilla.com/D228842 - - - - - 2ccb950c by Malte Juergens at 2024-11-25T21:58:06+00:00 Bug 1909396 - Remove HTTPS-Only exception button in iframes r=freddyb,fluent-reviewers Rationale for this can be read in Bug 1909396, but the main reason is that the iframe will get blocked regardless by mixed content blocking. Differential Revision: https://phabricator.services.mozilla.com/D220257 - - - - - 255f9c5b by Makoto Kato at 2024-11-25T21:58:06+00:00 Bug 1776646 - Support EXTRA_IS_SENSITIVE for clipboard. r=geckoview-reviewers,owlish When nsITransferable.isPrivateData is true, such as coping password or private mode, we should set EXTRA_IS_SENSITIVE to ClipData. AndroidJunit test runner doesn't often get `ClipDescription.extras` from clipboard service in test runner. So we cannot write a unit test using AndroidJUnit test runner. Differential Revision: https://phabricator.services.mozilla.com/D225326 - - - - - 60b7e8a2 by Cathy Lu at 2024-11-25T21:58:06+00:00 Bug 1914797 - Part 1 + 2 + partial backout (details below) Bug 1914797 - Part 1 - Revert bug 1868469 r=android-reviewers,jonalmeida, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D226431 Bug 1914797 - Part 2 - Add url change during onPageStart for slow loading sites r=android-reviewers,jonalmeida, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D226432 Backed out 1 changesets (bug 1914797) for causing Bug 1929028 Backed out changeset a79554879d7b (bug 1914797) - - - - - 16 changed files: - dom/ipc/WindowGlobalParent.cpp - dom/security/test/https-only/browser.toml - + dom/security/test/https-only/browser_iframe_buttons.js - + dom/security/test/https-only/file_iframe_buttons.html - mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragment.kt - mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragmentTest.kt - mobile/android/android-components/components/feature/session/src/main/java/mozilla/components/feature/session/SessionUseCases.kt - mobile/android/android-components/components/feature/session/src/test/java/mozilla/components/feature/session/SessionUseCasesTest.kt - mobile/android/android-components/docs/changelog.md - mobile/android/fenix/app/src/androidTest/java/org/mozilla/fenix/ui/CrashReportingTest.kt - mobile/android/geckoview/src/main/java/org/mozilla/gecko/Clipboard.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoInputConnection.java - toolkit/components/httpsonlyerror/content/errorpage.html - toolkit/components/httpsonlyerror/content/errorpage.js - toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl - widget/android/nsClipboard.cpp Changes: ===================================== dom/ipc/WindowGlobalParent.cpp ===================================== @@ -1378,18 +1378,11 @@ mozilla::ipc::IPCResult WindowGlobalParent::RecvReloadWithHttpsOnlyException() { return IPC_FAIL(this, "HTTPS-only mode: Illegal state"); } - // If the error page is within an iFrame, we create an exception for whatever - // scheme the top-level site is currently on, because the user wants to - // unbreak the iFrame and not the top-level page. When the error page shows up - // on a top-level request, then we replace the scheme with http, because the - // user wants to unbreak the whole page. + // We replace the scheme with http, because the user wants to unbreak the + // whole page. nsCOMPtr<nsIURI> newURI; - if (!BrowsingContext()->IsTop()) { - newURI = innerURI; - } else { - Unused << NS_MutateURI(innerURI).SetScheme("http"_ns).Finalize( - getter_AddRefs(newURI)); - } + Unused << NS_MutateURI(innerURI).SetScheme("http"_ns).Finalize( + getter_AddRefs(newURI)); OriginAttributes originAttributes = TopWindowContext()->DocumentPrincipal()->OriginAttributesRef(); ===================================== dom/security/test/https-only/browser.toml ===================================== @@ -29,6 +29,9 @@ support-files = [ ["browser_httpsonly_speculative_connect.js"] support-files = ["file_httpsonly_speculative_connect.html"] +["browser_iframe_buttons.js"] +support-files = ["file_iframe_buttons.html"] + ["browser_iframe_test.js"] skip-if = [ "os == 'linux' && bits == 64", # Bug 1735565 ===================================== dom/security/test/https-only/browser_iframe_buttons.js ===================================== @@ -0,0 +1,50 @@ +/* Any copyright is dedicated to the Public Domain. + https://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +// Ensure the buttons at the buttom of the HTTPS-Only error page do not get +// displayed in an iframe (Bug 1909396). + +add_task(async function test_iframe_buttons() { + await BrowserTestUtils.withNewTab( + "https://example.com/browser/dom/security/test/https-only/file_iframe_button…", + async function (browser) { + await SpecialPowers.pushPrefEnv({ + set: [["dom.security.https_only_mode", true]], + }); + + await SpecialPowers.spawn(browser, [], async function () { + const iframe = content.document.getElementById("iframe"); + // eslint-disable-next-line @microsoft/sdl/no-insecure-url + iframe.src = "http://nocert.example.com"; + + await ContentTaskUtils.waitForCondition( + () => iframe.contentWindow.document.readyState === "interactive", + "Iframe error page should have loaded" + ); + + ok( + !!iframe.contentWindow.document.getElementById("explanation-iframe"), + "#explanation-iframe should exist" + ); + + is( + iframe.contentWindow.document + .getElementById("explanation-iframe") + .getAttribute("hidden"), + null, + "#explanation-iframe should not be hidden" + ); + + for (const id of ["explanation-continue", "goBack", "openInsecure"]) { + is( + iframe.contentWindow.document.getElementById(id), + null, + `#${id} should have been removed` + ); + } + }); + } + ); +}); ===================================== dom/security/test/https-only/file_iframe_buttons.html ===================================== @@ -0,0 +1,9 @@ +<!DOCTYPE html> +<html lang="en"> +<head> + <meta charset="UTF-8"> +</head> +<body> + <iframe id="iframe" frameborder="0"></iframe> +</body> +</html> ===================================== mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragment.kt ===================================== @@ -11,6 +11,7 @@ import androidx.annotation.StringRes import androidx.annotation.StyleRes import androidx.annotation.VisibleForTesting import androidx.appcompat.app.AlertDialog +import mozilla.components.support.ktx.util.PromptAbuserDetector import mozilla.components.ui.widgets.withCenterAlignedButtons /** @@ -23,6 +24,10 @@ import mozilla.components.ui.widgets.withCenterAlignedButtons */ class SimpleRedirectDialogFragment : RedirectDialogFragment() { + @VisibleForTesting + internal var promptAbuserDetector = + PromptAbuserDetector(maxSuccessiveDialogSecondsLimit = TIME_SHOWN_OFFSET_SECONDS) + @VisibleForTesting internal var testingContext: Context? = null @@ -32,6 +37,8 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { return if (themeID == 0) AlertDialog.Builder(context) else AlertDialog.Builder(context, themeID) } + promptAbuserDetector.updateJSDialogAbusedState() + return with(requireBundle()) { val dialogTitleText = getInt(KEY_TITLE_TEXT, R.string.mozac_feature_applinks_normal_confirm_dialog_title) val dialogMessageString = getString(KEY_MESSAGE_STRING, "") @@ -40,18 +47,29 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { val themeResId = getInt(KEY_THEME_ID, 0) val cancelable = getBoolean(KEY_CANCELABLE, false) - getBuilder(themeResId) + val dialog = getBuilder(themeResId) .setTitle(dialogTitleText) .setMessage(dialogMessageString) - .setPositiveButton(positiveButtonText) { _, _ -> - onConfirmRedirect() - } + .setPositiveButton(positiveButtonText) { _, _ -> } .setNegativeButton(negativeButtonText) { _, _ -> onCancelRedirect() } .setCancelable(cancelable) .create() - .withCenterAlignedButtons() + + dialog.withCenterAlignedButtons() + dialog.setOnShowListener { + val okButton = dialog.getButton(AlertDialog.BUTTON_POSITIVE) + okButton.setOnClickListener { + if (promptAbuserDetector.areDialogsBeingAbused()) { + promptAbuserDetector.updateJSDialogAbusedState() + } else { + onConfirmRedirect() + dialog.dismiss() + } + } + } + dialog } } @@ -101,6 +119,7 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { const val KEY_THEME_ID = "KEY_THEME_ID" const val KEY_CANCELABLE = "KEY_CANCELABLE" + private const val TIME_SHOWN_OFFSET_SECONDS = 1 } private fun requireBundle(): Bundle { ===================================== mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragmentTest.kt ===================================== @@ -13,6 +13,7 @@ import mozilla.components.support.test.mock import mozilla.components.support.test.robolectric.testContext import org.junit.Assert.assertFalse import org.junit.Assert.assertTrue +import org.junit.Ignore import org.junit.Test import org.junit.runner.RunWith import org.mockito.Mockito.doNothing @@ -27,6 +28,7 @@ class SimpleRedirectDialogFragmentTest { private val themeResId = appcompatR.style.Theme_AppCompat_Light @Test + @Ignore("This will be addressed in another follow up ticket") fun `Dialog confirmed callback is called correctly`() { var onConfirmCalled = false var onCancelCalled = false @@ -104,6 +106,7 @@ class SimpleRedirectDialogFragmentTest { assertFalse(onCancelCalled) } + @Suppress("unused") private fun mockFragmentManager(): FragmentManager { val fragmentManager: FragmentManager = mock() val transaction: FragmentTransaction = mock() ===================================== mobile/android/android-components/components/feature/session/src/main/java/mozilla/components/feature/session/SessionUseCases.kt ===================================== @@ -4,7 +4,6 @@ package mozilla.components.feature.session -import mozilla.components.browser.state.action.ContentAction import mozilla.components.browser.state.action.CrashAction import mozilla.components.browser.state.action.EngineAction import mozilla.components.browser.state.action.LastAccessAction @@ -94,13 +93,6 @@ class SessionUseCases( flags = flags, additionalHeaders = additionalHeaders, ) - // Update the url in content immediately until the engine updates with any new changes to the state. - store.dispatch( - ContentAction.UpdateUrlAction( - loadSessionId, - url, - ), - ) store.dispatch( EngineAction.OptimizedLoadUrlTriggeredAction( loadSessionId, ===================================== mobile/android/android-components/components/feature/session/src/test/java/mozilla/components/feature/session/SessionUseCasesTest.kt ===================================== @@ -11,7 +11,6 @@ import mozilla.components.browser.state.action.EngineAction import mozilla.components.browser.state.action.TabListAction import mozilla.components.browser.state.engine.EngineMiddleware import mozilla.components.browser.state.selector.findTab -import mozilla.components.browser.state.selector.selectedTab import mozilla.components.browser.state.state.BrowserState import mozilla.components.browser.state.state.TabSessionState import mozilla.components.browser.state.state.createCustomTab @@ -81,7 +80,6 @@ class SessionUseCasesTest { assertEquals("mozilla", action.tabId) assertEquals("https://getpocket.com", action.url) } - assertEquals("https://getpocket.com", store.state.selectedTab?.content?.url) useCases.loadUrl("https://www.mozilla.org", LoadUrlFlags.select(LoadUrlFlags.EXTERNAL)) store.waitUntilIdle() @@ -95,7 +93,6 @@ class SessionUseCasesTest { assertEquals("https://www.mozilla.org", action.url) assertEquals(LoadUrlFlags.select(LoadUrlFlags.EXTERNAL), action.flags) } - assertEquals("https://www.mozilla.org", store.state.selectedTab?.content?.url) useCases.loadUrl("https://firefox.com", store.state.selectedTabId) store.waitUntilIdle() @@ -105,7 +102,6 @@ class SessionUseCasesTest { assertEquals("mozilla", action.tabId) assertEquals("https://firefox.com", action.url) } - assertEquals("https://firefox.com", store.state.selectedTab?.content?.url) useCases.loadUrl.invoke( "https://developer.mozilla.org", ===================================== mobile/android/android-components/docs/changelog.md ===================================== @@ -109,9 +109,6 @@ permalink: /changelog/ * **feature-customtabs** * Fallback behaviour when failing to open a new window in custom tab will now be loading the URL directly in the same custom tab. [Bug 1832357](https://bugzilla.mozilla.org/show_bug.cgi?id=1832357) -* **feature-session** - * Update URL in the store immediately when using the optimized load URL code path. - * **tooling-lint** * Added a lint rule to detect when `Response#close` may not have been called. Note: Currently, this rule only runs on Android Components. ===================================== mobile/android/fenix/app/src/androidTest/java/org/mozilla/fenix/ui/CrashReportingTest.kt ===================================== @@ -83,7 +83,7 @@ class CrashReportingTest : TestSetup() { verifyPageContent(tabCrashMessage) }.openTabDrawer(activityTestRule) { verifyExistingOpenTabs(firstWebPage.title) - verifyExistingOpenTabs("about:crashcontent") + verifyExistingOpenTabs(secondWebPage.title) }.closeTabDrawer { }.goToHomescreen { verifyExistingTopSitesList() ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/Clipboard.java ===================================== @@ -11,6 +11,7 @@ import android.content.ClipboardManager.OnPrimaryClipChangedListener; import android.content.Context; import android.content.res.AssetFileDescriptor; import android.os.Build; +import android.os.PersistableBundle; import android.text.TextUtils; import android.util.Log; import java.io.ByteArrayOutputStream; @@ -133,8 +134,9 @@ public final class Clipboard { * @return true if copy is successful. */ @WrapForJNI(calledFrom = "gecko") - public static boolean setText(final Context context, final CharSequence text) { - return setData(context, ClipData.newPlainText("text", text)); + public static boolean setText( + final Context context, final CharSequence text, final boolean isPrivateData) { + return setData(context, ClipData.newPlainText("text", text), isPrivateData); } /** @@ -147,8 +149,11 @@ public final class Clipboard { */ @WrapForJNI(calledFrom = "gecko") private static boolean setHTML( - final Context context, final CharSequence text, final String htmlText) { - return setData(context, ClipData.newHtmlText("html", text, htmlText)); + final Context context, + final CharSequence text, + final String htmlText, + final boolean isPrivateData) { + return setData(context, ClipData.newHtmlText("html", text, htmlText), isPrivateData); } /** @@ -158,11 +163,17 @@ public final class Clipboard { * @param clipData a {@link android.content.ClipData} to set to clipboard * @return true if copy is successful. */ - private static boolean setData(final Context context, final ClipData clipData) { + private static boolean setData( + final Context context, final ClipData clipData, final boolean isPrivateData) { // In API Level 11 and above, CLIPBOARD_SERVICE returns android.content.ClipboardManager, // which is a subclass of android.text.ClipboardManager. final ClipboardManager cm = (ClipboardManager) context.getSystemService(Context.CLIPBOARD_SERVICE); + if (isPrivateData && Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) { + final PersistableBundle extras = new PersistableBundle(); + extras.putBoolean(ClipDescription.EXTRA_IS_SENSITIVE, true); + clipData.getDescription().setExtras(extras); + } try { cm.setPrimaryClip(clipData); } catch (final NullPointerException e) { @@ -228,7 +239,7 @@ public final class Clipboard { @WrapForJNI(calledFrom = "gecko") private static void clear(final Context context) { if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.P) { - setText(context, null); + setText(context, null, false); return; } // Although we don't know more details of https://crbug.com/1203377, Blink doesn't use ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoInputConnection.java ===================================== @@ -70,6 +70,7 @@ import org.mozilla.gecko.util.ThreadUtils; private ExtractedTextRequest mUpdateRequest; private final InputConnection mKeyInputConnection; private CursorAnchorInfo.Builder mCursorAnchorInfoBuilder; + private boolean mIsPrivateBrowsing; public static SessionTextInput.InputConnectionClient create( final GeckoSession session, @@ -208,12 +209,13 @@ import org.mozilla.gecko.util.ThreadUtils; // If selection is empty, we'll select everything if (selStart == selEnd) { // Fill the clipboard - Clipboard.setText(view.getContext(), editable); + Clipboard.setText(view.getContext(), editable, mIsPrivateBrowsing); editable.clear(); } else { Clipboard.setText( view.getContext(), - editable.subSequence(Math.min(selStart, selEnd), Math.max(selStart, selEnd))); + editable.subSequence(Math.min(selStart, selEnd), Math.max(selStart, selEnd)), + mIsPrivateBrowsing); editable.delete(selStart, selEnd); } break; @@ -231,7 +233,7 @@ import org.mozilla.gecko.util.ThreadUtils; : editable .toString() .substring(Math.min(selStart, selEnd), Math.max(selStart, selEnd)); - Clipboard.setText(view.getContext(), copiedText); + Clipboard.setText(view.getContext(), copiedText, mIsPrivateBrowsing); break; } return true; @@ -603,6 +605,9 @@ import org.mozilla.gecko.util.ThreadUtils; outAttrs.imeOptions |= EditorInfo.IME_FLAG_NO_EXTRACT_UI | EditorInfo.IME_FLAG_NO_FULLSCREEN; } + mIsPrivateBrowsing = + ((outAttrs.imeOptions & InputMethods.IME_FLAG_NO_PERSONALIZED_LEARNING) != 0); + if (DEBUG) { Log.d( LOGTAG, ===================================== toolkit/components/httpsonlyerror/content/errorpage.html ===================================== @@ -70,6 +70,16 @@ inert ></button> </div> + + <p id="explanation-iframe" hidden> + <span data-l10n-id="about-httpsonly-explanation-iframe"></span> + <a + id="mixedContentLearnMoreLink" + target="_blank" + data-l10n-id="about-httpsonly-link-learn-more" + ></a> + </p> + <div class="suggestion-box" hidden> <h2 data-l10n-id="about-httpsonly-suggestion-box-header"></h2> </div> ===================================== toolkit/components/httpsonlyerror/content/errorpage.js ===================================== @@ -29,28 +29,35 @@ function initPage() { document .getElementById("learnMoreLink") .setAttribute("href", baseSupportURL + "https-only-prefs"); + document + .getElementById("mixedContentLearnMoreLink") + .setAttribute("href", baseSupportURL + "mixed-content"); + + const isTopLevel = window.top == window; + if (!isTopLevel) { + for (const id of ["explanation-continue", "goBack", "openInsecure"]) { + document.getElementById(id).remove(); + } + document.getElementById("explanation-iframe").removeAttribute("hidden"); + return; + } document .getElementById("openInsecure") .addEventListener("click", onOpenInsecureButtonClick); + document + .getElementById("goBack") + .addEventListener("click", onReturnButtonClick); const delay = RPMGetIntPref("security.dialog_enable_delay", 1000); setTimeout(() => { document.getElementById("openInsecure").removeAttribute("inert"); }, delay); - if (window.top == window) { - document - .getElementById("goBack") - .addEventListener("click", onReturnButtonClick); - addAutofocus("#goBack", "beforeend"); - } else { - document.getElementById("goBack").remove(); - } + addAutofocus("#goBack", "beforeend"); - const isTopLevel = window.top == window; const hasWWWPrefix = pageUrl.href.startsWith("https://www."); - if (isTopLevel && !hasWWWPrefix) { + if (!hasWWWPrefix) { // HTTPS-Only generally simply replaces http: with https:; // here we additionally try to add www and see if that allows to upgrade the connection if it is top level ===================================== toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl ===================================== @@ -12,6 +12,7 @@ about-httpsonly-explanation-question = What could be causing this? about-httpsonly-explanation-nosupport = Most likely, the website simply does not support HTTPS. about-httpsonly-explanation-risk = It’s also possible that an attacker is involved. If you decide to visit the website, you should not enter any sensitive information like passwords, emails, or credit card details. about-httpsonly-explanation-continue = If you continue, HTTPS-Only Mode will be turned off temporarily for this site. +about-httpsonly-explanation-iframe = Due to mixed content blocking, it is not possible to manually allow this frame to load. about-httpsonly-button-continue-to-site = Continue to HTTP Site about-httpsonly-button-go-back = Go Back ===================================== widget/android/nsClipboard.cpp ===================================== @@ -92,14 +92,16 @@ nsClipboard::SetNativeClipboardData(nsITransferable* aTransferable, return rv; } + bool isPrivate = aTransferable->GetIsPrivateData(); + if (!html.IsEmpty() && java::Clipboard::SetHTML(java::GeckoAppShell::GetApplicationContext(), - text, html)) { + text, html, isPrivate)) { return NS_OK; } if (!text.IsEmpty() && java::Clipboard::SetText(java::GeckoAppShell::GetApplicationContext(), - text)) { + text, isPrivate)) { return NS_OK; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/95… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/95… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-128.5.0esr-14.5-1-build1
by morgan (＠morgan) 25 Nov '24

25 Nov '24

morgan pushed new tag mullvad-browser-128.5.0esr-14.5-1-build1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.5.0esr-14.5-1] 4 commits: Bug 1836921 - Improve dialogs a=dmeehan
by morgan (＠morgan) 25 Nov '24

25 Nov '24

morgan pushed to branch tor-browser-128.5.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 358d6dd2 by Arturo Mejia at 2024-11-25T21:56:15+00:00 Bug 1836921 - Improve dialogs a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D226961 Differential Revision: https://phabricator.services.mozilla.com/D228842 - - - - - 7ed8bc91 by Malte Juergens at 2024-11-25T21:56:15+00:00 Bug 1909396 - Remove HTTPS-Only exception button in iframes r=freddyb,fluent-reviewers Rationale for this can be read in Bug 1909396, but the main reason is that the iframe will get blocked regardless by mixed content blocking. Differential Revision: https://phabricator.services.mozilla.com/D220257 - - - - - fe4186b7 by Makoto Kato at 2024-11-25T21:56:15+00:00 Bug 1776646 - Support EXTRA_IS_SENSITIVE for clipboard. r=geckoview-reviewers,owlish When nsITransferable.isPrivateData is true, such as coping password or private mode, we should set EXTRA_IS_SENSITIVE to ClipData. AndroidJunit test runner doesn't often get `ClipDescription.extras` from clipboard service in test runner. So we cannot write a unit test using AndroidJUnit test runner. Differential Revision: https://phabricator.services.mozilla.com/D225326 - - - - - 38bb69b8 by Cathy Lu at 2024-11-25T21:56:16+00:00 Bug 1914797 - Part 1 + 2 + partial backout (details below) Bug 1914797 - Part 1 - Revert bug 1868469 r=android-reviewers,jonalmeida, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D226431 Bug 1914797 - Part 2 - Add url change during onPageStart for slow loading sites r=android-reviewers,jonalmeida, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D226432 Backed out 1 changesets (bug 1914797) for causing Bug 1929028 Backed out changeset a79554879d7b (bug 1914797) - - - - - 16 changed files: - dom/ipc/WindowGlobalParent.cpp - dom/security/test/https-only/browser.toml - + dom/security/test/https-only/browser_iframe_buttons.js - + dom/security/test/https-only/file_iframe_buttons.html - mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragment.kt - mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragmentTest.kt - mobile/android/android-components/components/feature/session/src/main/java/mozilla/components/feature/session/SessionUseCases.kt - mobile/android/android-components/components/feature/session/src/test/java/mozilla/components/feature/session/SessionUseCasesTest.kt - mobile/android/android-components/docs/changelog.md - mobile/android/fenix/app/src/androidTest/java/org/mozilla/fenix/ui/CrashReportingTest.kt - mobile/android/geckoview/src/main/java/org/mozilla/gecko/Clipboard.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoInputConnection.java - toolkit/components/httpsonlyerror/content/errorpage.html - toolkit/components/httpsonlyerror/content/errorpage.js - toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl - widget/android/nsClipboard.cpp Changes: ===================================== dom/ipc/WindowGlobalParent.cpp ===================================== @@ -1378,18 +1378,11 @@ mozilla::ipc::IPCResult WindowGlobalParent::RecvReloadWithHttpsOnlyException() { return IPC_FAIL(this, "HTTPS-only mode: Illegal state"); } - // If the error page is within an iFrame, we create an exception for whatever - // scheme the top-level site is currently on, because the user wants to - // unbreak the iFrame and not the top-level page. When the error page shows up - // on a top-level request, then we replace the scheme with http, because the - // user wants to unbreak the whole page. + // We replace the scheme with http, because the user wants to unbreak the + // whole page. nsCOMPtr<nsIURI> newURI; - if (!BrowsingContext()->IsTop()) { - newURI = innerURI; - } else { - Unused << NS_MutateURI(innerURI).SetScheme("http"_ns).Finalize( - getter_AddRefs(newURI)); - } + Unused << NS_MutateURI(innerURI).SetScheme("http"_ns).Finalize( + getter_AddRefs(newURI)); OriginAttributes originAttributes = TopWindowContext()->DocumentPrincipal()->OriginAttributesRef(); ===================================== dom/security/test/https-only/browser.toml ===================================== @@ -29,6 +29,9 @@ support-files = [ ["browser_httpsonly_speculative_connect.js"] support-files = ["file_httpsonly_speculative_connect.html"] +["browser_iframe_buttons.js"] +support-files = ["file_iframe_buttons.html"] + ["browser_iframe_test.js"] skip-if = [ "os == 'linux' && bits == 64", # Bug 1735565 ===================================== dom/security/test/https-only/browser_iframe_buttons.js ===================================== @@ -0,0 +1,50 @@ +/* Any copyright is dedicated to the Public Domain. + https://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +// Ensure the buttons at the buttom of the HTTPS-Only error page do not get +// displayed in an iframe (Bug 1909396). + +add_task(async function test_iframe_buttons() { + await BrowserTestUtils.withNewTab( + "https://example.com/browser/dom/security/test/https-only/file_iframe_button…", + async function (browser) { + await SpecialPowers.pushPrefEnv({ + set: [["dom.security.https_only_mode", true]], + }); + + await SpecialPowers.spawn(browser, [], async function () { + const iframe = content.document.getElementById("iframe"); + // eslint-disable-next-line @microsoft/sdl/no-insecure-url + iframe.src = "http://nocert.example.com"; + + await ContentTaskUtils.waitForCondition( + () => iframe.contentWindow.document.readyState === "interactive", + "Iframe error page should have loaded" + ); + + ok( + !!iframe.contentWindow.document.getElementById("explanation-iframe"), + "#explanation-iframe should exist" + ); + + is( + iframe.contentWindow.document + .getElementById("explanation-iframe") + .getAttribute("hidden"), + null, + "#explanation-iframe should not be hidden" + ); + + for (const id of ["explanation-continue", "goBack", "openInsecure"]) { + is( + iframe.contentWindow.document.getElementById(id), + null, + `#${id} should have been removed` + ); + } + }); + } + ); +}); ===================================== dom/security/test/https-only/file_iframe_buttons.html ===================================== @@ -0,0 +1,9 @@ +<!DOCTYPE html> +<html lang="en"> +<head> + <meta charset="UTF-8"> +</head> +<body> + <iframe id="iframe" frameborder="0"></iframe> +</body> +</html> ===================================== mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragment.kt ===================================== @@ -11,6 +11,7 @@ import androidx.annotation.StringRes import androidx.annotation.StyleRes import androidx.annotation.VisibleForTesting import androidx.appcompat.app.AlertDialog +import mozilla.components.support.ktx.util.PromptAbuserDetector import mozilla.components.ui.widgets.withCenterAlignedButtons /** @@ -23,6 +24,10 @@ import mozilla.components.ui.widgets.withCenterAlignedButtons */ class SimpleRedirectDialogFragment : RedirectDialogFragment() { + @VisibleForTesting + internal var promptAbuserDetector = + PromptAbuserDetector(maxSuccessiveDialogSecondsLimit = TIME_SHOWN_OFFSET_SECONDS) + @VisibleForTesting internal var testingContext: Context? = null @@ -32,6 +37,8 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { return if (themeID == 0) AlertDialog.Builder(context) else AlertDialog.Builder(context, themeID) } + promptAbuserDetector.updateJSDialogAbusedState() + return with(requireBundle()) { val dialogTitleText = getInt(KEY_TITLE_TEXT, R.string.mozac_feature_applinks_normal_confirm_dialog_title) val dialogMessageString = getString(KEY_MESSAGE_STRING, "") @@ -40,18 +47,29 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { val themeResId = getInt(KEY_THEME_ID, 0) val cancelable = getBoolean(KEY_CANCELABLE, false) - getBuilder(themeResId) + val dialog = getBuilder(themeResId) .setTitle(dialogTitleText) .setMessage(dialogMessageString) - .setPositiveButton(positiveButtonText) { _, _ -> - onConfirmRedirect() - } + .setPositiveButton(positiveButtonText) { _, _ -> } .setNegativeButton(negativeButtonText) { _, _ -> onCancelRedirect() } .setCancelable(cancelable) .create() - .withCenterAlignedButtons() + + dialog.withCenterAlignedButtons() + dialog.setOnShowListener { + val okButton = dialog.getButton(AlertDialog.BUTTON_POSITIVE) + okButton.setOnClickListener { + if (promptAbuserDetector.areDialogsBeingAbused()) { + promptAbuserDetector.updateJSDialogAbusedState() + } else { + onConfirmRedirect() + dialog.dismiss() + } + } + } + dialog } } @@ -101,6 +119,7 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { const val KEY_THEME_ID = "KEY_THEME_ID" const val KEY_CANCELABLE = "KEY_CANCELABLE" + private const val TIME_SHOWN_OFFSET_SECONDS = 1 } private fun requireBundle(): Bundle { ===================================== mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragmentTest.kt ===================================== @@ -13,6 +13,7 @@ import mozilla.components.support.test.mock import mozilla.components.support.test.robolectric.testContext import org.junit.Assert.assertFalse import org.junit.Assert.assertTrue +import org.junit.Ignore import org.junit.Test import org.junit.runner.RunWith import org.mockito.Mockito.doNothing @@ -27,6 +28,7 @@ class SimpleRedirectDialogFragmentTest { private val themeResId = appcompatR.style.Theme_AppCompat_Light @Test + @Ignore("This will be addressed in another follow up ticket") fun `Dialog confirmed callback is called correctly`() { var onConfirmCalled = false var onCancelCalled = false @@ -104,6 +106,7 @@ class SimpleRedirectDialogFragmentTest { assertFalse(onCancelCalled) } + @Suppress("unused") private fun mockFragmentManager(): FragmentManager { val fragmentManager: FragmentManager = mock() val transaction: FragmentTransaction = mock() ===================================== mobile/android/android-components/components/feature/session/src/main/java/mozilla/components/feature/session/SessionUseCases.kt ===================================== @@ -4,7 +4,6 @@ package mozilla.components.feature.session -import mozilla.components.browser.state.action.ContentAction import mozilla.components.browser.state.action.CrashAction import mozilla.components.browser.state.action.EngineAction import mozilla.components.browser.state.action.LastAccessAction @@ -94,13 +93,6 @@ class SessionUseCases( flags = flags, additionalHeaders = additionalHeaders, ) - // Update the url in content immediately until the engine updates with any new changes to the state. - store.dispatch( - ContentAction.UpdateUrlAction( - loadSessionId, - url, - ), - ) store.dispatch( EngineAction.OptimizedLoadUrlTriggeredAction( loadSessionId, ===================================== mobile/android/android-components/components/feature/session/src/test/java/mozilla/components/feature/session/SessionUseCasesTest.kt ===================================== @@ -11,7 +11,6 @@ import mozilla.components.browser.state.action.EngineAction import mozilla.components.browser.state.action.TabListAction import mozilla.components.browser.state.engine.EngineMiddleware import mozilla.components.browser.state.selector.findTab -import mozilla.components.browser.state.selector.selectedTab import mozilla.components.browser.state.state.BrowserState import mozilla.components.browser.state.state.TabSessionState import mozilla.components.browser.state.state.createCustomTab @@ -81,7 +80,6 @@ class SessionUseCasesTest { assertEquals("mozilla", action.tabId) assertEquals("https://getpocket.com", action.url) } - assertEquals("https://getpocket.com", store.state.selectedTab?.content?.url) useCases.loadUrl("https://www.mozilla.org", LoadUrlFlags.select(LoadUrlFlags.EXTERNAL)) store.waitUntilIdle() @@ -95,7 +93,6 @@ class SessionUseCasesTest { assertEquals("https://www.mozilla.org", action.url) assertEquals(LoadUrlFlags.select(LoadUrlFlags.EXTERNAL), action.flags) } - assertEquals("https://www.mozilla.org", store.state.selectedTab?.content?.url) useCases.loadUrl("https://firefox.com", store.state.selectedTabId) store.waitUntilIdle() @@ -105,7 +102,6 @@ class SessionUseCasesTest { assertEquals("mozilla", action.tabId) assertEquals("https://firefox.com", action.url) } - assertEquals("https://firefox.com", store.state.selectedTab?.content?.url) useCases.loadUrl.invoke( "https://developer.mozilla.org", ===================================== mobile/android/android-components/docs/changelog.md ===================================== @@ -109,9 +109,6 @@ permalink: /changelog/ * **feature-customtabs** * Fallback behaviour when failing to open a new window in custom tab will now be loading the URL directly in the same custom tab. [Bug 1832357](https://bugzilla.mozilla.org/show_bug.cgi?id=1832357) -* **feature-session** - * Update URL in the store immediately when using the optimized load URL code path. - * **tooling-lint** * Added a lint rule to detect when `Response#close` may not have been called. Note: Currently, this rule only runs on Android Components. ===================================== mobile/android/fenix/app/src/androidTest/java/org/mozilla/fenix/ui/CrashReportingTest.kt ===================================== @@ -83,7 +83,7 @@ class CrashReportingTest : TestSetup() { verifyPageContent(tabCrashMessage) }.openTabDrawer(activityTestRule) { verifyExistingOpenTabs(firstWebPage.title) - verifyExistingOpenTabs("about:crashcontent") + verifyExistingOpenTabs(secondWebPage.title) }.closeTabDrawer { }.goToHomescreen { verifyExistingTopSitesList() ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/Clipboard.java ===================================== @@ -11,6 +11,7 @@ import android.content.ClipboardManager.OnPrimaryClipChangedListener; import android.content.Context; import android.content.res.AssetFileDescriptor; import android.os.Build; +import android.os.PersistableBundle; import android.text.TextUtils; import android.util.Log; import java.io.ByteArrayOutputStream; @@ -133,8 +134,9 @@ public final class Clipboard { * @return true if copy is successful. */ @WrapForJNI(calledFrom = "gecko") - public static boolean setText(final Context context, final CharSequence text) { - return setData(context, ClipData.newPlainText("text", text)); + public static boolean setText( + final Context context, final CharSequence text, final boolean isPrivateData) { + return setData(context, ClipData.newPlainText("text", text), isPrivateData); } /** @@ -147,8 +149,11 @@ public final class Clipboard { */ @WrapForJNI(calledFrom = "gecko") private static boolean setHTML( - final Context context, final CharSequence text, final String htmlText) { - return setData(context, ClipData.newHtmlText("html", text, htmlText)); + final Context context, + final CharSequence text, + final String htmlText, + final boolean isPrivateData) { + return setData(context, ClipData.newHtmlText("html", text, htmlText), isPrivateData); } /** @@ -158,11 +163,17 @@ public final class Clipboard { * @param clipData a {@link android.content.ClipData} to set to clipboard * @return true if copy is successful. */ - private static boolean setData(final Context context, final ClipData clipData) { + private static boolean setData( + final Context context, final ClipData clipData, final boolean isPrivateData) { // In API Level 11 and above, CLIPBOARD_SERVICE returns android.content.ClipboardManager, // which is a subclass of android.text.ClipboardManager. final ClipboardManager cm = (ClipboardManager) context.getSystemService(Context.CLIPBOARD_SERVICE); + if (isPrivateData && Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) { + final PersistableBundle extras = new PersistableBundle(); + extras.putBoolean(ClipDescription.EXTRA_IS_SENSITIVE, true); + clipData.getDescription().setExtras(extras); + } try { cm.setPrimaryClip(clipData); } catch (final NullPointerException e) { @@ -228,7 +239,7 @@ public final class Clipboard { @WrapForJNI(calledFrom = "gecko") private static void clear(final Context context) { if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.P) { - setText(context, null); + setText(context, null, false); return; } // Although we don't know more details of https://crbug.com/1203377, Blink doesn't use ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoInputConnection.java ===================================== @@ -70,6 +70,7 @@ import org.mozilla.gecko.util.ThreadUtils; private ExtractedTextRequest mUpdateRequest; private final InputConnection mKeyInputConnection; private CursorAnchorInfo.Builder mCursorAnchorInfoBuilder; + private boolean mIsPrivateBrowsing; public static SessionTextInput.InputConnectionClient create( final GeckoSession session, @@ -208,12 +209,13 @@ import org.mozilla.gecko.util.ThreadUtils; // If selection is empty, we'll select everything if (selStart == selEnd) { // Fill the clipboard - Clipboard.setText(view.getContext(), editable); + Clipboard.setText(view.getContext(), editable, mIsPrivateBrowsing); editable.clear(); } else { Clipboard.setText( view.getContext(), - editable.subSequence(Math.min(selStart, selEnd), Math.max(selStart, selEnd))); + editable.subSequence(Math.min(selStart, selEnd), Math.max(selStart, selEnd)), + mIsPrivateBrowsing); editable.delete(selStart, selEnd); } break; @@ -231,7 +233,7 @@ import org.mozilla.gecko.util.ThreadUtils; : editable .toString() .substring(Math.min(selStart, selEnd), Math.max(selStart, selEnd)); - Clipboard.setText(view.getContext(), copiedText); + Clipboard.setText(view.getContext(), copiedText, mIsPrivateBrowsing); break; } return true; @@ -603,6 +605,9 @@ import org.mozilla.gecko.util.ThreadUtils; outAttrs.imeOptions |= EditorInfo.IME_FLAG_NO_EXTRACT_UI | EditorInfo.IME_FLAG_NO_FULLSCREEN; } + mIsPrivateBrowsing = + ((outAttrs.imeOptions & InputMethods.IME_FLAG_NO_PERSONALIZED_LEARNING) != 0); + if (DEBUG) { Log.d( LOGTAG, ===================================== toolkit/components/httpsonlyerror/content/errorpage.html ===================================== @@ -70,6 +70,16 @@ inert ></button> </div> + + <p id="explanation-iframe" hidden> + <span data-l10n-id="about-httpsonly-explanation-iframe"></span> + <a + id="mixedContentLearnMoreLink" + target="_blank" + data-l10n-id="about-httpsonly-link-learn-more" + ></a> + </p> + <div class="suggestion-box" hidden> <h2 data-l10n-id="about-httpsonly-suggestion-box-header"></h2> </div> ===================================== toolkit/components/httpsonlyerror/content/errorpage.js ===================================== @@ -29,28 +29,35 @@ function initPage() { document .getElementById("learnMoreLink") .setAttribute("href", baseSupportURL + "https-only-prefs"); + document + .getElementById("mixedContentLearnMoreLink") + .setAttribute("href", baseSupportURL + "mixed-content"); + + const isTopLevel = window.top == window; + if (!isTopLevel) { + for (const id of ["explanation-continue", "goBack", "openInsecure"]) { + document.getElementById(id).remove(); + } + document.getElementById("explanation-iframe").removeAttribute("hidden"); + return; + } document .getElementById("openInsecure") .addEventListener("click", onOpenInsecureButtonClick); + document + .getElementById("goBack") + .addEventListener("click", onReturnButtonClick); const delay = RPMGetIntPref("security.dialog_enable_delay", 1000); setTimeout(() => { document.getElementById("openInsecure").removeAttribute("inert"); }, delay); - if (window.top == window) { - document - .getElementById("goBack") - .addEventListener("click", onReturnButtonClick); - addAutofocus("#goBack", "beforeend"); - } else { - document.getElementById("goBack").remove(); - } + addAutofocus("#goBack", "beforeend"); - const isTopLevel = window.top == window; const hasWWWPrefix = pageUrl.href.startsWith("https://www."); - if (isTopLevel && !hasWWWPrefix) { + if (!hasWWWPrefix) { // HTTPS-Only generally simply replaces http: with https:; // here we additionally try to add www and see if that allows to upgrade the connection if it is top level ===================================== toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl ===================================== @@ -12,6 +12,7 @@ about-httpsonly-explanation-question = What could be causing this? about-httpsonly-explanation-nosupport = Most likely, the website simply does not support HTTPS. about-httpsonly-explanation-risk = It’s also possible that an attacker is involved. If you decide to visit the website, you should not enter any sensitive information like passwords, emails, or credit card details. about-httpsonly-explanation-continue = If you continue, HTTPS-Only Mode will be turned off temporarily for this site. +about-httpsonly-explanation-iframe = Due to mixed content blocking, it is not possible to manually allow this frame to load. about-httpsonly-button-continue-to-site = Continue to HTTP Site about-httpsonly-button-go-back = Go Back ===================================== widget/android/nsClipboard.cpp ===================================== @@ -92,14 +92,16 @@ nsClipboard::SetNativeClipboardData(nsITransferable* aTransferable, return rv; } + bool isPrivate = aTransferable->GetIsPrivateData(); + if (!html.IsEmpty() && java::Clipboard::SetHTML(java::GeckoAppShell::GetApplicationContext(), - text, html)) { + text, html, isPrivate)) { return NS_OK; } if (!text.IsEmpty() && java::Clipboard::SetText(java::GeckoAppShell::GetApplicationContext(), - text)) { + text, isPrivate)) { return NS_OK; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/245cd2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/245cd2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.5.0esr-14.5-1] 22 commits: MB 38: Mullvad Browser configuration
by morgan (＠morgan) 25 Nov '24

25 Nov '24

morgan pushed to branch mullvad-browser-128.5.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 1c24a491 by Pier Angelo Vendrame at 2024-11-21T11:12:58+01:00 MB 38: Mullvad Browser configuration - - - - - 1db84436 by Pier Angelo Vendrame at 2024-11-21T11:13:00+01:00 MB 1: Mullvad Browser branding See also: mullvad-browser#5: Product name and directory customization mullvad-browser#12: Create new branding directories and integrate Mullvad icons+branding mullvad-browser#14: Remove Default Built-in bookmarks mullvad-browser#35: Add custom PDF icons for Windows builds mullvad-browser#48: Replace Mozilla copyright and legal trademarks in mullvadbrowser.exe metadata mullvad-browser#51: Update trademark string mullvad-browser#104: Update shipped dll metadata copyright/licensing info mullvad-browser#107: Add alpha and nightly icons - - - - - 71771d68 by Henry Wilkes at 2024-11-21T11:13:01+01:00 Mullvad Browser strings This commit adds strings needed by the following Mullvad Browser patches. - - - - - 7ea0ec40 by Pier Angelo Vendrame at 2024-11-21T11:13:01+01:00 MB 20: Allow packaged-addons in PBM. We install a few addons from the distribution directory, but they are not automatically enabled for PBM mode. This commit modifies the code that installs them to also add the PBM permission to the known ones. - - - - - 895aa081 by Pier Angelo Vendrame at 2024-11-21T11:13:01+01:00 MB 63: Customize some about pages for Mullvad Browser Also: mullvad-browser#57: Purge unneeded about: pages - - - - - a8e3cee0 by Pier Angelo Vendrame at 2024-11-21T11:13:02+01:00 MB 37: Customization for the about dialog - - - - - b1904491 by Henry Wilkes at 2024-11-21T11:13:02+01:00 MB 39: Add home page about:mullvad-browser - - - - - 8eea3f27 by hackademix at 2024-11-21T11:13:02+01:00 MB 97: Remove UI cues to install new extensions. - - - - - 56b4fc9a by hackademix at 2024-11-21T11:13:03+01:00 MB 47: uBlock Origin customization - - - - - 5f7fc9d0 by Pier Angelo Vendrame at 2024-11-21T11:13:03+01:00 MB 21: Disable the password manager This commit disables the about:login page and removes the "Login and Password" section of about:preferences. We do not do anything to the real password manager of Firefox, that is in toolkit: it contains C++ parts that make it difficult to actually prevent it from being built.. Finally, we modify the the function that opens about:login to report an error in the console so that we can quickly get a backtrace to the code that tries to use it. - - - - - 1c510e57 by Pier Angelo Vendrame at 2024-11-21T11:13:03+01:00 MB 112: Updater customization for Mullvad Browser MB 71: Set the updater base URL to Mullvad domain - - - - - a302aec8 by Nicolas Vigier at 2024-11-21T11:13:04+01:00 MB 79: Add Mullvad Browser MAR signing keys MB 256: Add mullvad-browser nightly mar signing key - - - - - d08d3247 by Pier Angelo Vendrame at 2024-11-21T11:13:04+01:00 MB 34: Hide unsafe and unwanted preferences UI about:preferences allow to override some of our defaults, that could be fingeprintable or have some other unwanted consequences. - - - - - 33696eaf by Pier Angelo Vendrame at 2024-11-21T11:13:04+01:00 MB 160: Disable the cookie exceptions button Besides disabling the "Delete on close checkbox", disable also the "Manage Exceptions" button when always using PBM. - - - - - 959cff07 by hackademix at 2024-11-21T11:13:05+01:00 MB 163: prevent uBlock Origin from being uninstalled/disabled - - - - - 8c7e88b1 by Richard Pospesel at 2024-11-21T11:13:05+01:00 MB 188: Customize Gitlab Issue and Merge templates - - - - - d863f145 by rui hildt at 2024-11-21T11:13:05+01:00 MB 213: Customize the search engines list MB 328: Refactor the search engine patch. Upstream switched to a completely different search engine configuration between ESR 115 and ESR 128. We moved our configuration to a couple of JSON files that do not follow upstream's schemas, as they are overcomplicated for our needs. Also, we keep the old search engine extensions for now, as upstream also kept them, and planned of removing them with Bug 1885953. - - - - - 1bbadcc4 by hackademix at 2024-11-21T11:13:06+01:00 MB 214: Enable cross-tab identity leak protection in "quiet" mode - - - - - eb45a376 by Pier Angelo Vendrame at 2024-11-21T11:13:06+01:00 MB 80: Enable Mullvad Browser as a default browser - - - - - 5123b99a by Pier Angelo Vendrame at 2024-11-21T11:13:06+01:00 MB 320: Temporarily disable WebRTC and WDBA on Windows. WebRTC should be re-enabled when tor-browser#42758 is resolved, and and the default browser agent when in general we make this feature work again. - - - - - 0381b683 by june wilde at 2024-11-21T11:13:07+01:00 fixup! MB 320: Temporarily disable WebRTC and WDBA on Windows. - - - - - 952571f5 by Henry Wilkes at 2024-11-21T11:13:07+01:00 MB 329: Customize toolbar for mullvad-browser. - - - - - 30 changed files: - .gitlab/issue_templates/Emergency Security Issue.md - + .gitlab/issue_templates/Rebase Browser - Alpha.md - + .gitlab/issue_templates/Rebase Browser - Stable.md - .gitlab/merge_request_templates/default.md - browser/app/Makefile.in - browser/app/macbuild/Contents/Info.plist.in - browser/app/module.ver - browser/app/firefox.exe.manifest → browser/app/mullvadbrowser.exe.manifest - + browser/app/profile/000-mullvad-browser.js - browser/app/profile/001-base-profile.js - browser/base/content/aboutDialog.xhtml - browser/base/content/appmenu-viewcache.inc.xhtml - browser/base/content/browser-menubar.inc - browser/base/content/browser-places.js - browser/base/content/browser.js - browser/base/content/default-bookmarks.html - browser/base/content/nsContextMenu.js - browser/base/content/overrides/app-license.html - browser/base/content/pageinfo/pageInfo.xhtml - browser/base/content/utilityOverlay.js - browser/branding/branding-common.mozbuild - + browser/branding/mb-alpha/VisualElements_150.png - + browser/branding/mb-alpha/VisualElements_70.png - + browser/branding/mb-alpha/configure.sh - + browser/branding/mb-alpha/content/about-logo.png - + browser/branding/mb-alpha/content/about-logo.svg - + browser/branding/mb-alpha/content/about-logo(a)2x.png - + browser/branding/mb-alpha/content/about-wordmark.svg - + browser/branding/mb-alpha/content/about.png - + browser/branding/mb-alpha/content/aboutDialog.css The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/37… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/37… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41321: Updated PieroV's PGP key.
by Pier Angelo Vendrame (＠pierov) 25 Nov '24

25 Nov '24

Pier Angelo Vendrame pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 745d0e32 by Pier Angelo Vendrame at 2024-11-25T17:56:27+01:00 Bug 41321: Updated PieroV's PGP key. - - - - - 1 changed file: - keyring/pierov.gpg Changes: ===================================== keyring/pierov.gpg ===================================== Binary files a/keyring/pierov.gpg and b/keyring/pierov.gpg differ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41321: Updated PieroV's PGP key.
by Pier Angelo Vendrame (＠pierov) 25 Nov '24

25 Nov '24

Pier Angelo Vendrame pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: 1a1d68a7 by Pier Angelo Vendrame at 2024-11-25T17:56:01+01:00 Bug 41321: Updated PieroV's PGP key. - - - - - 1 changed file: - keyring/pierov.gpg Changes: ===================================== keyring/pierov.gpg ===================================== Binary files a/keyring/pierov.gpg and b/keyring/pierov.gpg differ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41321: Updated PieroV's PGP key.
by Pier Angelo Vendrame (＠pierov) 25 Nov '24

25 Nov '24

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 51bbc19b by Pier Angelo Vendrame at 2024-11-25T17:54:46+01:00 Bug 41321: Updated PieroV's PGP key. - - - - - 1 changed file: - keyring/pierov.gpg Changes: ===================================== keyring/pierov.gpg ===================================== Binary files a/keyring/pierov.gpg and b/keyring/pierov.gpg differ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag mb-14.0.3-build1
by morgan (＠morgan) 25 Nov '24

25 Nov '24

morgan pushed new tag mb-14.0.3-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/mb-… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-14.0.3-build1
by morgan (＠morgan) 25 Nov '24

25 Nov '24

morgan pushed new tag tbb-14.0.3-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41301, 41302: Prepare Tor+Mullvad Browser 14.0.3
by morgan (＠morgan) 25 Nov '24

25 Nov '24

morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: b512d066 by Morgan at 2024-11-25T15:48:43+00:00 Bug 41301, 41302: Prepare Tor+Mullvad Browser 14.0.3 - - - - - 7 changed files: - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/config - projects/firefox/config - projects/geckoview/config - projects/translation/config - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -1,3 +1,18 @@ +Mullvad Browser 14.0.3 - November 25 2024 + * All Platforms + * Updated Firefox to 128.5.0esr + * Updated uBlock Origin to 1.61.0 + * Bug 382: Rebase Mullvad Browser stable onto Firefox 128.5.0esr [mullvad-browser] + * Bug 43313: Backport security fixes from Firefox 133 [tor-browser] + * macOS + * Bug 43165: Disable Microsoft SSO on macOS [MozBug 1768724] [tor-browser] + * Build System + * All Platforms + * Bug 40996: Do not version the .nobackup files [tor-browser-build] + * Bug 41284: Update relprep.py script to not synchronise changelogs between channels [tor-browser-build] + * Bug 41300: Add bea, clairehurst, and jwilde to tb_builders [tor-browser-build] + * Bug 41315: Fix the Mullvad Extension update in relprep.py [tor-browser-build] + Mullvad Browser 14.0 - November 13 2024 * All Platforms * Updated Firefox to 128.4.0esr ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,20 @@ +Tor Browser 14.0.3 - November 25 2024 + * All Platforms + * Bug 43306: Rebase Tor Browser Stable onto 128.5.0esr [tor-browser] + * Bug 43313: Backport security fixes from Firefox 133 [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 128.5.0esr + * macOS + * Bug 43165: Disable Microsoft SSO on macOS [MozBug 1768724] [tor-browser] + * Android + * Updated GeckoView to 128.5.0esr + * Build System + * All Platforms + * Updated Go to 1.22.9 + * Bug 40996: Do not version the .nobackup files [tor-browser-build] + * Bug 41284: Update relprep.py script to not synchronise changelogs between channels [tor-browser-build] + * Bug 41300: Add bea, clairehurst, and jwilde to tb_builders [tor-browser-build] + Tor Browser 14.0.2 - November 12 2024 * All Platforms * Updated NoScript to 11.5.2 ===================================== projects/browser/config ===================================== @@ -111,9 +111,9 @@ input_files: - URL: https://addons.mozilla.org/firefox/downloads/file/4379558/noscript-11.5.2.x… name: noscript sha256sum: 460aaa6484bf8422415dfe08260e8536866e3731ed5b8b7913cf4b7b1333493a - - URL: https://addons.mozilla.org/firefox/downloads/file/4359936/ublock_origin-1.6… + - URL: https://addons.mozilla.org/firefox/downloads/file/4382536/ublock_origin-1.6… name: ublock-origin - sha256sum: e2cda9b2a1b0a7f6e5ef0da9f87f28df52f8560587ba2e51a3003121cfb81600 + sha256sum: e6fd55b799a568c66c10892a8f22428e6773fe16d7466ce9dee2952f224b203d enable: '[% c("var/mullvad-browser") %]' - URL: https://cdn.mullvad.net/browser-extension/0.9.3/mullvad-browser-extension-0… name: mullvad-extension ===================================== projects/firefox/config ===================================== @@ -14,12 +14,12 @@ container: use_container: 1 var: - firefox_platform_version: '128.4.0' + firefox_platform_version: '128.5.0' firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '14.0' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 3 + browser_build: 2 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' @@ -107,8 +107,6 @@ targets: gitlab_project: https://gitlab.torproject.org/tpo/applications/mullvad-browser updater_url: 'https://cdn.mullvad.net/browser/update_responses/update_1/' nightly_updates_publish_dir_prefix: mullvadbrowser- - browser_build: 2 - linux-x86_64: var: arch_deps: ===================================== projects/geckoview/config ===================================== @@ -16,12 +16,12 @@ container: build_apk: 1 var: - firefox_platform_version: '128.4.0' + firefox_platform_version: '128.5.0' geckoview_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '14.0' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 3 + browser_build: 2 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: 5a074e0814015db3c2edbf63ff8e9d1f552900aa + git_hash: caa431bbea1a76d7ad61eeda94086a1513762605 targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: 7276d3d2ad0319c3d3762047226da7ee104d1d42 + git_hash: 4314d0a7ce780ffdf82b84e324bfbc437198f993 targets: nightly: git_hash: 'tor-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: f7a877d66205f33e3cf33e717384b504a374039e + git_hash: 4c8637121e71699d2432069ad56a30ff77116000 compress_tar: 'zst' targets: nightly: ===================================== rbm.conf ===================================== @@ -73,20 +73,20 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '[% IF c("var/tor-browser") %]14.0.2[% ELSE %]14.0[% END %]' - torbrowser_build: 'build2' + torbrowser_version: '14.0.3' + torbrowser_build: 'build1' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. - browser_release_date: '2024/11/12 20:16:21' + browser_release_date: '2024/11/25 15:42:04' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: + - '[% IF c("var/tor-browser") %]14.0.2[% END %]' - '[% IF c("var/tor-browser") %]14.0.1[% END %]' - - '[% IF c("var/tor-browser") %]14.0[% END %]' + - '14.0' - '[% IF c("var/mullvad-browser") %]13.5.9[% END %]' - - '13.5.7' - - '[% IF c("var/mullvad-browser") %]13.5.6[% END %]' + - '[% IF c("var/mullvad-browser") %]13.5.7[% END %]' mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' torbrowser_legacy_version: 13.5.9 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.5.0esr-14.0-1] 4 commits: Bug 1836921 - Improve dialogs a=dmeehan
by ma1 (＠ma1) 25 Nov '24

25 Nov '24

ma1 pushed to branch base-browser-128.5.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 5b511dd7 by Arturo Mejia at 2024-11-25T15:23:58+01:00 Bug 1836921 - Improve dialogs a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D226961 Differential Revision: https://phabricator.services.mozilla.com/D228842 - - - - - 776b61f5 by Malte Juergens at 2024-11-25T15:24:00+01:00 Bug 1909396 - Remove HTTPS-Only exception button in iframes r=freddyb,fluent-reviewers Rationale for this can be read in Bug 1909396, but the main reason is that the iframe will get blocked regardless by mixed content blocking. Differential Revision: https://phabricator.services.mozilla.com/D220257 - - - - - 927d61a7 by Makoto Kato at 2024-11-25T15:24:02+01:00 Bug 1776646 - Support EXTRA_IS_SENSITIVE for clipboard. r=geckoview-reviewers,owlish When nsITransferable.isPrivateData is true, such as coping password or private mode, we should set EXTRA_IS_SENSITIVE to ClipData. AndroidJunit test runner doesn't often get `ClipDescription.extras` from clipboard service in test runner. So we cannot write a unit test using AndroidJUnit test runner. Differential Revision: https://phabricator.services.mozilla.com/D225326 - - - - - cabb4f40 by Cathy Lu at 2024-11-25T15:24:04+01:00 Bug 1914797 - Part 1 + 2 + partial backout (details below) Bug 1914797 - Part 1 - Revert bug 1868469 r=android-reviewers,jonalmeida, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D226431 Bug 1914797 - Part 2 - Add url change during onPageStart for slow loading sites r=android-reviewers,jonalmeida, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D226432 Backed out 1 changesets (bug 1914797) for causing Bug 1929028 Backed out changeset a79554879d7b (bug 1914797) - - - - - 16 changed files: - dom/ipc/WindowGlobalParent.cpp - dom/security/test/https-only/browser.toml - + dom/security/test/https-only/browser_iframe_buttons.js - + dom/security/test/https-only/file_iframe_buttons.html - mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragment.kt - mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragmentTest.kt - mobile/android/android-components/components/feature/session/src/main/java/mozilla/components/feature/session/SessionUseCases.kt - mobile/android/android-components/components/feature/session/src/test/java/mozilla/components/feature/session/SessionUseCasesTest.kt - mobile/android/android-components/docs/changelog.md - mobile/android/fenix/app/src/androidTest/java/org/mozilla/fenix/ui/CrashReportingTest.kt - mobile/android/geckoview/src/main/java/org/mozilla/gecko/Clipboard.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoInputConnection.java - toolkit/components/httpsonlyerror/content/errorpage.html - toolkit/components/httpsonlyerror/content/errorpage.js - toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl - widget/android/nsClipboard.cpp Changes: ===================================== dom/ipc/WindowGlobalParent.cpp ===================================== @@ -1378,18 +1378,11 @@ mozilla::ipc::IPCResult WindowGlobalParent::RecvReloadWithHttpsOnlyException() { return IPC_FAIL(this, "HTTPS-only mode: Illegal state"); } - // If the error page is within an iFrame, we create an exception for whatever - // scheme the top-level site is currently on, because the user wants to - // unbreak the iFrame and not the top-level page. When the error page shows up - // on a top-level request, then we replace the scheme with http, because the - // user wants to unbreak the whole page. + // We replace the scheme with http, because the user wants to unbreak the + // whole page. nsCOMPtr<nsIURI> newURI; - if (!BrowsingContext()->IsTop()) { - newURI = innerURI; - } else { - Unused << NS_MutateURI(innerURI).SetScheme("http"_ns).Finalize( - getter_AddRefs(newURI)); - } + Unused << NS_MutateURI(innerURI).SetScheme("http"_ns).Finalize( + getter_AddRefs(newURI)); OriginAttributes originAttributes = TopWindowContext()->DocumentPrincipal()->OriginAttributesRef(); ===================================== dom/security/test/https-only/browser.toml ===================================== @@ -29,6 +29,9 @@ support-files = [ ["browser_httpsonly_speculative_connect.js"] support-files = ["file_httpsonly_speculative_connect.html"] +["browser_iframe_buttons.js"] +support-files = ["file_iframe_buttons.html"] + ["browser_iframe_test.js"] skip-if = [ "os == 'linux' && bits == 64", # Bug 1735565 ===================================== dom/security/test/https-only/browser_iframe_buttons.js ===================================== @@ -0,0 +1,50 @@ +/* Any copyright is dedicated to the Public Domain. + https://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +// Ensure the buttons at the buttom of the HTTPS-Only error page do not get +// displayed in an iframe (Bug 1909396). + +add_task(async function test_iframe_buttons() { + await BrowserTestUtils.withNewTab( + "https://example.com/browser/dom/security/test/https-only/file_iframe_button…", + async function (browser) { + await SpecialPowers.pushPrefEnv({ + set: [["dom.security.https_only_mode", true]], + }); + + await SpecialPowers.spawn(browser, [], async function () { + const iframe = content.document.getElementById("iframe"); + // eslint-disable-next-line @microsoft/sdl/no-insecure-url + iframe.src = "http://nocert.example.com"; + + await ContentTaskUtils.waitForCondition( + () => iframe.contentWindow.document.readyState === "interactive", + "Iframe error page should have loaded" + ); + + ok( + !!iframe.contentWindow.document.getElementById("explanation-iframe"), + "#explanation-iframe should exist" + ); + + is( + iframe.contentWindow.document + .getElementById("explanation-iframe") + .getAttribute("hidden"), + null, + "#explanation-iframe should not be hidden" + ); + + for (const id of ["explanation-continue", "goBack", "openInsecure"]) { + is( + iframe.contentWindow.document.getElementById(id), + null, + `#${id} should have been removed` + ); + } + }); + } + ); +}); ===================================== dom/security/test/https-only/file_iframe_buttons.html ===================================== @@ -0,0 +1,9 @@ +<!DOCTYPE html> +<html lang="en"> +<head> + <meta charset="UTF-8"> +</head> +<body> + <iframe id="iframe" frameborder="0"></iframe> +</body> +</html> ===================================== mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragment.kt ===================================== @@ -11,6 +11,7 @@ import androidx.annotation.StringRes import androidx.annotation.StyleRes import androidx.annotation.VisibleForTesting import androidx.appcompat.app.AlertDialog +import mozilla.components.support.ktx.util.PromptAbuserDetector import mozilla.components.ui.widgets.withCenterAlignedButtons /** @@ -23,6 +24,10 @@ import mozilla.components.ui.widgets.withCenterAlignedButtons */ class SimpleRedirectDialogFragment : RedirectDialogFragment() { + @VisibleForTesting + internal var promptAbuserDetector = + PromptAbuserDetector(maxSuccessiveDialogSecondsLimit = TIME_SHOWN_OFFSET_SECONDS) + @VisibleForTesting internal var testingContext: Context? = null @@ -32,6 +37,8 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { return if (themeID == 0) AlertDialog.Builder(context) else AlertDialog.Builder(context, themeID) } + promptAbuserDetector.updateJSDialogAbusedState() + return with(requireBundle()) { val dialogTitleText = getInt(KEY_TITLE_TEXT, R.string.mozac_feature_applinks_normal_confirm_dialog_title) val dialogMessageString = getString(KEY_MESSAGE_STRING, "") @@ -40,18 +47,29 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { val themeResId = getInt(KEY_THEME_ID, 0) val cancelable = getBoolean(KEY_CANCELABLE, false) - getBuilder(themeResId) + val dialog = getBuilder(themeResId) .setTitle(dialogTitleText) .setMessage(dialogMessageString) - .setPositiveButton(positiveButtonText) { _, _ -> - onConfirmRedirect() - } + .setPositiveButton(positiveButtonText) { _, _ -> } .setNegativeButton(negativeButtonText) { _, _ -> onCancelRedirect() } .setCancelable(cancelable) .create() - .withCenterAlignedButtons() + + dialog.withCenterAlignedButtons() + dialog.setOnShowListener { + val okButton = dialog.getButton(AlertDialog.BUTTON_POSITIVE) + okButton.setOnClickListener { + if (promptAbuserDetector.areDialogsBeingAbused()) { + promptAbuserDetector.updateJSDialogAbusedState() + } else { + onConfirmRedirect() + dialog.dismiss() + } + } + } + dialog } } @@ -101,6 +119,7 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { const val KEY_THEME_ID = "KEY_THEME_ID" const val KEY_CANCELABLE = "KEY_CANCELABLE" + private const val TIME_SHOWN_OFFSET_SECONDS = 1 } private fun requireBundle(): Bundle { ===================================== mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragmentTest.kt ===================================== @@ -13,6 +13,7 @@ import mozilla.components.support.test.mock import mozilla.components.support.test.robolectric.testContext import org.junit.Assert.assertFalse import org.junit.Assert.assertTrue +import org.junit.Ignore import org.junit.Test import org.junit.runner.RunWith import org.mockito.Mockito.doNothing @@ -27,6 +28,7 @@ class SimpleRedirectDialogFragmentTest { private val themeResId = appcompatR.style.Theme_AppCompat_Light @Test + @Ignore("This will be addressed in another follow up ticket") fun `Dialog confirmed callback is called correctly`() { var onConfirmCalled = false var onCancelCalled = false @@ -104,6 +106,7 @@ class SimpleRedirectDialogFragmentTest { assertFalse(onCancelCalled) } + @Suppress("unused") private fun mockFragmentManager(): FragmentManager { val fragmentManager: FragmentManager = mock() val transaction: FragmentTransaction = mock() ===================================== mobile/android/android-components/components/feature/session/src/main/java/mozilla/components/feature/session/SessionUseCases.kt ===================================== @@ -4,7 +4,6 @@ package mozilla.components.feature.session -import mozilla.components.browser.state.action.ContentAction import mozilla.components.browser.state.action.CrashAction import mozilla.components.browser.state.action.EngineAction import mozilla.components.browser.state.action.LastAccessAction @@ -94,13 +93,6 @@ class SessionUseCases( flags = flags, additionalHeaders = additionalHeaders, ) - // Update the url in content immediately until the engine updates with any new changes to the state. - store.dispatch( - ContentAction.UpdateUrlAction( - loadSessionId, - url, - ), - ) store.dispatch( EngineAction.OptimizedLoadUrlTriggeredAction( loadSessionId, ===================================== mobile/android/android-components/components/feature/session/src/test/java/mozilla/components/feature/session/SessionUseCasesTest.kt ===================================== @@ -11,7 +11,6 @@ import mozilla.components.browser.state.action.EngineAction import mozilla.components.browser.state.action.TabListAction import mozilla.components.browser.state.engine.EngineMiddleware import mozilla.components.browser.state.selector.findTab -import mozilla.components.browser.state.selector.selectedTab import mozilla.components.browser.state.state.BrowserState import mozilla.components.browser.state.state.TabSessionState import mozilla.components.browser.state.state.createCustomTab @@ -81,7 +80,6 @@ class SessionUseCasesTest { assertEquals("mozilla", action.tabId) assertEquals("https://getpocket.com", action.url) } - assertEquals("https://getpocket.com", store.state.selectedTab?.content?.url) useCases.loadUrl("https://www.mozilla.org", LoadUrlFlags.select(LoadUrlFlags.EXTERNAL)) store.waitUntilIdle() @@ -95,7 +93,6 @@ class SessionUseCasesTest { assertEquals("https://www.mozilla.org", action.url) assertEquals(LoadUrlFlags.select(LoadUrlFlags.EXTERNAL), action.flags) } - assertEquals("https://www.mozilla.org", store.state.selectedTab?.content?.url) useCases.loadUrl("https://firefox.com", store.state.selectedTabId) store.waitUntilIdle() @@ -105,7 +102,6 @@ class SessionUseCasesTest { assertEquals("mozilla", action.tabId) assertEquals("https://firefox.com", action.url) } - assertEquals("https://firefox.com", store.state.selectedTab?.content?.url) useCases.loadUrl.invoke( "https://developer.mozilla.org", ===================================== mobile/android/android-components/docs/changelog.md ===================================== @@ -109,9 +109,6 @@ permalink: /changelog/ * **feature-customtabs** * Fallback behaviour when failing to open a new window in custom tab will now be loading the URL directly in the same custom tab. [Bug 1832357](https://bugzilla.mozilla.org/show_bug.cgi?id=1832357) -* **feature-session** - * Update URL in the store immediately when using the optimized load URL code path. - * **tooling-lint** * Added a lint rule to detect when `Response#close` may not have been called. Note: Currently, this rule only runs on Android Components. ===================================== mobile/android/fenix/app/src/androidTest/java/org/mozilla/fenix/ui/CrashReportingTest.kt ===================================== @@ -83,7 +83,7 @@ class CrashReportingTest : TestSetup() { verifyPageContent(tabCrashMessage) }.openTabDrawer(activityTestRule) { verifyExistingOpenTabs(firstWebPage.title) - verifyExistingOpenTabs("about:crashcontent") + verifyExistingOpenTabs(secondWebPage.title) }.closeTabDrawer { }.goToHomescreen { verifyExistingTopSitesList() ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/Clipboard.java ===================================== @@ -11,6 +11,7 @@ import android.content.ClipboardManager.OnPrimaryClipChangedListener; import android.content.Context; import android.content.res.AssetFileDescriptor; import android.os.Build; +import android.os.PersistableBundle; import android.text.TextUtils; import android.util.Log; import java.io.ByteArrayOutputStream; @@ -133,8 +134,9 @@ public final class Clipboard { * @return true if copy is successful. */ @WrapForJNI(calledFrom = "gecko") - public static boolean setText(final Context context, final CharSequence text) { - return setData(context, ClipData.newPlainText("text", text)); + public static boolean setText( + final Context context, final CharSequence text, final boolean isPrivateData) { + return setData(context, ClipData.newPlainText("text", text), isPrivateData); } /** @@ -147,8 +149,11 @@ public final class Clipboard { */ @WrapForJNI(calledFrom = "gecko") private static boolean setHTML( - final Context context, final CharSequence text, final String htmlText) { - return setData(context, ClipData.newHtmlText("html", text, htmlText)); + final Context context, + final CharSequence text, + final String htmlText, + final boolean isPrivateData) { + return setData(context, ClipData.newHtmlText("html", text, htmlText), isPrivateData); } /** @@ -158,11 +163,17 @@ public final class Clipboard { * @param clipData a {@link android.content.ClipData} to set to clipboard * @return true if copy is successful. */ - private static boolean setData(final Context context, final ClipData clipData) { + private static boolean setData( + final Context context, final ClipData clipData, final boolean isPrivateData) { // In API Level 11 and above, CLIPBOARD_SERVICE returns android.content.ClipboardManager, // which is a subclass of android.text.ClipboardManager. final ClipboardManager cm = (ClipboardManager) context.getSystemService(Context.CLIPBOARD_SERVICE); + if (isPrivateData && Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) { + final PersistableBundle extras = new PersistableBundle(); + extras.putBoolean(ClipDescription.EXTRA_IS_SENSITIVE, true); + clipData.getDescription().setExtras(extras); + } try { cm.setPrimaryClip(clipData); } catch (final NullPointerException e) { @@ -228,7 +239,7 @@ public final class Clipboard { @WrapForJNI(calledFrom = "gecko") private static void clear(final Context context) { if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.P) { - setText(context, null); + setText(context, null, false); return; } // Although we don't know more details of https://crbug.com/1203377, Blink doesn't use ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoInputConnection.java ===================================== @@ -70,6 +70,7 @@ import org.mozilla.gecko.util.ThreadUtils; private ExtractedTextRequest mUpdateRequest; private final InputConnection mKeyInputConnection; private CursorAnchorInfo.Builder mCursorAnchorInfoBuilder; + private boolean mIsPrivateBrowsing; public static SessionTextInput.InputConnectionClient create( final GeckoSession session, @@ -208,12 +209,13 @@ import org.mozilla.gecko.util.ThreadUtils; // If selection is empty, we'll select everything if (selStart == selEnd) { // Fill the clipboard - Clipboard.setText(view.getContext(), editable); + Clipboard.setText(view.getContext(), editable, mIsPrivateBrowsing); editable.clear(); } else { Clipboard.setText( view.getContext(), - editable.subSequence(Math.min(selStart, selEnd), Math.max(selStart, selEnd))); + editable.subSequence(Math.min(selStart, selEnd), Math.max(selStart, selEnd)), + mIsPrivateBrowsing); editable.delete(selStart, selEnd); } break; @@ -231,7 +233,7 @@ import org.mozilla.gecko.util.ThreadUtils; : editable .toString() .substring(Math.min(selStart, selEnd), Math.max(selStart, selEnd)); - Clipboard.setText(view.getContext(), copiedText); + Clipboard.setText(view.getContext(), copiedText, mIsPrivateBrowsing); break; } return true; @@ -603,6 +605,9 @@ import org.mozilla.gecko.util.ThreadUtils; outAttrs.imeOptions |= EditorInfo.IME_FLAG_NO_EXTRACT_UI | EditorInfo.IME_FLAG_NO_FULLSCREEN; } + mIsPrivateBrowsing = + ((outAttrs.imeOptions & InputMethods.IME_FLAG_NO_PERSONALIZED_LEARNING) != 0); + if (DEBUG) { Log.d( LOGTAG, ===================================== toolkit/components/httpsonlyerror/content/errorpage.html ===================================== @@ -70,6 +70,16 @@ inert ></button> </div> + + <p id="explanation-iframe" hidden> + <span data-l10n-id="about-httpsonly-explanation-iframe"></span> + <a + id="mixedContentLearnMoreLink" + target="_blank" + data-l10n-id="about-httpsonly-link-learn-more" + ></a> + </p> + <div class="suggestion-box" hidden> <h2 data-l10n-id="about-httpsonly-suggestion-box-header"></h2> </div> ===================================== toolkit/components/httpsonlyerror/content/errorpage.js ===================================== @@ -29,28 +29,35 @@ function initPage() { document .getElementById("learnMoreLink") .setAttribute("href", baseSupportURL + "https-only-prefs"); + document + .getElementById("mixedContentLearnMoreLink") + .setAttribute("href", baseSupportURL + "mixed-content"); + + const isTopLevel = window.top == window; + if (!isTopLevel) { + for (const id of ["explanation-continue", "goBack", "openInsecure"]) { + document.getElementById(id).remove(); + } + document.getElementById("explanation-iframe").removeAttribute("hidden"); + return; + } document .getElementById("openInsecure") .addEventListener("click", onOpenInsecureButtonClick); + document + .getElementById("goBack") + .addEventListener("click", onReturnButtonClick); const delay = RPMGetIntPref("security.dialog_enable_delay", 1000); setTimeout(() => { document.getElementById("openInsecure").removeAttribute("inert"); }, delay); - if (window.top == window) { - document - .getElementById("goBack") - .addEventListener("click", onReturnButtonClick); - addAutofocus("#goBack", "beforeend"); - } else { - document.getElementById("goBack").remove(); - } + addAutofocus("#goBack", "beforeend"); - const isTopLevel = window.top == window; const hasWWWPrefix = pageUrl.href.startsWith("https://www."); - if (isTopLevel && !hasWWWPrefix) { + if (!hasWWWPrefix) { // HTTPS-Only generally simply replaces http: with https:; // here we additionally try to add www and see if that allows to upgrade the connection if it is top level ===================================== toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl ===================================== @@ -12,6 +12,7 @@ about-httpsonly-explanation-question = What could be causing this? about-httpsonly-explanation-nosupport = Most likely, the website simply does not support HTTPS. about-httpsonly-explanation-risk = It’s also possible that an attacker is involved. If you decide to visit the website, you should not enter any sensitive information like passwords, emails, or credit card details. about-httpsonly-explanation-continue = If you continue, HTTPS-Only Mode will be turned off temporarily for this site. +about-httpsonly-explanation-iframe = Due to mixed content blocking, it is not possible to manually allow this frame to load. about-httpsonly-button-continue-to-site = Continue to HTTP Site about-httpsonly-button-go-back = Go Back ===================================== widget/android/nsClipboard.cpp ===================================== @@ -92,14 +92,16 @@ nsClipboard::SetNativeClipboardData(nsITransferable* aTransferable, return rv; } + bool isPrivate = aTransferable->GetIsPrivateData(); + if (!html.IsEmpty() && java::Clipboard::SetHTML(java::GeckoAppShell::GetApplicationContext(), - text, html)) { + text, html, isPrivate)) { return NS_OK; } if (!text.IsEmpty() && java::Clipboard::SetText(java::GeckoAppShell::GetApplicationContext(), - text)) { + text, isPrivate)) { return NS_OK; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/e17244… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/e17244… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-128.5.0esr-14.0-1-build2
by ma1 (＠ma1) 25 Nov '24

25 Nov '24

ma1 pushed new tag mullvad-browser-128.5.0esr-14.0-1-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.5.0esr-14.0-1] 4 commits: Bug 1836921 - Improve dialogs a=dmeehan
by ma1 (＠ma1) 25 Nov '24

25 Nov '24

ma1 pushed to branch mullvad-browser-128.5.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 437543c6 by Arturo Mejia at 2024-11-25T15:21:36+01:00 Bug 1836921 - Improve dialogs a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D226961 Differential Revision: https://phabricator.services.mozilla.com/D228842 - - - - - 33f6b33b by Malte Juergens at 2024-11-25T15:21:38+01:00 Bug 1909396 - Remove HTTPS-Only exception button in iframes r=freddyb,fluent-reviewers Rationale for this can be read in Bug 1909396, but the main reason is that the iframe will get blocked regardless by mixed content blocking. Differential Revision: https://phabricator.services.mozilla.com/D220257 - - - - - 412bde12 by Makoto Kato at 2024-11-25T15:21:40+01:00 Bug 1776646 - Support EXTRA_IS_SENSITIVE for clipboard. r=geckoview-reviewers,owlish When nsITransferable.isPrivateData is true, such as coping password or private mode, we should set EXTRA_IS_SENSITIVE to ClipData. AndroidJunit test runner doesn't often get `ClipDescription.extras` from clipboard service in test runner. So we cannot write a unit test using AndroidJUnit test runner. Differential Revision: https://phabricator.services.mozilla.com/D225326 - - - - - 866130a7 by Cathy Lu at 2024-11-25T15:21:41+01:00 Bug 1914797 - Part 1 + 2 + partial backout (details below) Bug 1914797 - Part 1 - Revert bug 1868469 r=android-reviewers,jonalmeida, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D226431 Bug 1914797 - Part 2 - Add url change during onPageStart for slow loading sites r=android-reviewers,jonalmeida, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D226432 Backed out 1 changesets (bug 1914797) for causing Bug 1929028 Backed out changeset a79554879d7b (bug 1914797) - - - - - 16 changed files: - dom/ipc/WindowGlobalParent.cpp - dom/security/test/https-only/browser.toml - + dom/security/test/https-only/browser_iframe_buttons.js - + dom/security/test/https-only/file_iframe_buttons.html - mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragment.kt - mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragmentTest.kt - mobile/android/android-components/components/feature/session/src/main/java/mozilla/components/feature/session/SessionUseCases.kt - mobile/android/android-components/components/feature/session/src/test/java/mozilla/components/feature/session/SessionUseCasesTest.kt - mobile/android/android-components/docs/changelog.md - mobile/android/fenix/app/src/androidTest/java/org/mozilla/fenix/ui/CrashReportingTest.kt - mobile/android/geckoview/src/main/java/org/mozilla/gecko/Clipboard.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoInputConnection.java - toolkit/components/httpsonlyerror/content/errorpage.html - toolkit/components/httpsonlyerror/content/errorpage.js - toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl - widget/android/nsClipboard.cpp Changes: ===================================== dom/ipc/WindowGlobalParent.cpp ===================================== @@ -1378,18 +1378,11 @@ mozilla::ipc::IPCResult WindowGlobalParent::RecvReloadWithHttpsOnlyException() { return IPC_FAIL(this, "HTTPS-only mode: Illegal state"); } - // If the error page is within an iFrame, we create an exception for whatever - // scheme the top-level site is currently on, because the user wants to - // unbreak the iFrame and not the top-level page. When the error page shows up - // on a top-level request, then we replace the scheme with http, because the - // user wants to unbreak the whole page. + // We replace the scheme with http, because the user wants to unbreak the + // whole page. nsCOMPtr<nsIURI> newURI; - if (!BrowsingContext()->IsTop()) { - newURI = innerURI; - } else { - Unused << NS_MutateURI(innerURI).SetScheme("http"_ns).Finalize( - getter_AddRefs(newURI)); - } + Unused << NS_MutateURI(innerURI).SetScheme("http"_ns).Finalize( + getter_AddRefs(newURI)); OriginAttributes originAttributes = TopWindowContext()->DocumentPrincipal()->OriginAttributesRef(); ===================================== dom/security/test/https-only/browser.toml ===================================== @@ -29,6 +29,9 @@ support-files = [ ["browser_httpsonly_speculative_connect.js"] support-files = ["file_httpsonly_speculative_connect.html"] +["browser_iframe_buttons.js"] +support-files = ["file_iframe_buttons.html"] + ["browser_iframe_test.js"] skip-if = [ "os == 'linux' && bits == 64", # Bug 1735565 ===================================== dom/security/test/https-only/browser_iframe_buttons.js ===================================== @@ -0,0 +1,50 @@ +/* Any copyright is dedicated to the Public Domain. + https://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +// Ensure the buttons at the buttom of the HTTPS-Only error page do not get +// displayed in an iframe (Bug 1909396). + +add_task(async function test_iframe_buttons() { + await BrowserTestUtils.withNewTab( + "https://example.com/browser/dom/security/test/https-only/file_iframe_button…", + async function (browser) { + await SpecialPowers.pushPrefEnv({ + set: [["dom.security.https_only_mode", true]], + }); + + await SpecialPowers.spawn(browser, [], async function () { + const iframe = content.document.getElementById("iframe"); + // eslint-disable-next-line @microsoft/sdl/no-insecure-url + iframe.src = "http://nocert.example.com"; + + await ContentTaskUtils.waitForCondition( + () => iframe.contentWindow.document.readyState === "interactive", + "Iframe error page should have loaded" + ); + + ok( + !!iframe.contentWindow.document.getElementById("explanation-iframe"), + "#explanation-iframe should exist" + ); + + is( + iframe.contentWindow.document + .getElementById("explanation-iframe") + .getAttribute("hidden"), + null, + "#explanation-iframe should not be hidden" + ); + + for (const id of ["explanation-continue", "goBack", "openInsecure"]) { + is( + iframe.contentWindow.document.getElementById(id), + null, + `#${id} should have been removed` + ); + } + }); + } + ); +}); ===================================== dom/security/test/https-only/file_iframe_buttons.html ===================================== @@ -0,0 +1,9 @@ +<!DOCTYPE html> +<html lang="en"> +<head> + <meta charset="UTF-8"> +</head> +<body> + <iframe id="iframe" frameborder="0"></iframe> +</body> +</html> ===================================== mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragment.kt ===================================== @@ -11,6 +11,7 @@ import androidx.annotation.StringRes import androidx.annotation.StyleRes import androidx.annotation.VisibleForTesting import androidx.appcompat.app.AlertDialog +import mozilla.components.support.ktx.util.PromptAbuserDetector import mozilla.components.ui.widgets.withCenterAlignedButtons /** @@ -23,6 +24,10 @@ import mozilla.components.ui.widgets.withCenterAlignedButtons */ class SimpleRedirectDialogFragment : RedirectDialogFragment() { + @VisibleForTesting + internal var promptAbuserDetector = + PromptAbuserDetector(maxSuccessiveDialogSecondsLimit = TIME_SHOWN_OFFSET_SECONDS) + @VisibleForTesting internal var testingContext: Context? = null @@ -32,6 +37,8 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { return if (themeID == 0) AlertDialog.Builder(context) else AlertDialog.Builder(context, themeID) } + promptAbuserDetector.updateJSDialogAbusedState() + return with(requireBundle()) { val dialogTitleText = getInt(KEY_TITLE_TEXT, R.string.mozac_feature_applinks_normal_confirm_dialog_title) val dialogMessageString = getString(KEY_MESSAGE_STRING, "") @@ -40,18 +47,29 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { val themeResId = getInt(KEY_THEME_ID, 0) val cancelable = getBoolean(KEY_CANCELABLE, false) - getBuilder(themeResId) + val dialog = getBuilder(themeResId) .setTitle(dialogTitleText) .setMessage(dialogMessageString) - .setPositiveButton(positiveButtonText) { _, _ -> - onConfirmRedirect() - } + .setPositiveButton(positiveButtonText) { _, _ -> } .setNegativeButton(negativeButtonText) { _, _ -> onCancelRedirect() } .setCancelable(cancelable) .create() - .withCenterAlignedButtons() + + dialog.withCenterAlignedButtons() + dialog.setOnShowListener { + val okButton = dialog.getButton(AlertDialog.BUTTON_POSITIVE) + okButton.setOnClickListener { + if (promptAbuserDetector.areDialogsBeingAbused()) { + promptAbuserDetector.updateJSDialogAbusedState() + } else { + onConfirmRedirect() + dialog.dismiss() + } + } + } + dialog } } @@ -101,6 +119,7 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { const val KEY_THEME_ID = "KEY_THEME_ID" const val KEY_CANCELABLE = "KEY_CANCELABLE" + private const val TIME_SHOWN_OFFSET_SECONDS = 1 } private fun requireBundle(): Bundle { ===================================== mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragmentTest.kt ===================================== @@ -13,6 +13,7 @@ import mozilla.components.support.test.mock import mozilla.components.support.test.robolectric.testContext import org.junit.Assert.assertFalse import org.junit.Assert.assertTrue +import org.junit.Ignore import org.junit.Test import org.junit.runner.RunWith import org.mockito.Mockito.doNothing @@ -27,6 +28,7 @@ class SimpleRedirectDialogFragmentTest { private val themeResId = appcompatR.style.Theme_AppCompat_Light @Test + @Ignore("This will be addressed in another follow up ticket") fun `Dialog confirmed callback is called correctly`() { var onConfirmCalled = false var onCancelCalled = false @@ -104,6 +106,7 @@ class SimpleRedirectDialogFragmentTest { assertFalse(onCancelCalled) } + @Suppress("unused") private fun mockFragmentManager(): FragmentManager { val fragmentManager: FragmentManager = mock() val transaction: FragmentTransaction = mock() ===================================== mobile/android/android-components/components/feature/session/src/main/java/mozilla/components/feature/session/SessionUseCases.kt ===================================== @@ -4,7 +4,6 @@ package mozilla.components.feature.session -import mozilla.components.browser.state.action.ContentAction import mozilla.components.browser.state.action.CrashAction import mozilla.components.browser.state.action.EngineAction import mozilla.components.browser.state.action.LastAccessAction @@ -94,13 +93,6 @@ class SessionUseCases( flags = flags, additionalHeaders = additionalHeaders, ) - // Update the url in content immediately until the engine updates with any new changes to the state. - store.dispatch( - ContentAction.UpdateUrlAction( - loadSessionId, - url, - ), - ) store.dispatch( EngineAction.OptimizedLoadUrlTriggeredAction( loadSessionId, ===================================== mobile/android/android-components/components/feature/session/src/test/java/mozilla/components/feature/session/SessionUseCasesTest.kt ===================================== @@ -11,7 +11,6 @@ import mozilla.components.browser.state.action.EngineAction import mozilla.components.browser.state.action.TabListAction import mozilla.components.browser.state.engine.EngineMiddleware import mozilla.components.browser.state.selector.findTab -import mozilla.components.browser.state.selector.selectedTab import mozilla.components.browser.state.state.BrowserState import mozilla.components.browser.state.state.TabSessionState import mozilla.components.browser.state.state.createCustomTab @@ -81,7 +80,6 @@ class SessionUseCasesTest { assertEquals("mozilla", action.tabId) assertEquals("https://getpocket.com", action.url) } - assertEquals("https://getpocket.com", store.state.selectedTab?.content?.url) useCases.loadUrl("https://www.mozilla.org", LoadUrlFlags.select(LoadUrlFlags.EXTERNAL)) store.waitUntilIdle() @@ -95,7 +93,6 @@ class SessionUseCasesTest { assertEquals("https://www.mozilla.org", action.url) assertEquals(LoadUrlFlags.select(LoadUrlFlags.EXTERNAL), action.flags) } - assertEquals("https://www.mozilla.org", store.state.selectedTab?.content?.url) useCases.loadUrl("https://firefox.com", store.state.selectedTabId) store.waitUntilIdle() @@ -105,7 +102,6 @@ class SessionUseCasesTest { assertEquals("mozilla", action.tabId) assertEquals("https://firefox.com", action.url) } - assertEquals("https://firefox.com", store.state.selectedTab?.content?.url) useCases.loadUrl.invoke( "https://developer.mozilla.org", ===================================== mobile/android/android-components/docs/changelog.md ===================================== @@ -109,9 +109,6 @@ permalink: /changelog/ * **feature-customtabs** * Fallback behaviour when failing to open a new window in custom tab will now be loading the URL directly in the same custom tab. [Bug 1832357](https://bugzilla.mozilla.org/show_bug.cgi?id=1832357) -* **feature-session** - * Update URL in the store immediately when using the optimized load URL code path. - * **tooling-lint** * Added a lint rule to detect when `Response#close` may not have been called. Note: Currently, this rule only runs on Android Components. ===================================== mobile/android/fenix/app/src/androidTest/java/org/mozilla/fenix/ui/CrashReportingTest.kt ===================================== @@ -83,7 +83,7 @@ class CrashReportingTest : TestSetup() { verifyPageContent(tabCrashMessage) }.openTabDrawer(activityTestRule) { verifyExistingOpenTabs(firstWebPage.title) - verifyExistingOpenTabs("about:crashcontent") + verifyExistingOpenTabs(secondWebPage.title) }.closeTabDrawer { }.goToHomescreen { verifyExistingTopSitesList() ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/Clipboard.java ===================================== @@ -11,6 +11,7 @@ import android.content.ClipboardManager.OnPrimaryClipChangedListener; import android.content.Context; import android.content.res.AssetFileDescriptor; import android.os.Build; +import android.os.PersistableBundle; import android.text.TextUtils; import android.util.Log; import java.io.ByteArrayOutputStream; @@ -133,8 +134,9 @@ public final class Clipboard { * @return true if copy is successful. */ @WrapForJNI(calledFrom = "gecko") - public static boolean setText(final Context context, final CharSequence text) { - return setData(context, ClipData.newPlainText("text", text)); + public static boolean setText( + final Context context, final CharSequence text, final boolean isPrivateData) { + return setData(context, ClipData.newPlainText("text", text), isPrivateData); } /** @@ -147,8 +149,11 @@ public final class Clipboard { */ @WrapForJNI(calledFrom = "gecko") private static boolean setHTML( - final Context context, final CharSequence text, final String htmlText) { - return setData(context, ClipData.newHtmlText("html", text, htmlText)); + final Context context, + final CharSequence text, + final String htmlText, + final boolean isPrivateData) { + return setData(context, ClipData.newHtmlText("html", text, htmlText), isPrivateData); } /** @@ -158,11 +163,17 @@ public final class Clipboard { * @param clipData a {@link android.content.ClipData} to set to clipboard * @return true if copy is successful. */ - private static boolean setData(final Context context, final ClipData clipData) { + private static boolean setData( + final Context context, final ClipData clipData, final boolean isPrivateData) { // In API Level 11 and above, CLIPBOARD_SERVICE returns android.content.ClipboardManager, // which is a subclass of android.text.ClipboardManager. final ClipboardManager cm = (ClipboardManager) context.getSystemService(Context.CLIPBOARD_SERVICE); + if (isPrivateData && Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) { + final PersistableBundle extras = new PersistableBundle(); + extras.putBoolean(ClipDescription.EXTRA_IS_SENSITIVE, true); + clipData.getDescription().setExtras(extras); + } try { cm.setPrimaryClip(clipData); } catch (final NullPointerException e) { @@ -228,7 +239,7 @@ public final class Clipboard { @WrapForJNI(calledFrom = "gecko") private static void clear(final Context context) { if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.P) { - setText(context, null); + setText(context, null, false); return; } // Although we don't know more details of https://crbug.com/1203377, Blink doesn't use ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoInputConnection.java ===================================== @@ -70,6 +70,7 @@ import org.mozilla.gecko.util.ThreadUtils; private ExtractedTextRequest mUpdateRequest; private final InputConnection mKeyInputConnection; private CursorAnchorInfo.Builder mCursorAnchorInfoBuilder; + private boolean mIsPrivateBrowsing; public static SessionTextInput.InputConnectionClient create( final GeckoSession session, @@ -208,12 +209,13 @@ import org.mozilla.gecko.util.ThreadUtils; // If selection is empty, we'll select everything if (selStart == selEnd) { // Fill the clipboard - Clipboard.setText(view.getContext(), editable); + Clipboard.setText(view.getContext(), editable, mIsPrivateBrowsing); editable.clear(); } else { Clipboard.setText( view.getContext(), - editable.subSequence(Math.min(selStart, selEnd), Math.max(selStart, selEnd))); + editable.subSequence(Math.min(selStart, selEnd), Math.max(selStart, selEnd)), + mIsPrivateBrowsing); editable.delete(selStart, selEnd); } break; @@ -231,7 +233,7 @@ import org.mozilla.gecko.util.ThreadUtils; : editable .toString() .substring(Math.min(selStart, selEnd), Math.max(selStart, selEnd)); - Clipboard.setText(view.getContext(), copiedText); + Clipboard.setText(view.getContext(), copiedText, mIsPrivateBrowsing); break; } return true; @@ -603,6 +605,9 @@ import org.mozilla.gecko.util.ThreadUtils; outAttrs.imeOptions |= EditorInfo.IME_FLAG_NO_EXTRACT_UI | EditorInfo.IME_FLAG_NO_FULLSCREEN; } + mIsPrivateBrowsing = + ((outAttrs.imeOptions & InputMethods.IME_FLAG_NO_PERSONALIZED_LEARNING) != 0); + if (DEBUG) { Log.d( LOGTAG, ===================================== toolkit/components/httpsonlyerror/content/errorpage.html ===================================== @@ -70,6 +70,16 @@ inert ></button> </div> + + <p id="explanation-iframe" hidden> + <span data-l10n-id="about-httpsonly-explanation-iframe"></span> + <a + id="mixedContentLearnMoreLink" + target="_blank" + data-l10n-id="about-httpsonly-link-learn-more" + ></a> + </p> + <div class="suggestion-box" hidden> <h2 data-l10n-id="about-httpsonly-suggestion-box-header"></h2> </div> ===================================== toolkit/components/httpsonlyerror/content/errorpage.js ===================================== @@ -29,28 +29,35 @@ function initPage() { document .getElementById("learnMoreLink") .setAttribute("href", baseSupportURL + "https-only-prefs"); + document + .getElementById("mixedContentLearnMoreLink") + .setAttribute("href", baseSupportURL + "mixed-content"); + + const isTopLevel = window.top == window; + if (!isTopLevel) { + for (const id of ["explanation-continue", "goBack", "openInsecure"]) { + document.getElementById(id).remove(); + } + document.getElementById("explanation-iframe").removeAttribute("hidden"); + return; + } document .getElementById("openInsecure") .addEventListener("click", onOpenInsecureButtonClick); + document + .getElementById("goBack") + .addEventListener("click", onReturnButtonClick); const delay = RPMGetIntPref("security.dialog_enable_delay", 1000); setTimeout(() => { document.getElementById("openInsecure").removeAttribute("inert"); }, delay); - if (window.top == window) { - document - .getElementById("goBack") - .addEventListener("click", onReturnButtonClick); - addAutofocus("#goBack", "beforeend"); - } else { - document.getElementById("goBack").remove(); - } + addAutofocus("#goBack", "beforeend"); - const isTopLevel = window.top == window; const hasWWWPrefix = pageUrl.href.startsWith("https://www."); - if (isTopLevel && !hasWWWPrefix) { + if (!hasWWWPrefix) { // HTTPS-Only generally simply replaces http: with https:; // here we additionally try to add www and see if that allows to upgrade the connection if it is top level ===================================== toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl ===================================== @@ -12,6 +12,7 @@ about-httpsonly-explanation-question = What could be causing this? about-httpsonly-explanation-nosupport = Most likely, the website simply does not support HTTPS. about-httpsonly-explanation-risk = It’s also possible that an attacker is involved. If you decide to visit the website, you should not enter any sensitive information like passwords, emails, or credit card details. about-httpsonly-explanation-continue = If you continue, HTTPS-Only Mode will be turned off temporarily for this site. +about-httpsonly-explanation-iframe = Due to mixed content blocking, it is not possible to manually allow this frame to load. about-httpsonly-button-continue-to-site = Continue to HTTP Site about-httpsonly-button-go-back = Go Back ===================================== widget/android/nsClipboard.cpp ===================================== @@ -92,14 +92,16 @@ nsClipboard::SetNativeClipboardData(nsITransferable* aTransferable, return rv; } + bool isPrivate = aTransferable->GetIsPrivateData(); + if (!html.IsEmpty() && java::Clipboard::SetHTML(java::GeckoAppShell::GetApplicationContext(), - text, html)) { + text, html, isPrivate)) { return NS_OK; } if (!text.IsEmpty() && java::Clipboard::SetText(java::GeckoAppShell::GetApplicationContext(), - text)) { + text, isPrivate)) { return NS_OK; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/f2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/f2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-128.5.0esr-14.0-1-build2
by ma1 (＠ma1) 25 Nov '24

25 Nov '24

ma1 pushed new tag tor-browser-128.5.0esr-14.0-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.5.0esr-14.0-1] 4 commits: Bug 1836921 - Improve dialogs a=dmeehan
by ma1 (＠ma1) 25 Nov '24

25 Nov '24

ma1 pushed to branch tor-browser-128.5.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: c262ab56 by Arturo Mejia at 2024-11-20T13:10:39+01:00 Bug 1836921 - Improve dialogs a=dmeehan Original Revision: https://phabricator.services.mozilla.com/D226961 Differential Revision: https://phabricator.services.mozilla.com/D228842 - - - - - cdd6f724 by Malte Juergens at 2024-11-22T17:17:19+01:00 Bug 1909396 - Remove HTTPS-Only exception button in iframes r=freddyb,fluent-reviewers Rationale for this can be read in Bug 1909396, but the main reason is that the iframe will get blocked regardless by mixed content blocking. Differential Revision: https://phabricator.services.mozilla.com/D220257 - - - - - 7ba8318e by Makoto Kato at 2024-11-25T11:15:10+01:00 Bug 1776646 - Support EXTRA_IS_SENSITIVE for clipboard. r=geckoview-reviewers,owlish When nsITransferable.isPrivateData is true, such as coping password or private mode, we should set EXTRA_IS_SENSITIVE to ClipData. AndroidJunit test runner doesn't often get `ClipDescription.extras` from clipboard service in test runner. So we cannot write a unit test using AndroidJUnit test runner. Differential Revision: https://phabricator.services.mozilla.com/D225326 - - - - - 0ad899bf by Cathy Lu at 2024-11-25T14:56:28+01:00 Bug 1914797 - Part 1 + 2 + partial backout (details below) Bug 1914797 - Part 1 - Revert bug 1868469 r=android-reviewers,jonalmeida, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D226431 Bug 1914797 - Part 2 - Add url change during onPageStart for slow loading sites r=android-reviewers,jonalmeida, a=dmeehan Differential Revision: https://phabricator.services.mozilla.com/D226432 Backed out 1 changesets (bug 1914797) for causing Bug 1929028 Backed out changeset a79554879d7b (bug 1914797) - - - - - 16 changed files: - dom/ipc/WindowGlobalParent.cpp - dom/security/test/https-only/browser.toml - + dom/security/test/https-only/browser_iframe_buttons.js - + dom/security/test/https-only/file_iframe_buttons.html - mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragment.kt - mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragmentTest.kt - mobile/android/android-components/components/feature/session/src/main/java/mozilla/components/feature/session/SessionUseCases.kt - mobile/android/android-components/components/feature/session/src/test/java/mozilla/components/feature/session/SessionUseCasesTest.kt - mobile/android/android-components/docs/changelog.md - mobile/android/fenix/app/src/androidTest/java/org/mozilla/fenix/ui/CrashReportingTest.kt - mobile/android/geckoview/src/main/java/org/mozilla/gecko/Clipboard.java - mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoInputConnection.java - toolkit/components/httpsonlyerror/content/errorpage.html - toolkit/components/httpsonlyerror/content/errorpage.js - toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl - widget/android/nsClipboard.cpp Changes: ===================================== dom/ipc/WindowGlobalParent.cpp ===================================== @@ -1378,18 +1378,11 @@ mozilla::ipc::IPCResult WindowGlobalParent::RecvReloadWithHttpsOnlyException() { return IPC_FAIL(this, "HTTPS-only mode: Illegal state"); } - // If the error page is within an iFrame, we create an exception for whatever - // scheme the top-level site is currently on, because the user wants to - // unbreak the iFrame and not the top-level page. When the error page shows up - // on a top-level request, then we replace the scheme with http, because the - // user wants to unbreak the whole page. + // We replace the scheme with http, because the user wants to unbreak the + // whole page. nsCOMPtr<nsIURI> newURI; - if (!BrowsingContext()->IsTop()) { - newURI = innerURI; - } else { - Unused << NS_MutateURI(innerURI).SetScheme("http"_ns).Finalize( - getter_AddRefs(newURI)); - } + Unused << NS_MutateURI(innerURI).SetScheme("http"_ns).Finalize( + getter_AddRefs(newURI)); OriginAttributes originAttributes = TopWindowContext()->DocumentPrincipal()->OriginAttributesRef(); ===================================== dom/security/test/https-only/browser.toml ===================================== @@ -29,6 +29,9 @@ support-files = [ ["browser_httpsonly_speculative_connect.js"] support-files = ["file_httpsonly_speculative_connect.html"] +["browser_iframe_buttons.js"] +support-files = ["file_iframe_buttons.html"] + ["browser_iframe_test.js"] skip-if = [ "os == 'linux' && bits == 64", # Bug 1735565 ===================================== dom/security/test/https-only/browser_iframe_buttons.js ===================================== @@ -0,0 +1,50 @@ +/* Any copyright is dedicated to the Public Domain. + https://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +// Ensure the buttons at the buttom of the HTTPS-Only error page do not get +// displayed in an iframe (Bug 1909396). + +add_task(async function test_iframe_buttons() { + await BrowserTestUtils.withNewTab( + "https://example.com/browser/dom/security/test/https-only/file_iframe_button…", + async function (browser) { + await SpecialPowers.pushPrefEnv({ + set: [["dom.security.https_only_mode", true]], + }); + + await SpecialPowers.spawn(browser, [], async function () { + const iframe = content.document.getElementById("iframe"); + // eslint-disable-next-line @microsoft/sdl/no-insecure-url + iframe.src = "http://nocert.example.com"; + + await ContentTaskUtils.waitForCondition( + () => iframe.contentWindow.document.readyState === "interactive", + "Iframe error page should have loaded" + ); + + ok( + !!iframe.contentWindow.document.getElementById("explanation-iframe"), + "#explanation-iframe should exist" + ); + + is( + iframe.contentWindow.document + .getElementById("explanation-iframe") + .getAttribute("hidden"), + null, + "#explanation-iframe should not be hidden" + ); + + for (const id of ["explanation-continue", "goBack", "openInsecure"]) { + is( + iframe.contentWindow.document.getElementById(id), + null, + `#${id} should have been removed` + ); + } + }); + } + ); +}); ===================================== dom/security/test/https-only/file_iframe_buttons.html ===================================== @@ -0,0 +1,9 @@ +<!DOCTYPE html> +<html lang="en"> +<head> + <meta charset="UTF-8"> +</head> +<body> + <iframe id="iframe" frameborder="0"></iframe> +</body> +</html> ===================================== mobile/android/android-components/components/feature/app-links/src/main/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragment.kt ===================================== @@ -11,6 +11,7 @@ import androidx.annotation.StringRes import androidx.annotation.StyleRes import androidx.annotation.VisibleForTesting import androidx.appcompat.app.AlertDialog +import mozilla.components.support.ktx.util.PromptAbuserDetector import mozilla.components.ui.widgets.withCenterAlignedButtons /** @@ -23,6 +24,10 @@ import mozilla.components.ui.widgets.withCenterAlignedButtons */ class SimpleRedirectDialogFragment : RedirectDialogFragment() { + @VisibleForTesting + internal var promptAbuserDetector = + PromptAbuserDetector(maxSuccessiveDialogSecondsLimit = TIME_SHOWN_OFFSET_SECONDS) + @VisibleForTesting internal var testingContext: Context? = null @@ -32,6 +37,8 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { return if (themeID == 0) AlertDialog.Builder(context) else AlertDialog.Builder(context, themeID) } + promptAbuserDetector.updateJSDialogAbusedState() + return with(requireBundle()) { val dialogTitleText = getInt(KEY_TITLE_TEXT, R.string.mozac_feature_applinks_normal_confirm_dialog_title) val dialogMessageString = getString(KEY_MESSAGE_STRING, "") @@ -40,18 +47,29 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { val themeResId = getInt(KEY_THEME_ID, 0) val cancelable = getBoolean(KEY_CANCELABLE, false) - getBuilder(themeResId) + val dialog = getBuilder(themeResId) .setTitle(dialogTitleText) .setMessage(dialogMessageString) - .setPositiveButton(positiveButtonText) { _, _ -> - onConfirmRedirect() - } + .setPositiveButton(positiveButtonText) { _, _ -> } .setNegativeButton(negativeButtonText) { _, _ -> onCancelRedirect() } .setCancelable(cancelable) .create() - .withCenterAlignedButtons() + + dialog.withCenterAlignedButtons() + dialog.setOnShowListener { + val okButton = dialog.getButton(AlertDialog.BUTTON_POSITIVE) + okButton.setOnClickListener { + if (promptAbuserDetector.areDialogsBeingAbused()) { + promptAbuserDetector.updateJSDialogAbusedState() + } else { + onConfirmRedirect() + dialog.dismiss() + } + } + } + dialog } } @@ -101,6 +119,7 @@ class SimpleRedirectDialogFragment : RedirectDialogFragment() { const val KEY_THEME_ID = "KEY_THEME_ID" const val KEY_CANCELABLE = "KEY_CANCELABLE" + private const val TIME_SHOWN_OFFSET_SECONDS = 1 } private fun requireBundle(): Bundle { ===================================== mobile/android/android-components/components/feature/app-links/src/test/java/mozilla/components/feature/app/links/SimpleRedirectDialogFragmentTest.kt ===================================== @@ -13,6 +13,7 @@ import mozilla.components.support.test.mock import mozilla.components.support.test.robolectric.testContext import org.junit.Assert.assertFalse import org.junit.Assert.assertTrue +import org.junit.Ignore import org.junit.Test import org.junit.runner.RunWith import org.mockito.Mockito.doNothing @@ -27,6 +28,7 @@ class SimpleRedirectDialogFragmentTest { private val themeResId = appcompatR.style.Theme_AppCompat_Light @Test + @Ignore("This will be addressed in another follow up ticket") fun `Dialog confirmed callback is called correctly`() { var onConfirmCalled = false var onCancelCalled = false @@ -104,6 +106,7 @@ class SimpleRedirectDialogFragmentTest { assertFalse(onCancelCalled) } + @Suppress("unused") private fun mockFragmentManager(): FragmentManager { val fragmentManager: FragmentManager = mock() val transaction: FragmentTransaction = mock() ===================================== mobile/android/android-components/components/feature/session/src/main/java/mozilla/components/feature/session/SessionUseCases.kt ===================================== @@ -4,7 +4,6 @@ package mozilla.components.feature.session -import mozilla.components.browser.state.action.ContentAction import mozilla.components.browser.state.action.CrashAction import mozilla.components.browser.state.action.EngineAction import mozilla.components.browser.state.action.LastAccessAction @@ -94,13 +93,6 @@ class SessionUseCases( flags = flags, additionalHeaders = additionalHeaders, ) - // Update the url in content immediately until the engine updates with any new changes to the state. - store.dispatch( - ContentAction.UpdateUrlAction( - loadSessionId, - url, - ), - ) store.dispatch( EngineAction.OptimizedLoadUrlTriggeredAction( loadSessionId, ===================================== mobile/android/android-components/components/feature/session/src/test/java/mozilla/components/feature/session/SessionUseCasesTest.kt ===================================== @@ -11,7 +11,6 @@ import mozilla.components.browser.state.action.EngineAction import mozilla.components.browser.state.action.TabListAction import mozilla.components.browser.state.engine.EngineMiddleware import mozilla.components.browser.state.selector.findTab -import mozilla.components.browser.state.selector.selectedTab import mozilla.components.browser.state.state.BrowserState import mozilla.components.browser.state.state.TabSessionState import mozilla.components.browser.state.state.createCustomTab @@ -81,7 +80,6 @@ class SessionUseCasesTest { assertEquals("mozilla", action.tabId) assertEquals("https://getpocket.com", action.url) } - assertEquals("https://getpocket.com", store.state.selectedTab?.content?.url) useCases.loadUrl("https://www.mozilla.org", LoadUrlFlags.select(LoadUrlFlags.EXTERNAL)) store.waitUntilIdle() @@ -95,7 +93,6 @@ class SessionUseCasesTest { assertEquals("https://www.mozilla.org", action.url) assertEquals(LoadUrlFlags.select(LoadUrlFlags.EXTERNAL), action.flags) } - assertEquals("https://www.mozilla.org", store.state.selectedTab?.content?.url) useCases.loadUrl("https://firefox.com", store.state.selectedTabId) store.waitUntilIdle() @@ -105,7 +102,6 @@ class SessionUseCasesTest { assertEquals("mozilla", action.tabId) assertEquals("https://firefox.com", action.url) } - assertEquals("https://firefox.com", store.state.selectedTab?.content?.url) useCases.loadUrl.invoke( "https://developer.mozilla.org", ===================================== mobile/android/android-components/docs/changelog.md ===================================== @@ -109,9 +109,6 @@ permalink: /changelog/ * **feature-customtabs** * Fallback behaviour when failing to open a new window in custom tab will now be loading the URL directly in the same custom tab. [Bug 1832357](https://bugzilla.mozilla.org/show_bug.cgi?id=1832357) -* **feature-session** - * Update URL in the store immediately when using the optimized load URL code path. - * **tooling-lint** * Added a lint rule to detect when `Response#close` may not have been called. Note: Currently, this rule only runs on Android Components. ===================================== mobile/android/fenix/app/src/androidTest/java/org/mozilla/fenix/ui/CrashReportingTest.kt ===================================== @@ -83,7 +83,7 @@ class CrashReportingTest : TestSetup() { verifyPageContent(tabCrashMessage) }.openTabDrawer(activityTestRule) { verifyExistingOpenTabs(firstWebPage.title) - verifyExistingOpenTabs("about:crashcontent") + verifyExistingOpenTabs(secondWebPage.title) }.closeTabDrawer { }.goToHomescreen { verifyExistingTopSitesList() ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/Clipboard.java ===================================== @@ -11,6 +11,7 @@ import android.content.ClipboardManager.OnPrimaryClipChangedListener; import android.content.Context; import android.content.res.AssetFileDescriptor; import android.os.Build; +import android.os.PersistableBundle; import android.text.TextUtils; import android.util.Log; import java.io.ByteArrayOutputStream; @@ -133,8 +134,9 @@ public final class Clipboard { * @return true if copy is successful. */ @WrapForJNI(calledFrom = "gecko") - public static boolean setText(final Context context, final CharSequence text) { - return setData(context, ClipData.newPlainText("text", text)); + public static boolean setText( + final Context context, final CharSequence text, final boolean isPrivateData) { + return setData(context, ClipData.newPlainText("text", text), isPrivateData); } /** @@ -147,8 +149,11 @@ public final class Clipboard { */ @WrapForJNI(calledFrom = "gecko") private static boolean setHTML( - final Context context, final CharSequence text, final String htmlText) { - return setData(context, ClipData.newHtmlText("html", text, htmlText)); + final Context context, + final CharSequence text, + final String htmlText, + final boolean isPrivateData) { + return setData(context, ClipData.newHtmlText("html", text, htmlText), isPrivateData); } /** @@ -158,11 +163,17 @@ public final class Clipboard { * @param clipData a {@link android.content.ClipData} to set to clipboard * @return true if copy is successful. */ - private static boolean setData(final Context context, final ClipData clipData) { + private static boolean setData( + final Context context, final ClipData clipData, final boolean isPrivateData) { // In API Level 11 and above, CLIPBOARD_SERVICE returns android.content.ClipboardManager, // which is a subclass of android.text.ClipboardManager. final ClipboardManager cm = (ClipboardManager) context.getSystemService(Context.CLIPBOARD_SERVICE); + if (isPrivateData && Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) { + final PersistableBundle extras = new PersistableBundle(); + extras.putBoolean(ClipDescription.EXTRA_IS_SENSITIVE, true); + clipData.getDescription().setExtras(extras); + } try { cm.setPrimaryClip(clipData); } catch (final NullPointerException e) { @@ -228,7 +239,7 @@ public final class Clipboard { @WrapForJNI(calledFrom = "gecko") private static void clear(final Context context) { if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.P) { - setText(context, null); + setText(context, null, false); return; } // Although we don't know more details of https://crbug.com/1203377, Blink doesn't use ===================================== mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoInputConnection.java ===================================== @@ -70,6 +70,7 @@ import org.mozilla.gecko.util.ThreadUtils; private ExtractedTextRequest mUpdateRequest; private final InputConnection mKeyInputConnection; private CursorAnchorInfo.Builder mCursorAnchorInfoBuilder; + private boolean mIsPrivateBrowsing; public static SessionTextInput.InputConnectionClient create( final GeckoSession session, @@ -208,12 +209,13 @@ import org.mozilla.gecko.util.ThreadUtils; // If selection is empty, we'll select everything if (selStart == selEnd) { // Fill the clipboard - Clipboard.setText(view.getContext(), editable); + Clipboard.setText(view.getContext(), editable, mIsPrivateBrowsing); editable.clear(); } else { Clipboard.setText( view.getContext(), - editable.subSequence(Math.min(selStart, selEnd), Math.max(selStart, selEnd))); + editable.subSequence(Math.min(selStart, selEnd), Math.max(selStart, selEnd)), + mIsPrivateBrowsing); editable.delete(selStart, selEnd); } break; @@ -231,7 +233,7 @@ import org.mozilla.gecko.util.ThreadUtils; : editable .toString() .substring(Math.min(selStart, selEnd), Math.max(selStart, selEnd)); - Clipboard.setText(view.getContext(), copiedText); + Clipboard.setText(view.getContext(), copiedText, mIsPrivateBrowsing); break; } return true; @@ -603,6 +605,9 @@ import org.mozilla.gecko.util.ThreadUtils; outAttrs.imeOptions |= EditorInfo.IME_FLAG_NO_EXTRACT_UI | EditorInfo.IME_FLAG_NO_FULLSCREEN; } + mIsPrivateBrowsing = + ((outAttrs.imeOptions & InputMethods.IME_FLAG_NO_PERSONALIZED_LEARNING) != 0); + if (DEBUG) { Log.d( LOGTAG, ===================================== toolkit/components/httpsonlyerror/content/errorpage.html ===================================== @@ -70,6 +70,16 @@ inert ></button> </div> + + <p id="explanation-iframe" hidden> + <span data-l10n-id="about-httpsonly-explanation-iframe"></span> + <a + id="mixedContentLearnMoreLink" + target="_blank" + data-l10n-id="about-httpsonly-link-learn-more" + ></a> + </p> + <div class="suggestion-box" hidden> <h2 data-l10n-id="about-httpsonly-suggestion-box-header"></h2> </div> ===================================== toolkit/components/httpsonlyerror/content/errorpage.js ===================================== @@ -29,28 +29,35 @@ function initPage() { document .getElementById("learnMoreLink") .setAttribute("href", baseSupportURL + "https-only-prefs"); + document + .getElementById("mixedContentLearnMoreLink") + .setAttribute("href", baseSupportURL + "mixed-content"); + + const isTopLevel = window.top == window; + if (!isTopLevel) { + for (const id of ["explanation-continue", "goBack", "openInsecure"]) { + document.getElementById(id).remove(); + } + document.getElementById("explanation-iframe").removeAttribute("hidden"); + return; + } document .getElementById("openInsecure") .addEventListener("click", onOpenInsecureButtonClick); + document + .getElementById("goBack") + .addEventListener("click", onReturnButtonClick); const delay = RPMGetIntPref("security.dialog_enable_delay", 1000); setTimeout(() => { document.getElementById("openInsecure").removeAttribute("inert"); }, delay); - if (window.top == window) { - document - .getElementById("goBack") - .addEventListener("click", onReturnButtonClick); - addAutofocus("#goBack", "beforeend"); - } else { - document.getElementById("goBack").remove(); - } + addAutofocus("#goBack", "beforeend"); - const isTopLevel = window.top == window; const hasWWWPrefix = pageUrl.href.startsWith("https://www."); - if (isTopLevel && !hasWWWPrefix) { + if (!hasWWWPrefix) { // HTTPS-Only generally simply replaces http: with https:; // here we additionally try to add www and see if that allows to upgrade the connection if it is top level ===================================== toolkit/locales/en-US/toolkit/about/aboutHttpsOnlyError.ftl ===================================== @@ -12,6 +12,7 @@ about-httpsonly-explanation-question = What could be causing this? about-httpsonly-explanation-nosupport = Most likely, the website simply does not support HTTPS. about-httpsonly-explanation-risk = It’s also possible that an attacker is involved. If you decide to visit the website, you should not enter any sensitive information like passwords, emails, or credit card details. about-httpsonly-explanation-continue = If you continue, HTTPS-Only Mode will be turned off temporarily for this site. +about-httpsonly-explanation-iframe = Due to mixed content blocking, it is not possible to manually allow this frame to load. about-httpsonly-button-continue-to-site = Continue to HTTP Site about-httpsonly-button-go-back = Go Back ===================================== widget/android/nsClipboard.cpp ===================================== @@ -92,14 +92,16 @@ nsClipboard::SetNativeClipboardData(nsITransferable* aTransferable, return rv; } + bool isPrivate = aTransferable->GetIsPrivateData(); + if (!html.IsEmpty() && java::Clipboard::SetHTML(java::GeckoAppShell::GetApplicationContext(), - text, html)) { + text, html, isPrivate)) { return NS_OK; } if (!text.IsEmpty() && java::Clipboard::SetText(java::GeckoAppShell::GetApplicationContext(), - text)) { + text, isPrivate)) { return NS_OK; } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/2e8439… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/2e8439… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Add .gitignore to tools/browser
by morgan (＠morgan) 23 Nov '24

23 Nov '24

morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: 2477a638 by Morgan at 2024-11-23T01:34:58+00:00 Add .gitignore to tools/browser - - - - - 1 changed file: - + tools/browser/.gitignore Changes: ===================================== tools/browser/.gitignore ===================================== @@ -0,0 +1,3 @@ +basebrowser +mullvadbrowser +torbrowser View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41304: Backport tools/browser/.gitignore to hide main branch's symlinks
by morgan (＠morgan) 23 Nov '24

23 Nov '24

morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: 8ccad839 by Morgan at 2024-11-23T01:32:47+00:00 Bug 41304: Backport tools/browser/.gitignore to hide main branch's symlinks - - - - - 1 changed file: - + tools/browser/.gitignore Changes: ===================================== tools/browser/.gitignore ===================================== @@ -0,0 +1,3 @@ +basebrowser +mullvadbrowser +torbrowser View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] 3 commits: Bug 41284: Stop sync'ing changelogs between channels.
by morgan (＠morgan) 23 Nov '24

23 Nov '24

morgan pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 72f49dc1 by Pier Angelo Vendrame at 2024-11-21T17:35:24+01:00 Bug 41284: Stop sync'ing changelogs between channels. - - - - - bf089520 by Pier Angelo Vendrame at 2024-11-21T17:45:32+01:00 Bug 41200: Remove the tools for allowed_addons.json. For tor-browser#42618 and tor-browser#42619, we stopped using the allowed_addons.json, but initially we kept the tools to update it. However, the file creates some confusion, because it is used only for Andorid, but should be updated also when doing desktop-only releases when they update NoScript, or Android nightly builds might fail. So, since as a matter of fact we do not use that file anymore, we decided to stop updating it and remove the related tools. - - - - - 84e2ad6a by Pier Angelo Vendrame at 2024-11-21T18:10:39+01:00 Bug 41310: 13.5-specific fixes for relprep.py. When I wrote relprep.py, I did not think about a legacy channel, as we never had one before. Our approach was to keep everything to build releases as stable, so we decided to comment or remove the undesired functionalities rather than implementing a legacy channel in the script. - - - - - 11 changed files: - − .gitattributes - .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md - .gitlab/issue_templates/Release Prep - Tor Browser Stable.md - − projects/browser/allowed_addons.json - projects/browser/build.android - projects/browser/config - − projects/browser/verify_allowed_addons.py - projects/manual/config - − tools/fetch_allowed_addons.py - tools/fetch_changelogs.py - tools/relprep.py Changes: ===================================== .gitattributes deleted ===================================== @@ -1 +0,0 @@ -projects/browser/allowed_addons.json -diff ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md ===================================== @@ -59,8 +59,6 @@ Tor Browser Alpha (and Nightly) are on the `main` branch - [ ] `fenix_version` : update to match alpha `firefox-android` build tag - [ ] `browser_branch` : update to match alpha `firefox-android` build tag - [ ] `browser_build` : update to match alpha `firefox-android` build tag - - [ ] Update allowed_addons.json by running (from `tor-browser-build` root): - - `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json` - [ ] Update `projects/translation/config`: - [ ] run `make list_translation_updates-alpha` to get updated hashes - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch ===================================== .gitlab/issue_templates/Release Prep - Tor Browser Stable.md ===================================== @@ -60,8 +60,6 @@ Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSE - [ ] `browser_branch` : update to match stable `firefox-android` build tag - [ ] `browser_build` : update to match stable `firefox-android` build tag variant: Beta - - [ ] Update allowed_addons.json by running (from `tor-browser-build` root): - - `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json` - [ ] Update `projects/translation/config`: - [ ] run `make list_translation_updates-release` to get updated hashes - [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch ===================================== projects/browser/allowed_addons.json deleted ===================================== The diff for this file was not included because it is too large. ===================================== projects/browser/build.android ===================================== @@ -39,15 +39,6 @@ unzip ../omni.ja }) %] popd - -[% IF c("var/verify_allowed_addons") %] - # Check that allowed_addons.json contains the right versions of our bundled extension(s). - # If so, replace the default allowed_addons.json by ours in the apk assets folder. - $rootdir/verify_allowed_addons.py "$rootdir/allowed_addons.json" "$noscript_path" -[% END %] - -mv $rootdir/allowed_addons.json $assets_dir/allowed_addons.json - mkdir apk pushd apk 7zz x "$apk" ===================================== projects/browser/config ===================================== @@ -49,7 +49,6 @@ targets: android: build: '[% INCLUDE build.android %]' var: - verify_allowed_addons: 1 arch_deps: - 7zip - openjdk-17-jdk-headless @@ -159,10 +158,6 @@ input_files: enable: '[% c("var/namecoin") %]' - filename: namecoin.patch enable: '[% c("var/namecoin") %]' - - filename: allowed_addons.json - enable: '[% c("var/android") %]' - - filename: verify_allowed_addons.py - enable: '[% c("var/android") && c("var/verify_allowed_addons") %]' - project: manual name: manual enable: '[% ! c("var/android") && c("var/tor-browser") %]' ===================================== projects/browser/verify_allowed_addons.py deleted ===================================== @@ -1,49 +0,0 @@ -#!/usr/bin/env python3 - -import json -import sys -import hashlib -import zipfile - -def find_addon(addons, addon_id): - results = addons['results'] - for x in results: - addon = x['addon'] - if addon['guid'] == addon_id: - return addon - sys.exit("Error: cannot find addon " + addon_id) - -def verify_extension_version(addons, addon_id, version): - addon = find_addon(addons, addon_id) - expected_version = addon['current_version']['version'] - if version != expected_version: - sys.exit("Error: version " + version + " != " + expected_version) - -def verify_extension_hash(addons, addon_id, hash): - addon = find_addon(addons, addon_id) - expected_hash = addon["current_version"]["files"][0]["hash"] - if hash != expected_hash: - sys.exit("Error: hash " + hash + " != " + expected_hash) - -def read_extension_manifest(path): - return json.loads(zipfile.ZipFile(path, 'r').read('manifest.json')) - -def main(argv): - allowed_addons_path = argv[0] - noscript_path = argv[1] - - addons = None - with open(allowed_addons_path, 'r') as file: - addons = json.loads(file.read()) - - noscript_hash = None - with open(noscript_path, 'rb') as file: - noscript_hash = "sha256:" + hashlib.sha256(file.read()).hexdigest() - - noscript_version = read_extension_manifest(noscript_path)["version"] - - verify_extension_hash(addons, '{73a6fe31-595d-460b-a920-fcc0f8843232}', noscript_hash) - verify_extension_version(addons, '{73a6fe31-595d-460b-a920-fcc0f8843232}', noscript_version) - -if __name__ == "__main__": - main(sys.argv[1:]) ===================================== projects/manual/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 # To update, see doc/how-to-update-the-manual.txt # Remember to update also the package's hash, with the version! -version: 222718 +version: 210938 filename: 'manual-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -23,6 +23,6 @@ input_files: - project: container-image - URL: 'https://build-sources.tbb.torproject.org/manual_[% c("version") %].zip' name: manual - sha256sum: 051174ba012fa2241e865cc604658a0af116d3bbf9d02474025277fff1b34636 + sha256sum: eb83259f0525a14dae1a1c3944e1e5ac3a2f8111a42834ab0f401628c8a38791 - filename: packagemanual.py name: package_script ===================================== tools/fetch_allowed_addons.py deleted ===================================== @@ -1,53 +0,0 @@ -#!/usr/bin/env python3 - -import urllib.request -import json -import base64 -import sys - -NOSCRIPT = "{73a6fe31-595d-460b-a920-fcc0f8843232}" - - -def fetch(x): - with urllib.request.urlopen(x) as response: - return response.read() - - -def find_addon(addons, addon_id): - results = addons["results"] - for x in results: - addon = x["addon"] - if addon["guid"] == addon_id: - return addon - - -def fetch_and_embed_icons(addons): - results = addons["results"] - for x in results: - addon = x["addon"] - icon_data = fetch(addon["icon_url"]) - addon["icon_url"] = "data:image/png;base64," + str( - base64.b64encode(icon_data), "utf8" - ) - - -def fetch_allowed_addons(amo_collection=None): - if amo_collection is None: - amo_collection = "83a9cccfe6e24a34bd7b155ff9ee32" - url = f"https://services.addons.mozilla.org/api/v4/accounts/account/mozilla/collect…" - data = json.loads(fetch(url)) - fetch_and_embed_icons(data) - data["results"].sort(key=lambda x: x["addon"]["guid"]) - return data - - -def main(argv): - data = fetch_allowed_addons(argv[0] if len(argv) > 1 else None) - # Check that NoScript is present - if find_addon(data, NOSCRIPT) is None: - sys.exit("Error: cannot find NoScript.") - print(json.dumps(data, indent=2, ensure_ascii=False)) - - -if __name__ == "__main__": - main(sys.argv[1:]) ===================================== tools/fetch_changelogs.py ===================================== @@ -21,12 +21,10 @@ class EntryType(enum.IntFlag): class Platform(enum.IntFlag): - WINDOWS = 8 - MACOS = 4 - LINUX = 2 - ANDROID = 1 - DESKTOP = 8 | 4 | 2 - ALL_PLATFORMS = 8 | 4 | 2 | 1 + WINDOWS = 2 + MACOS = 1 + DESKTOP = 2 | 1 + ALL_PLATFORMS = 2 | 1 class ChangelogEntry: @@ -52,10 +50,6 @@ class ChangelogEntry: platforms.append("Windows") if self.platform & Platform.MACOS: platforms.append("macOS") - if self.platform & Platform.LINUX: - platforms.append("Linux") - if self.platform & Platform.ANDROID: - platforms.append("Android") return " + ".join(platforms) def __lt__(self, other): @@ -78,15 +72,8 @@ class ChangelogEntry: class UpdateEntry(ChangelogEntry): def __init__(self, name, version, is_mb): - if name == "Firefox" and not is_mb: - platform = Platform.DESKTOP - num_platforms = 3 - elif name == "GeckoView" or name == "Zstandard": - platform = Platform.ANDROID - num_platforms = 1 - else: - platform = Platform.ALL_PLATFORMS - num_platforms = 4 + platform = Platform.ALL_PLATFORMS + num_platforms = 2 super().__init__( EntryType.UPDATE, platform, num_platforms, name == "Go", is_mb ) @@ -107,8 +94,8 @@ class Issue(ChangelogEntry): platform = 0 num_platforms = 0 if "Desktop" in j["labels"]: - platform = Platform.DESKTOP - num_platforms += 3 + platform = Platform.ALL_PLATFORMS + num_platforms += 2 else: if "Windows" in j["labels"]: platform |= Platform.WINDOWS @@ -116,20 +103,13 @@ class Issue(ChangelogEntry): if "MacOS" in j["labels"]: platform |= Platform.MACOS num_platforms += 1 - if "Linux" in j["labels"]: - platform |= Platform.LINUX - num_platforms += 1 - if "Android" in j["labels"]: - if is_mb and num_platforms == 0: + if not platform: + if "Android" in j["labels"] or "Linux" in j["labels"]: raise Exception( - f"Android-only issue on Mullvad Browser: {j['references']['full']}!" + f"The legacy channel should include only fixes for macOS and/or Windows, please check {self.project}#{self.number}." ) - elif not is_mb: - platform |= Platform.ANDROID - num_platforms += 1 - if not platform or (is_mb and platform == Platform.DESKTOP): platform = Platform.ALL_PLATFORMS - num_platforms = 4 + num_platforms = 2 is_build = "Build System" in j["labels"] super().__init__( EntryType.ISSUE, platform, num_platforms, is_build, is_mb ===================================== tools/relprep.py ===================================== @@ -4,7 +4,6 @@ from collections import namedtuple import configparser from datetime import datetime, timezone from hashlib import sha256 -import json import locale import logging from pathlib import Path @@ -16,7 +15,6 @@ from git import Repo import requests import ruamel.yaml -from fetch_allowed_addons import NOSCRIPT, fetch_allowed_addons, find_addon import fetch_changelogs from update_manual import update_manual @@ -93,13 +91,10 @@ class ReleasePreparation: self.base_path = Path(repo_path) self.repo = Repo(self.base_path) - self.tor_browser = bool(kwargs.get("tor_browser", True)) - self.mullvad_browser = bool(kwargs.get("mullvad_browser", True)) - if not self.tor_browser and not self.mullvad_browser: - raise ValueError("Nothing to do") - self.android = kwargs.get("android", self.tor_browser) - if not self.tor_browser and self.android: - raise ValueError("Only Tor Browser supports Android") + # Legacy channel, always do Tor Browser desktop only. + self.tor_browser = True + self.mullvad_browser = False + self.android = False logger.debug( "Tor Browser: %s; Mullvad Browser: %s; Android: %s", @@ -142,7 +137,8 @@ class ReleasePreparation: # Do not update Go anymore: 1.21.x is not listed anymore in # the download page as it is EOL as of August 13, 2024. # self.update_go() - self.update_manual() + # Freeze the manual to before 14.0. + # self.update_manual() self.update_changelogs() self.update_rbm_conf() @@ -304,7 +300,6 @@ class ReleasePreparation: targets = ["base-browser"] if self.tor_browser: targets.append("tor-browser") - targets.append("fenix") if self.mullvad_browser: targets.append("mullvad-browser") for i in targets: @@ -319,28 +314,27 @@ class ReleasePreparation: logger.info("Updating addons") config = self.load_config("browser") - amo_data = fetch_allowed_addons() - logger.debug("Fetched AMO data") - if self.android: - with ( - self.base_path / "projects/browser/allowed_addons.json" - ).open("w") as f: - json.dump(amo_data, f, indent=2) - - noscript = find_addon(amo_data, NOSCRIPT) logger.debug("Updating NoScript") - self.update_addon_amo(config, "noscript", noscript) + self.update_addon_amo( + config, "noscript", "{73a6fe31-595d-460b-a920-fcc0f8843232}" + ) if self.mullvad_browser: logger.debug("Updating uBlock Origin") - ublock = find_addon(amo_data, "uBlock0(a)raymondhill.net") - self.update_addon_amo(config, "ublock-origin", ublock) + self.update_addon_amo( + config, "ublock-origin", "uBlock0(a)raymondhill.net" + ) logger.debug("Updating the Mullvad Browser extension") self.update_mullvad_addon(config) self.save_config("browser", config) - def update_addon_amo(self, config, name, addon): - addon = addon["current_version"]["files"][0] + def update_addon_amo(self, config, name, addon_id): + r = requests.get( + f"https://services.addons.mozilla.org/api/v4/addons/addon/{addon_id}" + ) + r.raise_for_status() + amo_data = r.json() + addon = amo_data["current_version"]["files"][0] assert addon["hash"].startswith("sha256:") addon_input = self.find_input(config, name) addon_input["URL"] = addon["url"] @@ -523,6 +517,10 @@ class ReleasePreparation: self.build_number, ) continue + if version.major > self.version.major: + # Ignore more recent version. + # E.g., for the legacy channel. + continue key = (project, version.channel) if key not in self.last_releases: self.last_releases[key] = [] @@ -590,14 +588,9 @@ class ReleasePreparation: changelogs = cb.create(**kwargs) path = f"projects/browser/Bundle-Data/Docs-{tag_prefix.upper()}/ChangeLog.txt" - stable_tag = self.last_releases[(tag_prefix, "release")][0].tag - alpha_tag = self.last_releases[(tag_prefix, "alpha")][0].tag - if stable_tag.tagged_date > alpha_tag.tagged_date: - last_tag = stable_tag - else: - last_tag = alpha_tag - logger.debug("Using %s to add the new changelogs to.", last_tag.tag) - last_changelogs = self.repo.git.show(f"{last_tag.tag}:{path}") + # Take HEAD to reset any changes we might already have from a + # previous run. + last_changelogs = self.repo.git.show(f"HEAD:{path}") with (self.base_path / path).open("w") as f: f.write(changelogs + "\n" + last_changelogs + "\n") @@ -705,8 +698,6 @@ if __name__ == "__main__": default=Path(__file__).parent.parent, help="Path to a tor-browser-build.git clone", ) - parser.add_argument("--tor-browser", action="store_true") - parser.add_argument("--mullvad-browser", action="store_true") parser.add_argument( "--date", help="Release date and optionally time for changelog purposes. " @@ -747,12 +738,7 @@ if __name__ == "__main__": ) logger.addHandler(ch) - tbb = bool(args.tor_browser) - mb = bool(args.mullvad_browser) kwargs = {} - if tbb or mb: - kwargs["tor_browser"] = tbb - kwargs["mullvad_browser"] = mb if args.date: try: kwargs["changelog_date"] = datetime.fromisoformat(args.date) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] 2 commits: Bug 41315: Fix the Mullvad Extension update in relprep.py.
by morgan (＠morgan) 23 Nov '24

23 Nov '24

morgan pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: dfc023e6 by Pier Angelo Vendrame at 2024-11-23T01:01:15+00:00 Bug 41315: Fix the Mullvad Extension update in relprep.py. - - - - - 5b395008 by Pier Angelo Vendrame at 2024-11-23T01:01:20+00:00 Bug 41284: Stop sync'ing changelogs between channels. - - - - - 1 changed file: - tools/relprep.py Changes: ===================================== tools/relprep.py ===================================== @@ -306,6 +306,7 @@ class ReleasePreparation: self.save_config("browser", config) def update_addon_amo(self, config, name, addon_id): + logger.debug("Checking updates for %s", name) r = requests.get( f"https://services.addons.mozilla.org/api/v4/addons/addon/{addon_id}" ) @@ -318,6 +319,7 @@ class ReleasePreparation: addon_input["sha256sum"] = addon["hash"][7:] def update_mullvad_addon(self, config): + logger.debug("Checking updates for the Mullvad addon") input_ = self.find_input(config, "mullvad-extension") r = requests.get( "https://cdn.mullvad.net/browser-extension/updates.json" @@ -336,11 +338,11 @@ class ReleasePreparation: path = self.base_path / "out/browser" / url.split("/")[-1] # The extension should be small enough to easily fit in memory :) - if not path.exists: + if not path.exists(): r = requests.get(url) r.raise_for_status() with path.open("wb") as f: - f.write(r.bytes) + f.write(r.content) with path.open("rb") as f: input_["sha256sum"] = sha256(f.read()).hexdigest() logger.debug("Mullvad extension downloaded and updated") @@ -546,14 +548,9 @@ class ReleasePreparation: changelogs = cb.create(**kwargs) path = f"projects/browser/Bundle-Data/Docs-{tag_prefix.upper()}/ChangeLog.txt" - stable_tag = self.last_releases[(tag_prefix, "release")][0].tag - alpha_tag = self.last_releases[(tag_prefix, "alpha")][0].tag - if stable_tag.tagged_date > alpha_tag.tagged_date: - last_tag = stable_tag - else: - last_tag = alpha_tag - logger.debug("Using %s to add the new changelogs to.", last_tag.tag) - last_changelogs = self.repo.git.show(f"{last_tag.tag}:{path}") + # Take HEAD to reset any changes we might already have from a + # previous run. + last_changelogs = self.repo.git.show(f"HEAD:{path}") with (self.base_path / path).open("w") as f: f.write(changelogs + "\n" + last_changelogs + "\n") View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 2 commits: Bug 41315: Fix the Mullvad Extension update in relprep.py.
by morgan (＠morgan) 23 Nov '24

23 Nov '24

morgan pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 992a7009 by Pier Angelo Vendrame at 2024-11-21T17:23:09+01:00 Bug 41315: Fix the Mullvad Extension update in relprep.py. - - - - - 900f9f91 by Pier Angelo Vendrame at 2024-11-21T17:28:46+01:00 Bug 41284: Stop sync'ing changelogs between channels. - - - - - 1 changed file: - tools/relprep.py Changes: ===================================== tools/relprep.py ===================================== @@ -306,6 +306,7 @@ class ReleasePreparation: self.save_config("browser", config) def update_addon_amo(self, config, name, addon_id): + logger.debug("Checking updates for %s", name) r = requests.get( f"https://services.addons.mozilla.org/api/v4/addons/addon/{addon_id}" ) @@ -318,6 +319,7 @@ class ReleasePreparation: addon_input["sha256sum"] = addon["hash"][7:] def update_mullvad_addon(self, config): + logger.debug("Checking updates for the Mullvad addon") input_ = self.find_input(config, "mullvad-extension") r = requests.get( "https://cdn.mullvad.net/browser-extension/updates.json" @@ -336,11 +338,11 @@ class ReleasePreparation: path = self.base_path / "out/browser" / url.split("/")[-1] # The extension should be small enough to easily fit in memory :) - if not path.exists: + if not path.exists(): r = requests.get(url) r.raise_for_status() with path.open("wb") as f: - f.write(r.bytes) + f.write(r.content) with path.open("rb") as f: input_["sha256sum"] = sha256(f.read()).hexdigest() logger.debug("Mullvad extension downloaded and updated") @@ -546,14 +548,9 @@ class ReleasePreparation: changelogs = cb.create(**kwargs) path = f"projects/browser/Bundle-Data/Docs-{tag_prefix.upper()}/ChangeLog.txt" - stable_tag = self.last_releases[(tag_prefix, "release")][0].tag - alpha_tag = self.last_releases[(tag_prefix, "alpha")][0].tag - if stable_tag.tagged_date > alpha_tag.tagged_date: - last_tag = stable_tag - else: - last_tag = alpha_tag - logger.debug("Using %s to add the new changelogs to.", last_tag.tag) - last_changelogs = self.repo.git.show(f"{last_tag.tag}:{path}") + # Take HEAD to reset any changes we might already have from a + # previous run. + last_changelogs = self.repo.git.show(f"HEAD:{path}") with (self.base_path / path).open("w") as f: f.write(changelogs + "\n" + last_changelogs + "\n") View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 40996: Move .nobackup to the root of the repository.
by Pier Angelo Vendrame (＠pierov) 21 Nov '24

21 Nov '24

Pier Angelo Vendrame pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 85f57f9b by Pier Angelo Vendrame at 2024-11-21T17:21:01+01:00 Bug 40996: Move .nobackup to the root of the repository. The .nobackup files prevent from creating symlinks between clones, which is useful for several use cases (multiple clones, directories in different drives, etc...). A .nobackup in the root will not interfere with symlinks anymore, and we think it is acceptable, as a repo will probably be in sync with GitLab or something similar. git update-index --assume-unchanged can help if someone wants to remove the .nobackup. - - - - - 7 changed files: - git_clones/.nobackup → .nobackup - − hg_clones/.nobackup - − mullvadbrowser/.nobackup - − out/.nobackup - − testbuild/.nobackup - − tmp/.nobackup - − torbrowser/.nobackup Changes: ===================================== git_clones/.nobackup → .nobackup ===================================== ===================================== hg_clones/.nobackup deleted ===================================== ===================================== mullvadbrowser/.nobackup deleted ===================================== ===================================== out/.nobackup deleted ===================================== ===================================== testbuild/.nobackup deleted ===================================== ===================================== tmp/.nobackup deleted ===================================== ===================================== torbrowser/.nobackup deleted ===================================== View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.0] Bug 40996: Move .nobackup to the root of the repository.
by Pier Angelo Vendrame (＠pierov) 21 Nov '24

21 Nov '24

Pier Angelo Vendrame pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build Commits: 81e3a2f4 by Pier Angelo Vendrame at 2024-11-21T17:20:46+01:00 Bug 40996: Move .nobackup to the root of the repository. The .nobackup files prevent from creating symlinks between clones, which is useful for several use cases (multiple clones, directories in different drives, etc...). A .nobackup in the root will not interfere with symlinks anymore, and we think it is acceptable, as a repo will probably be in sync with GitLab or something similar. git update-index --assume-unchanged can help if someone wants to remove the .nobackup. - - - - - 7 changed files: - git_clones/.nobackup → .nobackup - − hg_clones/.nobackup - − mullvadbrowser/.nobackup - − out/.nobackup - − testbuild/.nobackup - − tmp/.nobackup - − torbrowser/.nobackup Changes: ===================================== git_clones/.nobackup → .nobackup ===================================== ===================================== hg_clones/.nobackup deleted ===================================== ===================================== mullvadbrowser/.nobackup deleted ===================================== ===================================== out/.nobackup deleted ===================================== ===================================== testbuild/.nobackup deleted ===================================== ===================================== tmp/.nobackup deleted ===================================== ===================================== torbrowser/.nobackup deleted ===================================== View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40996: Move .nobackup to the root of the repository.
by Pier Angelo Vendrame (＠pierov) 21 Nov '24

21 Nov '24

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: aab75f14 by Pier Angelo Vendrame at 2024-11-21T16:49:22+01:00 Bug 40996: Move .nobackup to the root of the repository. The .nobackup files prevent from creating symlinks between clones, which is useful for several use cases (multiple clones, directories in different drives, etc...). A .nobackup in the root will not interfere with symlinks anymore, and we think it is acceptable, as a repo will probably be in sync with GitLab or something similar. git update-index --assume-unchanged can help if someone wants to remove the .nobackup. - - - - - 7 changed files: - git_clones/.nobackup → .nobackup - − hg_clones/.nobackup - − mullvadbrowser/.nobackup - − out/.nobackup - − testbuild/.nobackup - − tmp/.nobackup - − torbrowser/.nobackup Changes: ===================================== git_clones/.nobackup → .nobackup ===================================== ===================================== hg_clones/.nobackup deleted ===================================== ===================================== mullvadbrowser/.nobackup deleted ===================================== ===================================== out/.nobackup deleted ===================================== ===================================== testbuild/.nobackup deleted ===================================== ===================================== tmp/.nobackup deleted ===================================== ===================================== torbrowser/.nobackup deleted ===================================== View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

tbb-commits