- tbb-commits - lists.torproject.org

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.2.0esr-15.0-1] fixup! BB 42220: Allow for more file types to be forced-inline.
by ma1 (＠ma1) 29 Aug '25

29 Aug '25

ma1 pushed to branch mullvad-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: a295032e by hackademix at 2025-08-29T13:13:03+02:00 fixup! BB 42220: Allow for more file types to be forced-inline. BB 44140: Align PDF changes to 140esr Firefox allows to open some files in the browser without any confirmation, but this will result in a disk leak, because the file will be downloaded to the temporary directory first (and not deleted, in some cases). A preference allows PDFs to be opened without being downloaded to disk. So, we introduce a similar one to do the same for all the files that are set to be opened automatically in the browser, except svg and html files to prevent XSS hazards (see BB 43211). - - - - - 1 changed file: - uriloader/base/nsURILoader.cpp Changes: ===================================== uriloader/base/nsURILoader.cpp ===================================== @@ -320,7 +320,11 @@ NS_IMETHODIMP nsDocumentOpenInfo::OnStopRequest(nsIRequest* request, return NS_OK; } -static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { +static bool IsContentPDF( + nsIChannel* aChannel, const nsACString& aContentType, + nsAutoCString* aOutExt = + nullptr // best-guess file extension, useful for non-PDFs +) { bool isPDF = aContentType.LowerCaseEqualsASCII(APPLICATION_PDF); if (!isPDF && (aContentType.LowerCaseEqualsASCII(APPLICATION_OCTET_STREAM) || aContentType.IsEmpty())) { @@ -328,14 +332,25 @@ static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { aChannel->GetContentDispositionFilename(flname); isPDF = StringEndsWith(flname, u".pdf"_ns); if (!isPDF) { + nsAutoCString ext; nsCOMPtr<nsIURI> uri; aChannel->GetURI(getter_AddRefs(uri)); nsCOMPtr<nsIURL> url(do_QueryInterface(uri)); if (url) { - nsAutoCString ext; url->GetFileExtension(ext); isPDF = ext.EqualsLiteral("pdf"); } + if (aOutExt) { + // Fill the extension out param if required + if (!(isPDF || flname.IsEmpty())) { + // For non PDFs, fallback to filename from content disposition + int32_t extStart = flname.RFindChar(u'.'); + if (extStart != kNotFound) { + CopyUTF16toUTF8(Substring(flname, extStart + 1), ext); + } + } + *aOutExt = ext; + } } } @@ -343,7 +358,7 @@ static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { } static mozilla::Result<bool, nsresult> ShouldHandleExternally( - const nsACString& aMimeType) { + const nsACString& aMimeType, const nsACString& aExtension) { // For a PDF, check if the preference is set that forces attachments to be // opened inline. If so, treat it as a non-attachment by clearing // 'forceExternalHandling' again. This allows it open a PDF directly @@ -356,7 +371,7 @@ static mozilla::Result<bool, nsresult> ShouldHandleExternally( return mozilla::Err(NS_ERROR_FAILURE); } - mimeSvc->GetFromTypeAndExtension(aMimeType, EmptyCString(), + mimeSvc->GetFromTypeAndExtension(aMimeType, aExtension, getter_AddRefs(mimeInfo)); if (mimeInfo) { @@ -430,31 +445,43 @@ nsresult nsDocumentOpenInfo::DispatchContent(nsIRequest* request) { forceExternalHandling = false; } + nsAutoCString ext; + bool isPDF = + forceExternalHandling && IsContentPDF(aChannel, mContentType, &ext); + bool maybeForceInternalHandling = - forceExternalHandling && - (mozilla::StaticPrefs::browser_download_open_pdf_attachments_inline() || - mozilla::StaticPrefs::browser_download_ignore_content_disposition()); + (isPDF && + mozilla::StaticPrefs::browser_download_open_pdf_attachments_inline()) || + ( + forceExternalHandling && + mozilla::StaticPrefs::browser_download_ignore_content_disposition() && + // we want to exclude html and svg files, which could execute + // scripts (tor-browser#43211) + kNotFound == mContentType.LowerCaseFindASCII("html") && + kNotFound == ext.LowerCaseFindASCII("htm") && + kNotFound == mContentType.LowerCaseFindASCII("/svg+") && + !ext.EqualsIgnoreCase("svg")); // Check if this is a PDF which should be opened internally. We also handle // octet-streams that look like they might be PDFs based on their extension. + // Additionally, we try to avoid downloading also non-PDF attachments + // when the general Content-Disposition override preference is set to true. if (maybeForceInternalHandling) { - // For a PDF, check if the preference is set that forces attachments to be - // opened inline. If so, treat it as a non-attachment by clearing + // Preferences are set to open attachments inline by clearing // 'forceExternalHandling' again. This allows it open a PDF directly // instead of downloading it first. It may still end up being handled by // a helper app depending anyway on the later checks. - nsCString mimeType = IsContentPDF(aChannel, mContentType) - ? nsLiteralCString(APPLICATION_PDF) - : mContentType; - auto result = ShouldHandleExternally(mimeType); + // This may apply to other file types if an internal handler exists. + auto result = ShouldHandleExternally( + isPDF ? nsLiteralCString(APPLICATION_PDF) : mContentType, ext); if (result.isErr()) { return result.unwrapErr(); } forceExternalHandling = result.unwrap(); - // If we're not opening the PDF externally we block it if it's sandboxed. + // If we're not opening the file externally and it's sandboxed we block it. if (IsSandboxed(aChannel) && !forceExternalHandling) { - LOG(("Blocked sandboxed PDF")); + LOG(("Blocked sandboxed file")); nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel); if (httpChannel) { nsContentSecurityUtils::LogMessageToConsole( View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/a29… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/a29… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.5] Bug 41554: Export SIGNING_PROJECTNAME and tbb_version in linux-signer-sign-android-apks
by boklm (＠boklm) 29 Aug '25

29 Aug '25

boklm pushed to branch maint-14.5 at The Tor Project / Applications / tor-browser-build Commits: 7bbac89c by Nicolas Vigier at 2025-08-29T12:59:32+02:00 Bug 41554: Export SIGNING_PROJECTNAME and tbb_version in linux-signer-sign-android-apks Following the changes from 821c192ed9def86b92a20bc8878a7c519230996f, wrappers/sign-apk is now using those variables. - - - - - 1 changed file: - tools/signing/linux-signer-sign-android-apks Changes: ===================================== tools/signing/linux-signer-sign-android-apks ===================================== @@ -8,8 +8,9 @@ source "$script_dir/functions" topdir="$script_dir/../.." ARCHS="armv7 aarch64 x86 x86_64" projname=$(project-name) -# tbb_version_type is used in wrappers/sign-apk, so we export it -export tbb_version_type +# tbb_version_type, tbb_version and SIGNING_PROJECTNAME are used in +# wrappers/sign-apk, so we export them +export tbb_version tbb_version_type SIGNING_PROJECTNAME check_installed_packages() { local packages='unzip openjdk-11-jdk-headless openjdk-11-jre-headless' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/7… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.2.0esr-15.0-1] fixup! BB 42220: Allow for more file types to be forced-inline.
by ma1 (＠ma1) 29 Aug '25

29 Aug '25

ma1 pushed to branch base-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 181f221a by hackademix at 2025-08-29T12:55:38+02:00 fixup! BB 42220: Allow for more file types to be forced-inline. BB 44140: Align PDF changes to 140esr Firefox allows to open some files in the browser without any confirmation, but this will result in a disk leak, because the file will be downloaded to the temporary directory first (and not deleted, in some cases). A preference allows PDFs to be opened without being downloaded to disk. So, we introduce a similar one to do the same for all the files that are set to be opened automatically in the browser, except svg and html files to prevent XSS hazards (see BB 43211). - - - - - 1 changed file: - uriloader/base/nsURILoader.cpp Changes: ===================================== uriloader/base/nsURILoader.cpp ===================================== @@ -320,7 +320,11 @@ NS_IMETHODIMP nsDocumentOpenInfo::OnStopRequest(nsIRequest* request, return NS_OK; } -static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { +static bool IsContentPDF( + nsIChannel* aChannel, const nsACString& aContentType, + nsAutoCString* aOutExt = + nullptr // best-guess file extension, useful for non-PDFs +) { bool isPDF = aContentType.LowerCaseEqualsASCII(APPLICATION_PDF); if (!isPDF && (aContentType.LowerCaseEqualsASCII(APPLICATION_OCTET_STREAM) || aContentType.IsEmpty())) { @@ -328,14 +332,25 @@ static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { aChannel->GetContentDispositionFilename(flname); isPDF = StringEndsWith(flname, u".pdf"_ns); if (!isPDF) { + nsAutoCString ext; nsCOMPtr<nsIURI> uri; aChannel->GetURI(getter_AddRefs(uri)); nsCOMPtr<nsIURL> url(do_QueryInterface(uri)); if (url) { - nsAutoCString ext; url->GetFileExtension(ext); isPDF = ext.EqualsLiteral("pdf"); } + if (aOutExt) { + // Fill the extension out param if required + if (!(isPDF || flname.IsEmpty())) { + // For non PDFs, fallback to filename from content disposition + int32_t extStart = flname.RFindChar(u'.'); + if (extStart != kNotFound) { + CopyUTF16toUTF8(Substring(flname, extStart + 1), ext); + } + } + *aOutExt = ext; + } } } @@ -343,7 +358,7 @@ static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { } static mozilla::Result<bool, nsresult> ShouldHandleExternally( - const nsACString& aMimeType) { + const nsACString& aMimeType, const nsACString& aExtension) { // For a PDF, check if the preference is set that forces attachments to be // opened inline. If so, treat it as a non-attachment by clearing // 'forceExternalHandling' again. This allows it open a PDF directly @@ -356,7 +371,7 @@ static mozilla::Result<bool, nsresult> ShouldHandleExternally( return mozilla::Err(NS_ERROR_FAILURE); } - mimeSvc->GetFromTypeAndExtension(aMimeType, EmptyCString(), + mimeSvc->GetFromTypeAndExtension(aMimeType, aExtension, getter_AddRefs(mimeInfo)); if (mimeInfo) { @@ -430,31 +445,43 @@ nsresult nsDocumentOpenInfo::DispatchContent(nsIRequest* request) { forceExternalHandling = false; } + nsAutoCString ext; + bool isPDF = + forceExternalHandling && IsContentPDF(aChannel, mContentType, &ext); + bool maybeForceInternalHandling = - forceExternalHandling && - (mozilla::StaticPrefs::browser_download_open_pdf_attachments_inline() || - mozilla::StaticPrefs::browser_download_ignore_content_disposition()); + (isPDF && + mozilla::StaticPrefs::browser_download_open_pdf_attachments_inline()) || + ( + forceExternalHandling && + mozilla::StaticPrefs::browser_download_ignore_content_disposition() && + // we want to exclude html and svg files, which could execute + // scripts (tor-browser#43211) + kNotFound == mContentType.LowerCaseFindASCII("html") && + kNotFound == ext.LowerCaseFindASCII("htm") && + kNotFound == mContentType.LowerCaseFindASCII("/svg+") && + !ext.EqualsIgnoreCase("svg")); // Check if this is a PDF which should be opened internally. We also handle // octet-streams that look like they might be PDFs based on their extension. + // Additionally, we try to avoid downloading also non-PDF attachments + // when the general Content-Disposition override preference is set to true. if (maybeForceInternalHandling) { - // For a PDF, check if the preference is set that forces attachments to be - // opened inline. If so, treat it as a non-attachment by clearing + // Preferences are set to open attachments inline by clearing // 'forceExternalHandling' again. This allows it open a PDF directly // instead of downloading it first. It may still end up being handled by // a helper app depending anyway on the later checks. - nsCString mimeType = IsContentPDF(aChannel, mContentType) - ? nsLiteralCString(APPLICATION_PDF) - : mContentType; - auto result = ShouldHandleExternally(mimeType); + // This may apply to other file types if an internal handler exists. + auto result = ShouldHandleExternally( + isPDF ? nsLiteralCString(APPLICATION_PDF) : mContentType, ext); if (result.isErr()) { return result.unwrapErr(); } forceExternalHandling = result.unwrap(); - // If we're not opening the PDF externally we block it if it's sandboxed. + // If we're not opening the file externally and it's sandboxed we block it. if (IsSandboxed(aChannel) && !forceExternalHandling) { - LOG(("Blocked sandboxed PDF")); + LOG(("Blocked sandboxed file")); nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel); if (httpChannel) { nsContentSecurityUtils::LogMessageToConsole( View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/181f221… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/181f221… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41522: Adapt signing scripts for tor-vpn
by boklm (＠boklm) 29 Aug '25

29 Aug '25

boklm pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 821c192e by Nicolas Vigier at 2025-08-29T12:16:22+02:00 Bug 41522: Adapt signing scripts for tor-vpn - - - - - 30 changed files: - rbm.conf - tools/signing/do-all-signing - + tools/signing/do-all-signing.torvpn - tools/signing/functions - + tools/signing/linux-signer-gpg-sign.torvpn - + tools/signing/linux-signer-sign-android-aab - + tools/signing/linux-signer-sign-android-aab.torvpn - tools/signing/linux-signer-sign-android-apks - + tools/signing/linux-signer-sign-android-apks.torvpn - tools/signing/machines-setup/setup-signing-machine - + tools/signing/machines-setup/sudoers.d/sign-aab - tools/signing/machines-setup/sudoers.d/sign-apk - tools/signing/set-config - + tools/signing/staticiforme-prepare-cdn-dist-upload.torvpn - + tools/signing/sync-builder-to-local.torvpn - + tools/signing/sync-builder-to-local.torvpn.dry-run - + tools/signing/sync-builder-unsigned-to-local-signed.torvpn - + tools/signing/sync-builder-unsigned-to-local-signed.torvpn.dry-run - + tools/signing/sync-linux-signer-to-local.torvpn - + tools/signing/sync-linux-signer-to-local.torvpn.dry-run - + tools/signing/sync-local-to-builder.torvpn - + tools/signing/sync-local-to-builder.torvpn.dry-run - + tools/signing/sync-local-to-linux-signer.torvpn - + tools/signing/sync-local-to-linux-signer.torvpn.dry-run - + tools/signing/sync-local-to-staticiforme.torvpn - + tools/signing/sync-local-to-staticiforme.torvpn.dry-run - + tools/signing/sync-scripts-to-linux-signer.torvpn - + tools/signing/sync-scripts-to-linux-signer.torvpn.dry-run - + tools/signing/wrappers/sign-aab - tools/signing/wrappers/sign-apk Changes: ===================================== rbm.conf ===================================== @@ -97,8 +97,8 @@ var: # enable/disable all android or desktop platforms. If you want to # check whether a release includes some android or desktop platforms # see signing_android and signing_desktop below. - is_android_release: '[% c("var/tor-browser") %]' - is_desktop_release: '1' + is_android_release: '[% c("var/tor-browser") || c("var/tor-vpn") %]' + is_desktop_release: '[% ! c("var/tor-vpn") %]' # signing_android is used in signing scripts to check if at least # one android platform is being signed/published @@ -328,6 +328,18 @@ targets: max_torbrowser_incremental_from: 2 build_infos_json: 1 + torvpn: + var: + tor-vpn: 1 + torbrowser_version: '1.0.0Beta' + torbrowser_build: 'build1' + browser_release_date: '2025/08/28 15:33:44' + project-name: tor-vpn + projectname: torvpn + Project_Name: 'Tor VPN' + ProjectName: TorVPN + project_initials: tv + torbrowser: var: tor-browser: 1 ===================================== tools/signing/do-all-signing ===================================== @@ -67,7 +67,7 @@ echo echo [ -z "$platform_android" ] || \ - [ -f "$steps_dir/linux-signer-sign-android-apks.done" ] || \ + [ -f "$steps_dir/sync-after-sign-android-apks.done" ] || \ [ -n "$KSPASS" ] || \ read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS echo @@ -155,6 +155,14 @@ EOF unset KSPASS } +function linux-signer-sign-android-aab { + ssh "$ssh_host_linux_signer" 'bash -s' << EOF + export KSPASS=$KSPASS + ~/signing-$SIGNING_PROJECTNAME-$tbb_version_type/linux-signer-sign-android-aab.$SIGNING_PROJECTNAME +EOF + unset KSPASS +} + function sync-after-sign-android-apks { "$script_dir/sync-linux-signer-to-local" } @@ -257,6 +265,8 @@ do_step sync-before-linux-signer-signmars do_step sync-after-signmars [ -n "$platform_android" ] && \ do_step linux-signer-sign-android-apks +[ "$SIGNING_PROJECTNAME" = 'torvpn' ] && [ -n "$platform_android" ] && \ + do_step linux-signer-sign-android-aab [ -n "$platform_android" ] && \ do_step sync-after-sign-android-apks [ -n "$platform_windows" ] && \ @@ -275,6 +285,6 @@ do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo do_step sync-local-to-staticiforme do_step sync-scripts-to-staticiforme do_step staticiforme-prepare-cdn-dist-upload -! is_legacy && \ +[ "$SIGNING_PROJECTNAME" != 'torvpn' ] && ! is_legacy \ do_step upload-update_responses-to-staticiforme do_step finished-signing-clean-linux-signer ===================================== tools/signing/do-all-signing.torvpn ===================================== @@ -0,0 +1 @@ +do-all-signing \ No newline at end of file ===================================== tools/signing/functions ===================================== @@ -14,6 +14,7 @@ function var_is_defined { } function check_update_responses_repository_dir { + test "$SIGNING_PROJECTNAME" = 'torvpn' && return 0 if test -z "$update_responses_repository_dir" || ! test -d "$update_responses_repository_dir" then cat << 'EOF' > /dev/stderr ===================================== tools/signing/linux-signer-gpg-sign.torvpn ===================================== @@ -0,0 +1 @@ +linux-signer-gpg-sign \ No newline at end of file ===================================== tools/signing/linux-signer-sign-android-aab ===================================== @@ -0,0 +1,46 @@ +#!/bin/bash + +set -e +no_generate_config=1 +script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +source "$script_dir/functions" + +topdir="$script_dir/../.." +test "$SIGNING_PROJECTNAME" = 'torvpn' +projname=$(project-name) +# tbb_version_type, tbb_version and SIGNING_PROJECTNAME are used in +# wrappers/sign-apk, so we export them +export tbb_version tbb_version_type SIGNING_PROJECTNAME +# (note: we should also export SIGNING_PROJECTNAME and tbb_version in +# the maint-14.5 branch) + +check_installed_packages() { + local packages='unzip openjdk-11-jdk-headless openjdk-11-jre-headless' + for package in $packages + do + dpkg -s "$package" | grep -q '^Status: install ok installed$' || \ + exit_error "package $package is missing" + done +} + +sign_aab() { + sudo -u signing-apk -- /signing/tor-browser-build/tools/signing/wrappers/sign-aab +} + +check_installed_packages + +if [ -z "$KSPASS" ]; then + echo "Enter keystore passphrase" + stty -echo; read KSPASS; stty echo + export KSPASS +fi + +cp -af ~/"$SIGNING_PROJECTNAME-$tbb_version"/$projname-$tbb_version.aab \ + /home/signing-apk/unsigned-files/"$SIGNING_PROJECTNAME-$tbb_version_type.aab" + +sign_aab + +cp /home/signing-apk/signed-files/"$SIGNING_PROJECTNAME-$tbb_version_type.aab" \ + ~/"$SIGNING_PROJECTNAME-$tbb_version"/$projname-$tbb_version.aab +rm /home/signing-apk/signed-files/"$SIGNING_PROJECTNAME-$tbb_version_type.aab" +rm /home/signing-apk/unsigned-files/"$SIGNING_PROJECTNAME-$tbb_version_type.aab" ===================================== tools/signing/linux-signer-sign-android-aab.torvpn ===================================== @@ -0,0 +1 @@ +linux-signer-sign-android-aab \ No newline at end of file ===================================== tools/signing/linux-signer-sign-android-apks ===================================== @@ -7,9 +7,11 @@ source "$script_dir/functions" topdir="$script_dir/../.." ARCHS="armv7 aarch64 x86 x86_64" +test "$SIGNING_PROJECTNAME" = 'torvpn' && ARCHS='multiarch' projname=$(project-name) -# tbb_version_type is used in wrappers/sign-apk, so we export it -export tbb_version_type +# tbb_version_type, tbb_version and SIGNING_PROJECTNAME are used in +# wrappers/sign-apk, so we export them +export tbb_version tbb_version_type SIGNING_PROJECTNAME check_installed_packages() { local packages='unzip openjdk-11-jdk-headless openjdk-11-jre-headless' @@ -21,10 +23,11 @@ check_installed_packages() { } setup_build_tools() { + abt_version=16 build_tools_dir=/signing/android-build-tools - test -f "$build_tools_dir"/android-12/apksigner || \ - exit_error "$build_tools_dir/android-12/apksigner is missing" - export PATH="$build_tools_dir/android-12:${PATH}" + test -f "$build_tools_dir"/android-$abt_version/apksigner || \ + exit_error "$build_tools_dir/android-$abt_version/apksigner is missing" + export PATH="$build_tools_dir/android-$abt_version:${PATH}" } sign_apk() { @@ -36,7 +39,6 @@ verify_apk() { scheme_v1="Verified using v1 scheme (JAR signing): true" scheme_v2="Verified using v2 scheme (APK Signature Scheme v2): true" - # Verify the expected signing key was used, Alpha verses Release based on the filename. if test "$tbb_version_type" = "alpha"; then cert_digest="Signer #1 certificate SHA-256 digest: 15f760b41acbe4783e667102c9f67119be2af62fab07763f9d57f01e5e1074e1" pubkey_digest="Signer #1 public key SHA-256 digest: 4e617e6516f81123ca58e718d617a704ac8365c575bd9e7a731ba5dd0476869d" @@ -44,7 +46,14 @@ verify_apk() { cert_digest="Signer #1 certificate SHA-256 digest: 20061f045e737c67375c17794cfedb436a03cec6bacb7cb9f96642205ca2cec8" pubkey_digest="Signer #1 public key SHA-256 digest: 343ca8a2e5452670bdc335a181a4baed909f868937d68c4653e44ef84de8dfc6" fi + if test "$SIGNING_PROJECTNAME" = "torvpn"; then + # No v1 scheme signature on torvpn apk + scheme_v1='' + cert_digest="Signer #1 certificate SHA-256 digest: c2f6ffa30e56a7c53a226248ef908612ee539df2f52bede5a55037425b83331d" + pubkey_digest="Signer #1 public key SHA-256 digest: fddc5f93ae0bc971e951481b0b5e6b62e47040fe979ff535cf75daade2f13f3d" + fi for digest in "${scheme_v1}" "${scheme_v2}" "${cert_digest}" "${pubkey_digest}"; do + test -z "$digest" && continue if ! echo "${verified}" | grep -q "${digest}"; then echo "Expected digest not found:" echo ${digest} @@ -69,8 +78,10 @@ mkdir -p ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" chgrp signing ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" chmod g+w ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" cp -af ~/"$SIGNING_PROJECTNAME-$tbb_version"/*.apk \ - ~/"$SIGNING_PROJECTNAME-$tbb_version"/*.bspatch \ ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" +test "$SIGNING_PROJECTNAME" != 'torvpn' && \ + cp -af ~/"$SIGNING_PROJECTNAME-$tbb_version"/*.bspatch \ + ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" cd ~/"$SIGNING_PROJECTNAME-$tbb_version-apks" # Sign all packages @@ -79,7 +90,8 @@ for arch in ${ARCHS}; do unsigned_apk=${projname}-qa-unsigned-android-${arch}-${tbb_version}.apk unsigned_apk_bspatch=${projname}-qa-unsign-android-${arch}-${tbb_version}.bspatch signed_apk=${projname}-android-${arch}-${tbb_version}.apk - bspatch "$qa_apk" "$unsigned_apk" "$unsigned_apk_bspatch" + test -f "$unsigned_apk" || \ + bspatch "$qa_apk" "$unsigned_apk" "$unsigned_apk_bspatch" sign_apk "$unsigned_apk" "$signed_apk" verify_apk "$signed_apk" cp -f "$signed_apk" ~/"$SIGNING_PROJECTNAME-$tbb_version" ===================================== tools/signing/linux-signer-sign-android-apks.torvpn ===================================== @@ -0,0 +1 @@ +linux-signer-sign-android-apks \ No newline at end of file ===================================== tools/signing/machines-setup/setup-signing-machine ===================================== @@ -91,6 +91,7 @@ sudoers_file sign-gpg sudoers_file sign-mar sudoers_file sign-exe sudoers_file sign-apk +sudoers_file sign-aab sudoers_file sign-rcodesign sudoers_file sign-rcodesign-128 sudoers_file set-date @@ -105,6 +106,10 @@ authorized_keys ma1 ma1.pub create_user pierov signing authorized_keys pierov pierov.pub +mkdir -p /home/signing-apk/unsigned-files /home/signing-apk/signed-files +chgrp signing /home/signing-apk/unsigned-files /home/signing-apk/signed-files +chmod g+rwx /home/signing-apk/unsigned-files /home/signing-apk/signed-files + # Install rbm deps install_packages libyaml-libyaml-perl libtemplate-perl libdatetime-perl \ libio-handle-util-perl libio-all-perl \ ===================================== tools/signing/machines-setup/sudoers.d/sign-aab ===================================== @@ -0,0 +1,2 @@ +Defaults>signing-apk env_keep += "SIGNING_PROJECTNAME tbb_version tbb_version_type KSPASS" +%signing ALL = (signing-apk) NOPASSWD: /signing/tor-browser-build/tools/signing/wrappers/sign-aab ===================================== tools/signing/machines-setup/sudoers.d/sign-apk ===================================== @@ -1,2 +1,2 @@ -Defaults>signing-apk env_keep += "SIGNING_PROJECTNAME tbb_version_type KSPASS" +Defaults>signing-apk env_keep += "SIGNING_PROJECTNAME tbb_version tbb_version_type KSPASS" %signing ALL = (signing-apk) NOPASSWD: /signing/tor-browser-build/tools/signing/wrappers/sign-apk ===================================== tools/signing/set-config ===================================== @@ -16,6 +16,7 @@ test -n "${SIGNING_PROJECTNAME+x}" \ test "$SIGNING_PROJECTNAME" = 'torbrowser' \ || test "$SIGNING_PROJECTNAME" = 'basebrowser' \ || test "$SIGNING_PROJECTNAME" = 'mullvadbrowser' \ + || test "$SIGNING_PROJECTNAME" = 'torvpn' \ || exit_error "Unknown SIGNING_PROJECTNAME $SIGNING_PROJECTNAME" export SIGNING_PROJECTNAME ===================================== tools/signing/staticiforme-prepare-cdn-dist-upload.torvpn ===================================== @@ -0,0 +1 @@ +staticiforme-prepare-cdn-dist-upload \ No newline at end of file ===================================== tools/signing/sync-builder-to-local.torvpn ===================================== @@ -0,0 +1 @@ +sync-builder-to-local \ No newline at end of file ===================================== tools/signing/sync-builder-to-local.torvpn.dry-run ===================================== @@ -0,0 +1 @@ +sync-builder-to-local \ No newline at end of file ===================================== tools/signing/sync-builder-unsigned-to-local-signed.torvpn ===================================== @@ -0,0 +1 @@ +sync-builder-unsigned-to-local-signed \ No newline at end of file ===================================== tools/signing/sync-builder-unsigned-to-local-signed.torvpn.dry-run ===================================== @@ -0,0 +1 @@ +sync-builder-unsigned-to-local-signed \ No newline at end of file ===================================== tools/signing/sync-linux-signer-to-local.torvpn ===================================== @@ -0,0 +1 @@ +sync-linux-signer-to-local \ No newline at end of file ===================================== tools/signing/sync-linux-signer-to-local.torvpn.dry-run ===================================== @@ -0,0 +1 @@ +sync-linux-signer-to-local \ No newline at end of file ===================================== tools/signing/sync-local-to-builder.torvpn ===================================== @@ -0,0 +1 @@ +sync-local-to-builder \ No newline at end of file ===================================== tools/signing/sync-local-to-builder.torvpn.dry-run ===================================== @@ -0,0 +1 @@ +sync-local-to-builder \ No newline at end of file ===================================== tools/signing/sync-local-to-linux-signer.torvpn ===================================== @@ -0,0 +1 @@ +sync-local-to-linux-signer \ No newline at end of file ===================================== tools/signing/sync-local-to-linux-signer.torvpn.dry-run ===================================== @@ -0,0 +1 @@ +sync-local-to-linux-signer \ No newline at end of file ===================================== tools/signing/sync-local-to-staticiforme.torvpn ===================================== @@ -0,0 +1 @@ +sync-local-to-staticiforme \ No newline at end of file ===================================== tools/signing/sync-local-to-staticiforme.torvpn.dry-run ===================================== @@ -0,0 +1 @@ +sync-local-to-staticiforme \ No newline at end of file ===================================== tools/signing/sync-scripts-to-linux-signer.torvpn ===================================== @@ -0,0 +1 @@ +sync-scripts-to-linux-signer \ No newline at end of file ===================================== tools/signing/sync-scripts-to-linux-signer.torvpn.dry-run ===================================== @@ -0,0 +1 @@ +sync-scripts-to-linux-signer \ No newline at end of file ===================================== tools/signing/wrappers/sign-aab ===================================== @@ -0,0 +1,41 @@ +#!/bin/bash +set -e + +function exit_error { + for msg in "$@" + do + echo "$msg" >&2 + done + exit 1 +} + +case "$SIGNING_PROJECTNAME" in + torbrowser | mullvadbrowser | torvpn) + ;; + *) + exit_error "Unexpected value for SIGNING_PROJECTNAME: $SIGNING_PROJECTNAME" + ;; +esac + +case "$tbb_version_type" in + release | alpha) + ;; + *) + exit_error "Unexpected value for tbb_version_type: $tbb_version_type" + ;; +esac + +android_signing_key_dir=/home/signing-apk/keys +android_signing_key_path="$android_signing_key_dir/torvpn.p12" +test -f "$android_signing_key_path" || exit_error "$android_signing_key_path is missing" + +tmpdir=$(mktemp -d) +cd "$tmpdir" + +jarsigner -keystore "${android_signing_key_path}" -storepass:env KSPASS \ + -signedjar /home/signing-apk/signed-files/"$SIGNING_PROJECTNAME-$tbb_version_type.aab" \ + -verbose /home/signing-apk/unsigned-files/"$SIGNING_PROJECTNAME-$tbb_version_type.aab" \ + tor-vpn + +cd - +rm -Rf "$tmpdir" ===================================== tools/signing/wrappers/sign-apk ===================================== @@ -14,15 +14,30 @@ if test "$tbb_version_type" != 'release' \ exit_error "Unexpected value for tbb_version_type: $tbb_version_type" fi +case "$SIGNING_PROJECTNAME" in + torbrowser | mullvadbrowser | torvpn) + ;; + *) + exit_error "Unexpected value for SIGNING_PROJECTNAME: $SIGNING_PROJECTNAME" + ;; +esac + android_signing_key_dir=/home/signing-apk/keys -android_signing_key_path="$android_signing_key_dir/tba_$tbb_version_type.p12" +android_signing_key_path="$android_signing_key_dir/$pname_$tbb_version_type.p12" +test -n "$SIGNING_PROJECTNAME" && test "$SIGNING_PROJECTNAME" = 'torvpn' && \ + android_signing_key_path="$android_signing_key_dir/torvpn.p12" test -f "$android_signing_key_path" || exit_error "$android_signing_key_path is missing" setup_build_tools() { + abt_version=16 + # If signing 14.5, keep using android-12 build tools + # (we can remove this when 15.0 is the stable release) + ( test -z "$tbb_version" || echo "$tbb_version" | grep -q '^14\.5' ) && \ + abt_version=12 build_tools_dir=/signing/android-build-tools - test -f "$build_tools_dir"/android-12/apksigner || \ - exit_error "$build_tools_dir/android-12/apksigner is missing" - export PATH="$build_tools_dir/android-12:${PATH}" + test -f "$build_tools_dir"/android-$abt_version/apksigner || \ + exit_error "$build_tools_dir/android-$abt_version/apksigner is missing" + export PATH="$build_tools_dir/android-$abt_version:${PATH}" } # Sign individual apk View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-140.2.0esr-15.0-1-build3
by ma1 (＠ma1) 29 Aug '25

29 Aug '25

ma1 pushed new tag tor-browser-140.2.0esr-15.0-1-build3 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.2.0esr-15.0-1] 2 commits: Revert "BB 42220: Allow for more file types to be forced-inline."
by ma1 (＠ma1) 29 Aug '25

29 Aug '25

ma1 pushed to branch tor-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 0539d9c3 by hackademix at 2025-08-29T12:21:36+02:00 Revert "BB 42220: Allow for more file types to be forced-inline." This reverts commit 90dbc9451a30f7d68384e26fe38517534bf7e302. - - - - - 2e79fc22 by Pier Angelo Vendrame at 2025-08-29T12:21:38+02:00 BB 42220: Allow for more file types to be forced-inline. Firefox allows to open some files in the browser without any confirmation, but this will result in a disk leak, because the file will be downloaded to the temporary directory first (and not deleted, in some cases). A preference allows PDFs to be opened without being downloaded to disk. So, we introduce a similar one to do the same for all the files that are set to be opened automatically in the browser, except svg and html files to prevent XSS hazards (see BB 43211). - - - - - 1 changed file: - uriloader/base/nsURILoader.cpp Changes: ===================================== uriloader/base/nsURILoader.cpp ===================================== @@ -320,7 +320,11 @@ NS_IMETHODIMP nsDocumentOpenInfo::OnStopRequest(nsIRequest* request, return NS_OK; } -static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { +static bool IsContentPDF( + nsIChannel* aChannel, const nsACString& aContentType, + nsAutoCString* aOutExt = + nullptr // best-guess file extension, useful for non-PDFs +) { bool isPDF = aContentType.LowerCaseEqualsASCII(APPLICATION_PDF); if (!isPDF && (aContentType.LowerCaseEqualsASCII(APPLICATION_OCTET_STREAM) || aContentType.IsEmpty())) { @@ -328,14 +332,25 @@ static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { aChannel->GetContentDispositionFilename(flname); isPDF = StringEndsWith(flname, u".pdf"_ns); if (!isPDF) { + nsAutoCString ext; nsCOMPtr<nsIURI> uri; aChannel->GetURI(getter_AddRefs(uri)); nsCOMPtr<nsIURL> url(do_QueryInterface(uri)); if (url) { - nsAutoCString ext; url->GetFileExtension(ext); isPDF = ext.EqualsLiteral("pdf"); } + if (aOutExt) { + // Fill the extension out param if required + if (!(isPDF || flname.IsEmpty())) { + // For non PDFs, fallback to filename from content disposition + int32_t extStart = flname.RFindChar(u'.'); + if (extStart != kNotFound) { + CopyUTF16toUTF8(Substring(flname, extStart + 1), ext); + } + } + *aOutExt = ext; + } } } @@ -343,7 +358,7 @@ static bool IsContentPDF(nsIChannel* aChannel, const nsACString& aContentType) { } static mozilla::Result<bool, nsresult> ShouldHandleExternally( - const nsACString& aMimeType) { + const nsACString& aMimeType, const nsACString& aExtension) { // For a PDF, check if the preference is set that forces attachments to be // opened inline. If so, treat it as a non-attachment by clearing // 'forceExternalHandling' again. This allows it open a PDF directly @@ -356,7 +371,7 @@ static mozilla::Result<bool, nsresult> ShouldHandleExternally( return mozilla::Err(NS_ERROR_FAILURE); } - mimeSvc->GetFromTypeAndExtension(aMimeType, EmptyCString(), + mimeSvc->GetFromTypeAndExtension(aMimeType, aExtension, getter_AddRefs(mimeInfo)); if (mimeInfo) { @@ -430,31 +445,43 @@ nsresult nsDocumentOpenInfo::DispatchContent(nsIRequest* request) { forceExternalHandling = false; } + nsAutoCString ext; + bool isPDF = + forceExternalHandling && IsContentPDF(aChannel, mContentType, &ext); + bool maybeForceInternalHandling = - forceExternalHandling && - (mozilla::StaticPrefs::browser_download_open_pdf_attachments_inline() || - mozilla::StaticPrefs::browser_download_ignore_content_disposition()); + (isPDF && + mozilla::StaticPrefs::browser_download_open_pdf_attachments_inline()) || + ( + forceExternalHandling && + mozilla::StaticPrefs::browser_download_ignore_content_disposition() && + // we want to exclude html and svg files, which could execute + // scripts (tor-browser#43211) + kNotFound == mContentType.LowerCaseFindASCII("html") && + kNotFound == ext.LowerCaseFindASCII("htm") && + kNotFound == mContentType.LowerCaseFindASCII("/svg+") && + !ext.EqualsIgnoreCase("svg")); // Check if this is a PDF which should be opened internally. We also handle // octet-streams that look like they might be PDFs based on their extension. + // Additionally, we try to avoid downloading also non-PDF attachments + // when the general Content-Disposition override preference is set to true. if (maybeForceInternalHandling) { - // For a PDF, check if the preference is set that forces attachments to be - // opened inline. If so, treat it as a non-attachment by clearing + // Preferences are set to open attachments inline by clearing // 'forceExternalHandling' again. This allows it open a PDF directly // instead of downloading it first. It may still end up being handled by // a helper app depending anyway on the later checks. - nsCString mimeType = IsContentPDF(aChannel, mContentType) - ? nsLiteralCString(APPLICATION_PDF) - : mContentType; - auto result = ShouldHandleExternally(mimeType); + // This may apply to other file types if an internal handler exists. + auto result = ShouldHandleExternally( + isPDF ? nsLiteralCString(APPLICATION_PDF) : mContentType, ext); if (result.isErr()) { return result.unwrapErr(); } forceExternalHandling = result.unwrap(); - // If we're not opening the PDF externally we block it if it's sandboxed. + // If we're not opening the file externally and it's sandboxed we block it. if (IsSandboxed(aChannel) && !forceExternalHandling) { - LOG(("Blocked sandboxed PDF")); + LOG(("Blocked sandboxed file")); nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel); if (httpChannel) { nsContentSecurityUtils::LogMessageToConsole( View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/893598… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/893598… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.2.0esr-15.0-1] fixup! TB 40041 [android]: Implement Tor Network Settings
by clairehurst (＠clairehurst) 28 Aug '25

28 Aug '25

clairehurst pushed to branch tor-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 89359823 by clairehurst at 2025-08-28T11:03:40-07:00 fixup! TB 40041 [android]: Implement Tor Network Settings Better fix for #44036 Crash on opening "Search Settings" on android - - - - - 1 changed file: - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/settings/SettingsFragment.kt Changes: ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/settings/SettingsFragment.kt ===================================== @@ -12,6 +12,7 @@ import android.os.Build import android.os.Bundle import android.os.Handler import android.os.Looper +import android.os.StrictMode import android.util.Log import android.view.LayoutInflater import android.view.View @@ -37,7 +38,6 @@ import kotlinx.coroutines.CoroutineScope import kotlinx.coroutines.Dispatchers import kotlinx.coroutines.delay import kotlinx.coroutines.launch -import kotlinx.coroutines.runBlocking import mozilla.components.browser.state.state.selectedOrDefaultSearchEngine import mozilla.components.concept.engine.Engine import mozilla.components.concept.sync.AccountObserver @@ -191,7 +191,7 @@ class SettingsFragment : PreferenceFragmentCompat(), UserInteractionHandler { } override fun onCreatePreferences(savedInstanceState: Bundle?, rootKey: String?) { - runBlocking(context = Dispatchers.IO) { + requireContext().components.strictMode.resetAfter(StrictMode.allowThreadDiskReads()) { setPreferencesFromResource(R.xml.preferences, rootKey) } } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8935982… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8935982… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.2.0esr-15.0-1] fixup! TB 42891: Set the bundled search engine for Tor Browser.
by Pier Angelo Vendrame (＠pierov) 28 Aug '25

28 Aug '25

Pier Angelo Vendrame pushed to branch tor-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 55e239b2 by Pier Angelo Vendrame at 2025-08-28T18:17:11+02:00 fixup! TB 42891: Set the bundled search engine for Tor Browser. TB 43525: Move search engine customization to SearchEngineSelector. - - - - - 3 changed files: - toolkit/components/search/SearchEngineSelector.sys.mjs - toolkit/components/search/SearchService.sys.mjs - toolkit/components/search/content/torBrowserSearchEngines.json Changes: ===================================== toolkit/components/search/SearchEngineSelector.sys.mjs ===================================== @@ -2,6 +2,8 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +import { AppConstants } from "resource://gre/modules/AppConstants.sys.mjs"; + /** * @typedef {import("../uniffi-bindgen-gecko-js/components/generated/RustSearch.sys.mjs").SearchEngineSelector} RustSearchEngineSelector * We use "Rust" above to avoid conflict with the class name for the JavaScript wrapper. @@ -92,30 +94,13 @@ export class SearchEngineSelector { return this._getConfigurationPromise; } - this._getConfigurationPromise = Promise.all([ - this._getConfiguration(), - this._getConfigurationOverrides(), - ]); - let remoteSettingsData = await this._getConfigurationPromise; - this._configuration = remoteSettingsData[0]; - this._configurationOverrides = remoteSettingsData[1]; - delete this._getConfigurationPromise; - - if (!this._configuration?.length) { - throw Components.Exception( - "Failed to get engine data from Remote Settings", - Cr.NS_ERROR_UNEXPECTED - ); - } - - if (!this._listenerAdded) { - this._remoteConfig.on("sync", this._onConfigurationUpdated); - this._remoteConfigOverrides.on( - "sync", - this._onConfigurationOverridesUpdated - ); - this._listenerAdded = true; - } + let { promise, resolve } = Promise.withResolvers(); + this._getConfigurationPromise = promise; + this._configuration = await ( + await fetch("chrome://global/content/search/torBrowserSearchEngines.json") + ).json(); + this._configurationOverrides = []; + resolve(this._configuration); if (lazy.SearchUtils.rustSelectorFeatureGate) { this.#selector.setSearchConfig( @@ -242,6 +227,12 @@ export class SearchEngineSelector { * The new configuration object */ _onConfigurationUpdated({ data: { current } }) { + // tor-browser#43525: Even though RemoteSettings are a no-op for us, we do + // not want them to interfere in any way. + if (AppConstants.BASE_BROWSER_VERSION) { + return; + } + this._configuration = current; if (lazy.SearchUtils.rustSelectorFeatureGate) { @@ -268,6 +259,12 @@ export class SearchEngineSelector { * The new configuration object */ _onConfigurationOverridesUpdated({ data: { current } }) { + // tor-browser#43525: Even though RemoteSettings are a no-op for us, we do + // not want them to interfere in any way. + if (AppConstants.BASE_BROWSER_VERSION) { + return; + } + this._configurationOverrides = current; if (lazy.SearchUtils.rustSelectorFeatureGate) { ===================================== toolkit/components/search/SearchService.sys.mjs ===================================== @@ -2628,11 +2628,21 @@ export class SearchService { // This is prefixed with _ rather than # because it is // called in test_remove_engine_notification_box.js async _fetchEngineSelectorEngines() { - // tor-browser#43525: Check this still works. - const engines = await ( - await fetch("chrome://global/content/search/torBrowserSearchEngines.json") - ).json(); - return { engines, privateDefault: undefined }; + let searchEngineSelectorProperties = { + locale: "en-US", + region: lazy.Region.home || "unknown", + channel: lazy.SearchUtils.MODIFIED_APP_CHANNEL, + experiment: this._experimentPrefValue, + distroID: lazy.SearchUtils.distroID ?? "", + }; + + for (let [key, value] of Object.entries(searchEngineSelectorProperties)) { + this._settings.setMetaDataAttribute(key, value); + } + + return this.#engineSelector.fetchEngineConfiguration( + searchEngineSelectorProperties + ); } #setDefaultFromSelector(refinedConfig) { ===================================== toolkit/components/search/content/torBrowserSearchEngines.json ===================================== @@ -1,78 +1,127 @@ [ { - "aliases": ["duckduckgo", "ddg"], - "name": "DuckDuckGo", - "urls": { - "search": { - "base": "https://duckduckgo.com/", - "params": [], - "searchTermParamName": "q" + "base": { + "aliases": ["duckduckgo", "ddg"], + "classification": "general", + "name": "DuckDuckGo", + "urls": { + "search": { + "base": "https://duckduckgo.com/", + "params": [], + "searchTermParamName": "q" + } } }, "id": "04e99a38-13ee-47d8-8aa4-64482b3dea99", "identifier": "ddg", "recordType": "engine", - "variants": [] + "variants": [ + { + "environment": { + "allRegionsAndLocales": true + } + } + ] }, { - "aliases": ["ddgonion"], - "name": "DuckDuckGo (.onion)", - "urls": { - "search": { - "base": "https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/", - "params": [], - "searchTermParamName": "q" + "base": { + "aliases": ["ddgonion"], + "classification": "general", + "name": "DuckDuckGo (.onion)", + "urls": { + "search": { + "base": "https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/", + "params": [], + "searchTermParamName": "q" + } } }, "id": "1e431da4-a60c-4411-9251-a95a841d451f", "identifier": "ddg-onion", "recordType": "engine", - "variants": [] + "variants": [ + { + "environment": { + "allRegionsAndLocales": true + } + } + ] }, { - "aliases": ["startpage"], - "name": "Startpage", - "urls": { - "search": { - "base": "https://www.startpage.com/sp/search", - "params": [], - "searchTermParamName": "q" + "base": { + "aliases": ["startpage"], + "classification": "general", + "name": "Startpage", + "urls": { + "search": { + "base": "https://www.startpage.com/sp/search", + "params": [], + "searchTermParamName": "q" + } } }, "id": "927bbd9f-b2f3-48b4-8974-1c1148028f4d", "identifier": "startpage", "recordType": "engine", - "variants": [] + "variants": [ + { + "environment": { + "allRegionsAndLocales": true + } + } + ] }, { - "aliases": ["startpage-onion"], - "name": "Startpage (.onion)", - "urls": { - "search": { - "base": "http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion/sp/se…", - "params": [], - "searchTermParamName": "q" + "base": { + "aliases": ["startpage-onion"], + "classification": "general", + "name": "Startpage (.onion)", + "urls": { + "search": { + "base": "http://startpagel6srwcjlue4zgq3zevrujfaow726kjytqbbjyrswwmjzcqd.onion/sp/se…", + "params": [], + "searchTermParamName": "q" + } } }, "id": "e7eaba8d-6b9e-43fb-a799-b01b096c03ff", "identifier": "startpage-onion", "recordType": "engine", - "variants": [] + "variants": [ + { + "environment": { + "allRegionsAndLocales": true + } + } + ] }, { - "aliases": ["wikipedia"], - "classification": "unknown", - "name": "Wikipedia (en)", - "urls": { - "search": { - "base": "https://en.wikipedia.org/wiki/Special:Search", - "params": [], - "searchTermParamName": "search" + "base": { + "aliases": ["wikipedia"], + "classification": "unknown", + "name": "Wikipedia (en)", + "urls": { + "search": { + "base": "https://en.wikipedia.org/wiki/Special:Search", + "params": [], + "searchTermParamName": "search" + } } }, "id": "7f6d23c2-191e-483e-af3a-ce6451e3a8dd", "identifier": "wikipedia", "recordType": "engine", - "variants": [] + "variants": [ + { + "environment": { + "allRegionsAndLocales": true + } + } + ] + }, + { + "recordType": "defaultEngines", + "globalDefault": "ddg", + "globalDefaultPrivate": "ddg" } ] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/55e239b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/55e239b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.2.0esr-15.0-1] fixup! [android] Disable features and functionality
by brizental (＠brizental) 28 Aug '25

28 Aug '25

brizental pushed to branch tor-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 7c85c4fd by Beatriz Rizental at 2025-08-28T09:34:49-06:00 fixup! [android] Disable features and functionality - - - - - 1 changed file: - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt Changes: ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt ===================================== @@ -378,35 +378,8 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity, TorAn } } - SplashScreenManager( - splashScreenOperation = if (FxNimbus.features.splashScreen.value().offTrainOnboarding) { - ApplyExperimentsOperation( - storage = DefaultExperimentsOperationStorage(components.settings), - nimbus = components.nimbus.sdk, - ) - } else { - FetchExperimentsOperation( - storage = DefaultExperimentsOperationStorage(components.settings), - nimbus = components.nimbus.sdk, - ) - }, - scope = lifecycleScope, - splashScreenTimeout = FxNimbus.features.splashScreen.value().maximumDurationMs.toLong(), - isDeviceSupported = { Build.VERSION.SDK_INT > Build.VERSION_CODES.M }, - storage = DefaultSplashScreenStorage(components.settings), - showSplashScreen = { installSplashScreen().setKeepOnScreenCondition(it) }, - onSplashScreenFinished = { result -> - if (result.sendTelemetry) { - SplashScreen.firstLaunchExtended.record( - SplashScreen.FirstLaunchExtendedExtra(dataFetched = result.wasDataFetched), - ) - } - - if (savedInstanceState == null && shouldShowOnboarding) { - navHost.navController.navigate(NavGraphDirections.actionGlobalOnboarding()) - } - }, - ).showSplashScreen() + // tor-browser#43730: Do not delay splash screen + // to fetch or apply Nimbus experiments. lifecycleScope.launch { val debugSettingsRepository = DefaultDebugSettingsRepository( View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7c85c4f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7c85c4f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.2.0esr-15.0-1] 2 commits: fixup! BB 41803: Add some developer tools for working on tor-browser.
by brizental (＠brizental) 28 Aug '25

28 Aug '25

brizental pushed to branch tor-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 36c2b42c by Beatriz Rizental at 2025-08-28T13:39:19+02:00 fixup! BB 41803: Add some developer tools for working on tor-browser. - - - - - cf409afb by Beatriz Rizental at 2025-08-28T13:40:28+02:00 fixup! Add CI for Base Browser - - - - - 19 changed files: - .gitlab-ci.yml - .gitlab/ci/jobs/lint/helpers.py → .gitlab/ci/jobs/helpers.py - .gitlab/ci/jobs/lint/lint.yml - + .gitlab/ci/jobs/test/python-test.yml - .gitlab/ci/jobs/update-translations.yml - − tools/base-browser/l10n/combine/tests/README - tools/base-browser/git-rebase-fixup-preprocessor → tools/base_browser/git-rebase-fixup-preprocessor - tools/base-browser/l10n/combine-translation-versions.py → tools/base_browser/l10n/combine-translation-versions.py - tools/base-browser/l10n/combine/__init__.py → tools/base_browser/l10n/combine/__init__.py - tools/base-browser/l10n/combine/combine.py → tools/base_browser/l10n/combine/combine.py - tools/base-browser/l10n/combine/tests/__init__.py → tools/base_browser/l10n/combine/tests/__init__.py - + tools/base_browser/l10n/combine/tests/python.toml - tools/base-browser/l10n/combine/tests/test_android.py → tools/base_browser/l10n/combine/tests/test_android.py - tools/base-browser/l10n/combine/tests/test_dtd.py → tools/base_browser/l10n/combine/tests/test_dtd.py - tools/base-browser/l10n/combine/tests/test_fluent.py → tools/base_browser/l10n/combine/tests/test_fluent.py - tools/base-browser/l10n/combine/tests/test_properties.py → tools/base_browser/l10n/combine/tests/test_properties.py - tools/base-browser/missing-css-variables.py → tools/base_browser/missing-css-variables.py - tools/base-browser/tb-dev → tools/base_browser/tb-dev - tools/moz.build Changes: ===================================== .gitlab-ci.yml ===================================== @@ -1,6 +1,7 @@ stages: - update-container-images - lint + - test - startup-test - update-translations @@ -11,6 +12,7 @@ variables: include: - local: '.gitlab/ci/mixins.yml' - local: '.gitlab/ci/jobs/lint/lint.yml' + - local: '.gitlab/ci/jobs/test/python-test.yml' - local: '.gitlab/ci/jobs/startup-test/startup-test.yml' - local: '.gitlab/ci/jobs/update-containers.yml' - local: '.gitlab/ci/jobs/update-translations.yml' ===================================== .gitlab/ci/jobs/lint/helpers.py → .gitlab/ci/jobs/helpers.py ===================================== @@ -112,7 +112,7 @@ if __name__ == "__main__": parser.add_argument( "--get-changed-files", help="Get list of changed files." - "When running from a merge request get sthe list of changed files since the merge-base of the current branch." + "When running from a merge request gets the list of changed files since the merge-base of the current branch." "When running from a protected branch i.e. any branch that starts with <something>-browser-, gets the list of files changed since the FIREFOX_ tag.", action="store_true", ) ===================================== .gitlab/ci/jobs/lint/lint.yml ===================================== @@ -18,7 +18,7 @@ lint-all: - firefox script: - ./mach configure --with-base-browser-version=0.0.0 - - .gitlab/ci/jobs/lint/helpers.py --get-changed-files | xargs -0 --no-run-if-empty ./mach lint -v + - .gitlab/ci/jobs/helpers.py --get-changed-files | xargs -0 --no-run-if-empty ./mach lint -v rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' # Run job whenever a commit is merged to a protected branch ===================================== .gitlab/ci/jobs/test/python-test.yml ===================================== @@ -0,0 +1,24 @@ +python-test: + extends: .with-local-repo-bash + stage: test + image: $IMAGE_PATH + interruptible: true + variables: + MOZBUILD_STATE_PATH: "/var/tmp/mozbuild" + cache: + paths: + - node_modules + # Store the cache regardless on job outcome + when: 'always' + # Share the cache throughout all pipelines running for a given branch + key: $CI_COMMIT_REF_SLUG + tags: + # Run these jobs in the browser dedicated runners. + - firefox + script: + - ./mach configure --with-base-browser-version=0.0.0 + - .gitlab/ci/jobs/helpers.py --get-changed-files | xargs -0 --no-run-if-empty ./mach python-test -v + rules: + - if: $CI_PIPELINE_SOURCE == 'merge_request_event' || ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true' && $CI_PIPELINE_SOURCE == 'push') + changes: + - "**/test_*.py" ===================================== .gitlab/ci/jobs/update-translations.yml ===================================== @@ -102,7 +102,7 @@ combine-en-US-translations: # push-en-US-translations job. - echo 'COMBINE_TRANSLATIONS_JOB_ID='"$CI_JOB_ID" >job_id.env - pip install compare_locales - - python ./tools/base-browser/l10n/combine-translation-versions.py "$CI_COMMIT_BRANCH" "$TRANSLATION_FILES" "$COMBINED_FILES_JSON" + - python ./tools/base_browser/l10n/combine-translation-versions.py "$CI_COMMIT_BRANCH" "$TRANSLATION_FILES" "$COMBINED_FILES_JSON" push-en-US-translations: extends: .update-translation-base ===================================== tools/base-browser/l10n/combine/tests/README deleted ===================================== @@ -1,2 +0,0 @@ -python tests to be run with pytest. -Requires the compare-locales package. ===================================== tools/base-browser/git-rebase-fixup-preprocessor → tools/base_browser/git-rebase-fixup-preprocessor ===================================== ===================================== tools/base-browser/l10n/combine-translation-versions.py → tools/base_browser/l10n/combine-translation-versions.py ===================================== ===================================== tools/base-browser/l10n/combine/__init__.py → tools/base_browser/l10n/combine/__init__.py ===================================== ===================================== tools/base-browser/l10n/combine/combine.py → tools/base_browser/l10n/combine/combine.py ===================================== ===================================== tools/base-browser/l10n/combine/tests/__init__.py → tools/base_browser/l10n/combine/tests/__init__.py ===================================== ===================================== tools/base_browser/l10n/combine/tests/python.toml ===================================== @@ -0,0 +1,10 @@ +[DEFAULT] +subsuite = "base-browser" + +["test_android.py"] + +["test_dtd.py"] + +["test_fluent.py"] + +["test_properties.py"] ===================================== tools/base-browser/l10n/combine/tests/test_android.py → tools/base_browser/l10n/combine/tests/test_android.py ===================================== @@ -1,6 +1,7 @@ import textwrap -from combine import combine_files +import mozunit +from base_browser.l10n.combine import combine_files def wrap_in_xml(content): @@ -413,3 +414,7 @@ def test_alternatives(): <string name="string_4_alt">Other string</string> """, ) + + +if __name__ == "__main__": + mozunit.main() ===================================== tools/base-browser/l10n/combine/tests/test_dtd.py → tools/base_browser/l10n/combine/tests/test_dtd.py ===================================== @@ -1,6 +1,7 @@ import textwrap -from combine import combine_files +import mozunit +from base_browser.l10n.combine import combine_files def assert_result(new_content, old_content, expect): @@ -411,3 +412,7 @@ def test_alternatives(): <!ENTITY string.4.alt "Other string"> """, ) + + +if __name__ == "__main__": + mozunit.main() ===================================== tools/base-browser/l10n/combine/tests/test_fluent.py → tools/base_browser/l10n/combine/tests/test_fluent.py ===================================== @@ -1,6 +1,7 @@ import textwrap -from combine import combine_files +import mozunit +from base_browser.l10n.combine import combine_files def assert_result(new_content, old_content, expect): @@ -475,3 +476,7 @@ def test_alternatives(): -string-4-alt = Other string """, ) + + +if __name__ == "__main__": + mozunit.main() ===================================== tools/base-browser/l10n/combine/tests/test_properties.py → tools/base_browser/l10n/combine/tests/test_properties.py ===================================== @@ -1,6 +1,7 @@ import textwrap -from combine import combine_files +import mozunit +from base_browser.l10n.combine import combine_files def assert_result(new_content, old_content, expect): @@ -408,3 +409,7 @@ def test_alternatives(): string.4.alt = Other string """, ) + + +if __name__ == "__main__": + mozunit.main() ===================================== tools/base-browser/missing-css-variables.py → tools/base_browser/missing-css-variables.py ===================================== ===================================== tools/base-browser/tb-dev → tools/base_browser/tb-dev ===================================== ===================================== tools/moz.build ===================================== @@ -71,6 +71,7 @@ with Files("tryselect/docs/**"): SCHEDULES.exclusive = ["docs"] PYTHON_UNITTEST_MANIFESTS += [ + "base_browser/l10n/combine/tests/python.toml", "fuzzing/smoke/python.toml", "lint/test/python.toml", "tryselect/test/python.toml", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/acb604… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/acb604… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new branch tor-browser-143.0a1-16.0-1
by brizental (＠brizental) 28 Aug '25

28 Aug '25

brizental pushed new branch tor-browser-143.0a1-16.0-1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag FIREFOX_NIGHTLY_143_END
by brizental (＠brizental) 28 Aug '25

28 Aug '25

brizental pushed new tag FIREFOX_NIGHTLY_143_END at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/FIREF… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag FIREFOX_NIGHTLY_143_END
by brizental (＠brizental) 28 Aug '25

28 Aug '25

brizental pushed new tag FIREFOX_NIGHTLY_143_END at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/FIREFOX_N… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.2.0esr-15.0-1] fixup! Add CI for Base Browser
by brizental (＠brizental) 28 Aug '25

28 Aug '25

brizental pushed to branch mullvad-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 04f76652 by Beatriz Rizental at 2025-08-28T14:53:18+02:00 fixup! Add CI for Base Browser - - - - - 1 changed file: - .gitlab/ci/jobs/lint/lint.yml Changes: ===================================== .gitlab/ci/jobs/lint/lint.yml ===================================== @@ -4,11 +4,11 @@ lint-all: image: $IMAGE_PATH interruptible: true variables: - MOZBUILD_STATE_PATH: "$CI_PROJECT_DIR/.cache/mozbuild" + # Has to be the same as defined in `containers/base/Containerfile` + MOZBUILD_STATE_PATH: "/var/tmp/mozbuild" cache: paths: - node_modules - - .cache/mozbuild # Store the cache regardless on job outcome when: 'always' # Share the cache throughout all pipelines running for a given branch @@ -17,7 +17,7 @@ lint-all: # Run these jobs in the browser dedicated runners. - firefox script: - - ./mach configure --without-wasm-sandboxed-libraries --with-base-browser-version=0.0.0 + - ./mach configure --with-base-browser-version=0.0.0 - .gitlab/ci/jobs/lint/helpers.py --get-changed-files | xargs -0 --no-run-if-empty ./mach lint -v rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/04f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/04f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.2.0esr-15.0-1] fixup! Add CI for Base Browser
by brizental (＠brizental) 28 Aug '25

28 Aug '25

brizental pushed to branch base-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: a12f7973 by Beatriz Rizental at 2025-08-28T14:51:57+02:00 fixup! Add CI for Base Browser - - - - - 1 changed file: - .gitlab/ci/jobs/lint/lint.yml Changes: ===================================== .gitlab/ci/jobs/lint/lint.yml ===================================== @@ -4,11 +4,11 @@ lint-all: image: $IMAGE_PATH interruptible: true variables: - MOZBUILD_STATE_PATH: "$CI_PROJECT_DIR/.cache/mozbuild" + # Has to be the same as defined in `containers/base/Containerfile` + MOZBUILD_STATE_PATH: "/var/tmp/mozbuild" cache: paths: - node_modules - - .cache/mozbuild # Store the cache regardless on job outcome when: 'always' # Share the cache throughout all pipelines running for a given branch @@ -17,7 +17,7 @@ lint-all: # Run these jobs in the browser dedicated runners. - firefox script: - - ./mach configure --without-wasm-sandboxed-libraries --with-base-browser-version=0.0.0 + - ./mach configure --with-base-browser-version=0.0.0 - .gitlab/ci/jobs/lint/helpers.py --get-changed-files | xargs -0 --no-run-if-empty ./mach lint -v rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a12f797… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a12f797… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.2.0esr-15.0-1] 2 commits: fixup! Add CI for Tor Browser
by brizental (＠brizental) 28 Aug '25

28 Aug '25

brizental pushed to branch tor-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 1bc6d674 by Beatriz Rizental at 2025-08-28T13:32:32+02:00 fixup! Add CI for Tor Browser 1. Change the containerfile to use ./mach bootstrap to gather dependencies. 2. Update debian version from bookworm to trixie 3. Update container build rule to actually only build when merging to the default branch, not just any protected branch. - - - - - acb60482 by Beatriz Rizental at 2025-08-28T13:32:32+02:00 fixup! Add CI for Base Browser - - - - - 3 changed files: - .gitlab/ci/containers/base/Containerfile - .gitlab/ci/jobs/lint/lint.yml - .gitlab/ci/jobs/update-containers.yml Changes: ===================================== .gitlab/ci/containers/base/Containerfile ===================================== @@ -5,42 +5,19 @@ # # The image is updated roughly once a month when the tor-browser repository is rebased. -FROM containers.torproject.org/tpo/tpa/base-images/python:bookworm +FROM containers.torproject.org/tpo/tpa/base-images/python:trixie RUN apt-get update && apt-get install -y \ - clang \ - clang-tidy \ - curl \ git \ - libasound2-dev \ - libdbus-glib-1-dev \ - libgtk-3-dev \ - libpango1.0-dev \ - libpulse-dev \ - libx11-xcb-dev \ - libxcomposite-dev \ - libxcursor-dev \ - libxdamage-dev \ - libxi-dev \ - libxrandr-dev \ - libxtst-dev \ - make \ - m4 \ - mercurial \ - nasm \ - pkgconf \ - unzip \ - x11-utils \ - xvfb \ - xz-utils \ - wget + xvfb -RUN curl -fsSL https://deb.nodesource.com/setup_lts.x -o nodesource_setup.sh && \ - bash nodesource_setup.sh && \ - apt-get install -y nodejs +RUN git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/applications/tor-browser.git -RUN apt-get clean && \ - rm -rf /var/lib/apt/lists/* +# Bootstrap will download and install all dependencies required for building / linting / etc. +RUN cd tor-browser && \ + yes | MOZBUILD_STATE_PATH=/var/tmp/mozbuild ./mach bootstrap --application-choice "Tor Browser for Desktop" && \ + cd .. -RUN curl https://sh.rustup.rs -sSf | sh -s -- -y && \ - $HOME/.cargo/bin/cargo install cbindgen +RUN rm -rf tor-browser && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* ===================================== .gitlab/ci/jobs/lint/lint.yml ===================================== @@ -4,11 +4,11 @@ lint-all: image: $IMAGE_PATH interruptible: true variables: - MOZBUILD_STATE_PATH: "$CI_PROJECT_DIR/.cache/mozbuild" + # Has to be the same as defined in `containers/base/Containerfile` + MOZBUILD_STATE_PATH: "/var/tmp/mozbuild" cache: paths: - node_modules - - .cache/mozbuild # Store the cache regardless on job outcome when: 'always' # Share the cache throughout all pipelines running for a given branch @@ -17,7 +17,7 @@ lint-all: # Run these jobs in the browser dedicated runners. - firefox script: - - ./mach configure --without-wasm-sandboxed-libraries --with-base-browser-version=0.0.0 + - ./mach configure --with-base-browser-version=0.0.0 - .gitlab/ci/jobs/lint/helpers.py --get-changed-files | xargs -0 --no-run-if-empty ./mach lint -v rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' ===================================== .gitlab/ci/jobs/update-containers.yml ===================================== @@ -10,7 +10,7 @@ build-base-image: echo -e "\e[33mPushing new image to registry as ${TAG}\e[0m" podman push ${TAG} rules: - - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true' && $CI_PROJECT_NAMESPACE == 'tpo/applications' && $CI_PIPELINE_SOURCE == 'push') + - if: ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PROJECT_NAMESPACE == 'tpo/applications') changes: - '.gitlab/ci/containers/base/Containerfile' - '.gitlab-ci.yml' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c02c67… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c02c67… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.2.0esr-15.0-1] fixup! TB 44098: [android] Disable sync
by Pier Angelo Vendrame (＠pierov) 28 Aug '25

28 Aug '25

Pier Angelo Vendrame pushed to branch tor-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: c02c67cc by clairehurst at 2025-08-27T14:29:06-06:00 fixup! TB 44098: [android] Disable sync tor-browser#44098 Bookmarks offer a way to go to sync in 15.0a1 - - - - - 5 changed files: - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/library/bookmarks/ui/BookmarksAction.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/library/bookmarks/ui/BookmarksMiddleware.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/library/bookmarks/ui/BookmarksReducer.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/library/bookmarks/ui/BookmarksScreen.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/library/bookmarks/ui/BookmarksTelemetryMiddleware.kt Changes: ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/library/bookmarks/ui/BookmarksAction.kt ===================================== @@ -82,7 +82,6 @@ internal data object SearchClicked : BookmarksAction internal data object AddFolderClicked : BookmarksAction internal data object CloseClicked : BookmarksAction internal data object BackClicked : BookmarksAction -internal data object SignIntoSyncClicked : BookmarksAction internal data class EditBookmarkClicked(val bookmark: BookmarkItem.Bookmark) : BookmarksAction internal data class ReceivedSyncSignInUpdate(val isSignedIn: Boolean) : BookmarksAction internal data object FirstSyncCompleted : BookmarksAction ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/library/bookmarks/ui/BookmarksMiddleware.kt ===================================== @@ -137,7 +137,6 @@ internal class BookmarksMiddleware( SearchClicked -> navigateToSearch() AddFolderClicked -> getNavController().navigate(BookmarksDestinations.ADD_FOLDER) CloseClicked -> exitBookmarks() - SignIntoSyncClicked -> navigateToSignIntoSync() is EditBookmarkClicked -> getNavController().navigate(BookmarksDestinations.EDIT_BOOKMARK) BackClicked -> { when { ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/library/bookmarks/ui/BookmarksReducer.kt ===================================== @@ -154,7 +154,6 @@ internal fun bookmarksReducer(state: BookmarksState, action: BookmarksAction) = ViewDisposed, SelectFolderAction.ViewAppeared, SearchClicked, - SignIntoSyncClicked, is InitEdit, Init, PrivateBrowsingAuthorized, ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/library/bookmarks/ui/BookmarksScreen.kt ===================================== @@ -824,38 +824,11 @@ private fun EmptyList( horizontalAlignment = Alignment.CenterHorizontally, verticalArrangement = Arrangement.spacedBy(16.dp), ) { - Image( - painter = painterResource(state.drawableId()), - contentDescription = null, - ) Text( text = stringResource(R.string.bookmark_empty_list_title), style = FirefoxTheme.typography.headline7, color = FirefoxTheme.colors.textPrimary, ) - Text( - text = stringResource(state.descriptionId()), - style = FirefoxTheme.typography.body2, - color = FirefoxTheme.colors.textPrimary, - textAlign = TextAlign.Center, - ) - if (state is EmptyListState.NotAuthenticated) { - TextButton( - onClick = { dispatcher(SignIntoSyncClicked) }, - colors = ButtonDefaults.buttonColors(backgroundColor = FirefoxTheme.colors.actionPrimary), - shape = RoundedCornerShape(4.dp), - modifier = Modifier - .heightIn(36.dp) - .fillMaxWidth(), - ) { - Text( - text = stringResource(R.string.bookmark_empty_list_guest_cta), - color = FirefoxTheme.colors.textOnColorPrimary, - style = FirefoxTheme.typography.button, - textAlign = TextAlign.Center, - ) - } - } } } } ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/library/bookmarks/ui/BookmarksTelemetryMiddleware.kt ===================================== @@ -135,7 +135,6 @@ internal class BookmarksTelemetryMiddleware : Middleware<BookmarksState, Bookmar Init, is SelectFolderAction.ItemClicked, AddFolderAction.ParentFolderClicked, - SignIntoSyncClicked, is AddFolderAction.FolderCreated, is AddFolderAction.TitleChanged, is EditBookmarkAction.TitleChanged, View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c02c67c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c02c67c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.2.0esr-15.0-1] fixup! BB 43615: Add Gitlab Issue and Merge Request templates
by morgan (＠morgan) 27 Aug '25

27 Aug '25

morgan pushed to branch base-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 7fb28296 by Morgan at 2025-08-27T18:10:43+00:00 fixup! BB 43615: Add Gitlab Issue and Merge Request templates Bug 43534: Update rebase templates - - - - - 2 changed files: - .gitlab/issue_templates/060 Rebase - Alpha.md - .gitlab/issue_templates/061 Rebase - Stable.md Changes: ===================================== .gitlab/issue_templates/060 Rebase - Alpha.md ===================================== @@ -99,6 +99,8 @@ - **TOR FEATURES** - new tor-specific functionality: manual, onion-location, onion service client auth, etc - [ ] Cherry-pick remainder of patches after the last `tor-browser` `buildN` tag - **Example**: `git cherry-pick tor-browser-102.7.0esr-12.5-1-build1..upstream/tor-browser-102.7.0esr-12.5-1` + - [ ] Rebase and `pick` new security backport patches to the end of the **MOZILLA BACKPORTS** section of the commit history + - **Example**: `git rebase --interactive FIREFOX_102_8_0esr_RELEASE` - [ ] Rebase and autosquash again, this time replacing all `fixup` and `squash` commands with `pick`. The goal here is to have all of the `fixup` and `squash` commits beside the commit which they modify, but kept un-squashed for easy debugging/bisecting. - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_RELEASE` - [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution: ===================================== .gitlab/issue_templates/061 Rebase - Stable.md ===================================== @@ -74,6 +74,8 @@ - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_RELEASE` - [ ] Cherry-pick remainder of patches after the last `tor-browser` `buildN` tag - **Example**: `git cherry-pick tor-browser-102.7.0esr-12.0-1-build1..upstream/tor-browser-102.7.0esr-12.0-1` + - [ ] Rebase and `pick` new security backport patches to the end of the **MOZILLA BACKPORTS** section of the commit history + - **Example**: `git rebase --interactive FIREFOX_102_8_0esr_RELEASE` - [ ] Rebase and autosquash again, this time replacing all `fixup` and `squash` commands with `pick`. The goal here is to have all of the `fixup` and `squash` commits beside the commit which they modify, but kept un-squashed for easy debugging/bisecting. - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_RELEASE` - [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution: View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7fb2829… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7fb2829… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.2.0esr-15.0-1] 2 commits: fixup! TB 43616: Customize Gitlab Issue and Merge Request templates
by morgan (＠morgan) 27 Aug '25

27 Aug '25

morgan pushed to branch tor-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: abf26895 by Morgan at 2025-08-27T18:08:38+00:00 fixup! TB 43616: Customize Gitlab Issue and Merge Request templates Bug 43534: Update rebase template - - - - - 943e9e70 by Morgan at 2025-08-27T18:08:45+00:00 fixup! BB 43615: Add Gitlab Issue and Merge Request templates Bug 43534: Update rebase templates - - - - - 3 changed files: - .gitlab/issue_templates/060 Rebase - Alpha.md - .gitlab/issue_templates/061 Rebase - Stable.md - .gitlab/issue_templates/062 Rebase - Legacy.md Changes: ===================================== .gitlab/issue_templates/060 Rebase - Alpha.md ===================================== @@ -99,6 +99,8 @@ - **TOR FEATURES** - new tor-specific functionality: manual, onion-location, onion service client auth, etc - [ ] Cherry-pick remainder of patches after the last `tor-browser` `buildN` tag - **Example**: `git cherry-pick tor-browser-102.7.0esr-12.5-1-build1..upstream/tor-browser-102.7.0esr-12.5-1` + - [ ] Rebase and `pick` new security backport patches to the end of the **MOZILLA BACKPORTS** section of the commit history + - **Example**: `git rebase --interactive FIREFOX_102_8_0esr_RELEASE` - [ ] Rebase and autosquash again, this time replacing all `fixup` and `squash` commands with `pick`. The goal here is to have all of the `fixup` and `squash` commits beside the commit which they modify, but kept un-squashed for easy debugging/bisecting. - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_RELEASE` - [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution: ===================================== .gitlab/issue_templates/061 Rebase - Stable.md ===================================== @@ -74,6 +74,8 @@ - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_RELEASE` - [ ] Cherry-pick remainder of patches after the last `tor-browser` `buildN` tag - **Example**: `git cherry-pick tor-browser-102.7.0esr-12.0-1-build1..upstream/tor-browser-102.7.0esr-12.0-1` + - [ ] Rebase and `pick` new security backport patches to the end of the **MOZILLA BACKPORTS** section of the commit history + - **Example**: `git rebase --interactive FIREFOX_102_8_0esr_RELEASE` - [ ] Rebase and autosquash again, this time replacing all `fixup` and `squash` commands with `pick`. The goal here is to have all of the `fixup` and `squash` commits beside the commit which they modify, but kept un-squashed for easy debugging/bisecting. - **Example**: `git rebase --autosquash --interactive FIREFOX_102_8_0esr_RELEASE` - [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution: ===================================== .gitlab/issue_templates/062 Rebase - Legacy.md ===================================== @@ -57,6 +57,8 @@ - **Example**: `git rebase --autosquash --interactive FIREFOX_115_18_0esr_BUILD1` - [ ] Cherry-pick remainder of patches after the last `tor-browser` `build1` tag - **Example**: `git cherry-pick tor-browser-115.17.0esr-13.5-1-build1..upstream/tor-browser-115.17.0esr-13.5-1` + - [ ] Rebase and `pick` new security backport patches to the end of the **MOZILLA BACKPORTS** section of the commit history + - **Example**: `git rebase --interactive FIREFOX_115_18_0esr_BUILD1` - [ ] Rebase and autosquash again, this time replacing all `fixup` and `squash` commands with `pick`. The goal here is to have all of the `fixup` and `squash` commits beside the commit which they modify, but kept un-squashed for easy debugging/bisecting. - **Example**: `git rebase --autosquash --interactive FIREFOX_115_18_0esr_BUILD1` - [ ] Compare patch sets to ensure nothing *weird* happened during conflict resolution: View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c83c49… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/c83c49… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.14.0esr-14.5-1] fixup! [android] Implement Android-native Connection Assist UI
by Dan Ballard (＠dan) 27 Aug '25

27 Aug '25

Dan Ballard pushed to branch tor-browser-128.14.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 59baa998 by clairehurst at 2025-08-27T11:54:53-05:00 fixup! [android] Implement Android-native Connection Assist UI Bug_43699: Properly clear dummy about pages - - - - - 1 changed file: - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/tor/TorConnectionAssistViewModel.kt Changes: ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/tor/TorConnectionAssistViewModel.kt ===================================== @@ -8,9 +8,13 @@ import android.app.Application import android.util.Log import androidx.lifecycle.AndroidViewModel import androidx.lifecycle.MutableLiveData +import androidx.lifecycle.viewModelScope +import kotlinx.coroutines.Dispatchers import kotlinx.coroutines.flow.MutableStateFlow import kotlinx.coroutines.flow.StateFlow +import kotlinx.coroutines.launch import mozilla.components.browser.state.ext.getUrl +import mozilla.components.browser.state.state.recover.TabState import org.mozilla.fenix.HomeActivity import org.mozilla.fenix.R import org.mozilla.fenix.ext.components @@ -30,22 +34,38 @@ class TorConnectionAssistViewModel( init { torAndroidIntegration.registerBootstrapStateChangeListener(this) - loadDummyPage() - } - - private fun loadDummyPage() { - // Load local url (it just needs to begin with "about:" to get past filter) to initialize the browser, - // Domain fronting needs Services.io.getProtocolHandler("http")... to actually work, and it - // does not till the browser/engine is initialized, and this is so far the easiest way to do that. - // Load early here so that it is ready when needed if we get to the step where DF is invoked - // Then later remove it in onCleared so it doesn't show for the user - components.useCases.tabsUseCases.addTab.invoke("about:") + loadAndUnloadDummyPage() + } + + private fun loadAndUnloadDummyPage() { + viewModelScope.launch(Dispatchers.IO) { + // Load local url (it just needs to begin with "about:" to get past filter) to initialize the browser, + // Domain fronting needs Services.io.getProtocolHandler("http")... to actually work, and it + // does not till the browser/engine is initialized, and this is so far the easiest way to do that. + // Load early here so that it is ready when needed if we get to the step where DF is invoked + // Then later remove it so it doesn't show for the user + components.useCases.tabsUseCases.addTab.invoke("about:") + // removeTabs doesn't work without a delay. + Thread.sleep(500) + // Remove loaded URL so it is never visible to the user + components.useCases.tabsUseCases.removeTabs.invoke( + components.core.store.state.tabs.filter { + it.getUrl() == "about:" || it.getUrl() == "about:blank" + }.map { it.id }, + ) + // recentlyClosedTabsStorage.value.removeAllTabs() doesn't seem to work, + // so instead we collect and iteratively remove all tabs from recent history. + // Nothing should ever show up in history so we remove everything, + // including old "about:" tabs that may have stacked up. + components.core.recentlyClosedTabsStorage.value.getTabs() + .collect { tabs: List<TabState> -> + for (tab in tabs) { + components.core.recentlyClosedTabsStorage.value.removeTab(tab) + } + } + } } - private fun clearDummyPage() { - // Remove loaded URL so it doesn't show up - components.useCases.tabsUseCases.removeTab.invoke(components.core.store.state.tabs.find {it.getUrl() == "about:"}?.id ?: "") - } fun fetchRegionNames() { torAndroidIntegration.regionNamesGet { regionNames : GeckoBundle? -> @@ -63,7 +83,6 @@ class TorConnectionAssistViewModel( override fun onCleared() { torAndroidIntegration.unregisterBootstrapStateChangeListener(this) - clearDummyPage() super.onCleared() } View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/59baa99… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/59baa99… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.2.0esr-15.0-1] BB 44125: Do not offer to save signatures by default in Private Browsing Mode
by ma1 (＠ma1) 27 Aug '25

27 Aug '25

ma1 pushed to branch tor-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: c83c49f7 by hackademix at 2025-08-27T18:53:07+02:00 BB 44125: Do not offer to save signatures by default in Private Browsing Mode - - - - - 2 changed files: - toolkit/components/pdfjs/content/PdfjsParent.sys.mjs - toolkit/components/pdfjs/content/web/viewer.mjs Changes: ===================================== toolkit/components/pdfjs/content/PdfjsParent.sys.mjs ===================================== @@ -152,6 +152,8 @@ export class PdfjsParent extends JSWindowActorParent { return this.#getSignatures(data); case "delete": return this.#deleteSignature(data); + case "isVolatile": + return lazy.PrivateBrowsingUtils.isBrowserPrivate(this.browser); default: return null; } ===================================== toolkit/components/pdfjs/content/web/viewer.mjs ===================================== @@ -2009,6 +2009,9 @@ class SignatureStorage { async size() { return (await this.getAll()).size; } + async isVolatile() { + return await this.#handleSignature({action: "isVolatile"}); + } async create(data) { if (await this.isFull()) { return null; @@ -12736,7 +12739,8 @@ class SignatureManager { this.#uiManager.removeEditListeners(); const isStorageFull = await this.#signatureStorage.isFull(); this.#saveContainer.classList.toggle("fullStorage", isStorageFull); - this.#saveCheckbox.checked = !isStorageFull; + const isVolatile = await this.#signatureStorage.isVolatile(); + this.#saveCheckbox.checked = !(isStorageFull || isVolatile); await this.#overlayManager.open(this.#dialog); const tabType = this.#tabButtons.get("type"); tabType.focus(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c83c49f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c83c49f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.14.0esr-14.5-1] fixup! [android] Implement Android-native Connection Assist UI
by Dan Ballard (＠dan) 27 Aug '25

27 Aug '25

Dan Ballard pushed to branch tor-browser-128.14.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 5a8cfa37 by clairehurst at 2025-08-26T17:10:09-05:00 fixup! [android] Implement Android-native Connection Assist UI Bug_44081: Swiping away the "private tabs" notification requires rebootstrapping. - - - - - 3 changed files: - mobile/android/android-components/components/support/base/src/main/java/mozilla/components/support/base/android/NotificationsDelegate.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/session/PrivateNotificationService.kt Changes: ===================================== mobile/android/android-components/components/support/base/src/main/java/mozilla/components/support/base/android/NotificationsDelegate.kt ===================================== @@ -37,6 +37,15 @@ class NotificationsDelegate( var isRequestingPermission: Boolean = false private set + /** + * Defaults to true, normal behavior is to destroy the app when OnDestroy is called with isFinishing set to true + * + * A value of false indicates that the notification was just swiped away and the app should not shut down on it's behalf + * + * Workaround to make swiping the notification away not shutdown the app + */ + var shouldShutDownWithOnDestroyWhenIsFinishing: Boolean = true + private var onPermissionGranted: OnPermissionGranted = { } private var onPermissionRejected: OnPermissionRejected = { } private val notificationPermissionHandler: MutableMap<AppCompatActivity, ActivityResultLauncher<String>> = ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/HomeActivity.kt ===================================== @@ -635,10 +635,6 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity, TorAn override fun onDestroy() { super.onDestroy() - if (isFinishing) { - exitProcess(0) - } - // Diagnostic breadcrumb for "Display already aquired" crash: // https://github.com/mozilla-mobile/android-components/issues/7960 breadcrumb( @@ -658,6 +654,16 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity, TorAn if (this !is ExternalAppBrowserActivity && !activityStartedWithLink) { stopMediaSession() } + + if (applicationContext.components.notificationsDelegate.shouldShutDownWithOnDestroyWhenIsFinishing) { + if (isFinishing) { + shutDown() + } + } else { + // We only want to not shut down when the notification is swiped away, + // if we do not reset this value + applicationContext.components.notificationsDelegate.shouldShutDownWithOnDestroyWhenIsFinishing = true + } } final override fun onConfigurationChanged(newConfig: Configuration) { ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/session/PrivateNotificationService.kt ===================================== @@ -70,6 +70,7 @@ class PrivateNotificationService : AbstractPrivateNotificationService() { @SuppressLint("MissingSuperCall") override fun erasePrivateTabs() { val inPrivateMode = store.state.selectedTab?.content?.private ?: false + notificationsDelegate.shouldShutDownWithOnDestroyWhenIsFinishing = false // Trigger use case directly for now (instead of calling super.erasePrivateTabs) // as otherwise SessionManager and the store will be out of sync. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5a8cfa3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5a8cfa3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.2.0esr-15.0-1] fixup! TB 40009: [android] Change the default search engines
by Pier Angelo Vendrame (＠pierov) 27 Aug '25

27 Aug '25

Pier Angelo Vendrame pushed to branch tor-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 47ff875d by Pier Angelo Vendrame at 2025-08-27T17:55:27+02:00 fixup! TB 40009: [android] Change the default search engines TB 44139: Restore inactive search plugins (Android). We remove some plugins, but they do not have any effect. So, restore them and stop deleting in future branches. - - - - - 2 changed files: - + mobile/android/fenix/app/src/main/assets/searchplugins/reddit.xml - + mobile/android/fenix/app/src/main/assets/searchplugins/youtube.xml Changes: ===================================== mobile/android/fenix/app/src/main/assets/searchplugins/reddit.xml ===================================== @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="utf-8"?> + +<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/"> + <ShortName>Reddit</ShortName> + <Description>Search Reddit</Description> + <LongName>Reddit Search</LongName> + <Image width="16" height="16">data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAD9UlEQVR4AcyYA9QkSwyF69k2j59te/Bs27Zt2/batm3btu1v+55eN6p6uPec/P/MlJJCchNTCHCj2YGsuYq0+dqTxp4MJ2VmkDZLkfifh6tNfdRXY0w5weVmD1LmHtKmticLvc8kEY3RWM2huUqn+JVmR9LmDU/mSZFCiObSnJq7eIrfaLYibR7yZJIWLYZobq2htQqr/BXmIFKmuyeUSLprzcIonzanW3a9mKdxen7Kp8wdnizWhGWSxdIhH+XZTOSOxNem1DtvkcXSyf3BFvrOP3A0PHMOXLFjsO3q3eCTO+C7x+C6PWPfhHSzusqieJuxg0FYsRyG94YGv8IX98FjJ8PwXqzD1LGxRki3WBcrH1xw5bXDq1bByyl4/gL4/SVoVwMpG4rvH7d5p4ciI2xR3OVLl8DyZXDZ9sG2bx4mAF0lm3sNi9gK5UV5gH++BkO7h7ddtQuMG8I6TBoJ1+zuEiPeCBCzPLlNtHSsA3V/jG6/cmf4/F748n5dN2futBEBFCMsmgucMQk+vasYc9+z4fWpXRTlbz0YhHsPLwbVqL0uGYnm83nKO9fB/NmQ2qIYBiyU7kbZUcEmlaIPHgNvXQ3fPAI9m8O08b5rfPsaeOg4SG9ZMCOku1GKl9ckl24LH9wMnerBvFlYoRNR3w9v1dh8T+FrGdDYaWdfzcJvL/o7md0GMlvDL8/B7GnkjDnT4feXfUMyW/knpzXeuELfXQxoLAOGx3YSf+nbho0wsi+M6k/BoFgwtAcbYVAXa0yQ7kYVg9hO1T6nbGj4m+0UZugEltqIWNkwY5LtBJbaDZg0iliIlInviBaIsOl7dF/1UV+Nie8rzJ1hNcB+hWp9SwykyEb9pWAE1BYgerFo+o/1CtkfsXarfwciIC4T6B8Jtbn2HT0Art/b+ojd3KiCz6ypbrv6StrxBCyndeVOTm7UPZDNmmK91/4bGEck1ObSVwnQZds5BjJXKjGgIyWDDHOmEq5krupnlAytKrmTOWc6fduhSsopCZ44zZ1OJ0po/n+PUMiwmw+Av9+AxQuJxLKlUOMruGEfWDCHUDT5O3lC45xSyht1aUAoWlb0SyJyq8oD/n8X6v8Ctb+DX1+Ad6+Ha/eAq3eFRr8TiiHdlPwnTykTJfVioo3+iKbKCj6iyo+cCDcf6J+M8oD3bhC3iWavoth+THFP6vMqq3x8O0yfQN6YOxO+fyKY6NjLKvkXtkS1lRMoaiaGSij/vGWrxLkXtvIuLerK/Pg0tKqsXMFnkksX+w9XQXDMQGhf06/MPX1WDnny+tJi4uJu+WX1EIO7Q3p4fUhPcAzpKaaRO8k38NOsoxPd9F9qMLrYY6gttwEAUidatlp2alsAAAAASUVORK5CYII=</Image> + <Url type="text/html" method="get" template="https://www.reddit.com/search/?q={searchTerms}"/> +</SearchPlugin> ===================================== mobile/android/fenix/app/src/main/assets/searchplugins/youtube.xml ===================================== @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="utf-8"?> + +<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/"> + <ShortName>YouTube</ShortName> + <Description>Search for videos on YouTube</Description> + <Tags>youtube video</Tags> + <Image height="16" width="16">data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAABa0lEQVR42u2YoYoCURSGBzSLk62L0TJvsEywWAxabRaFlQ2GQdY38AF8Ci0Gsy9gECybRU0GkQn++4fLbjm7K8wdmQPng6+I3rkfqHPnBIZhGIbxCAiCkL7QiL7SFu3QHu3TIX2nY5rQCf1wTtxrY/eeoftMz63RcmtG7hqhj82+0RX9pDeKJ3tz1165vVQf3XxMTxQF80Tj/zbfoFeKgnqljb8C1hQFd/3b5mv0riDgTmtSQJtCiW0pIFEUkEgBc0UBcylgkXnhKAIqlWcELKSATeaFp1PgeAT6faBUyjNgIwXsfQR8s90CcZxXwF4KOHgM+GG5BOp13wEHKeDiP8CRpsBsBoShr4CLFJB6DJA5n4HBACiXswakUsA9hwCZ3Q5oNjPdjfUH6P8K6f8R6/8b1X8j03+U0H+Y03+c1v9Ao/+RUv9Dvf6xiv7Blv7RojzcHRVouDui1TzG610P4/WuOF43DMMwjAf4ArcA0xFiL427AAAAAElFTkSuQmCC</Image> + <Url type="text/html" template="https://www.youtube.com/results?search_query={searchTerms}&page={startP…" /> + <Query role="example" searchTerms="cat" /> +</SearchPlugin> View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/47ff875… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/47ff875… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.2.0esr-15.0-1] 2 commits: fixup! TB 43616: Customize Gitlab Issue and Merge Request templates
by morgan (＠morgan) 27 Aug '25

27 Aug '25

morgan pushed to branch tor-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: dc12bee7 by Morgan at 2025-08-27T15:27:41+00:00 fixup! TB 43616: Customize Gitlab Issue and Merge Request templates add Apps::Impact::High label to release prep issues - - - - - 189df04b by Morgan at 2025-08-27T15:27:41+00:00 fixup! BB 43615: Add Gitlab Issue and Merge Request templates add Apps::Impact::High label to release prep issues - - - - - 4 changed files: - .gitlab/issue_templates/060 Rebase - Alpha.md - .gitlab/issue_templates/061 Rebase - Stable.md - .gitlab/issue_templates/062 Rebase - Legacy.md - .gitlab/issue_templates/063 Rebase - Rapid.md Changes: ===================================== .gitlab/issue_templates/060 Rebase - Alpha.md ===================================== @@ -151,4 +151,5 @@ /label ~"Apps::Product::TorBrowser" /label ~"Apps::Type::Rebase" +/label ~"Apps::Impact::High" /label ~"Priority::Blocker" ===================================== .gitlab/issue_templates/061 Rebase - Stable.md ===================================== @@ -114,4 +114,5 @@ /label ~"Apps::Product::TorBrowser" /label ~"Apps::Type::Rebase" +/label ~"Apps::Impact::High" /label ~"Priority::Blocker" ===================================== .gitlab/issue_templates/062 Rebase - Legacy.md ===================================== @@ -87,4 +87,5 @@ /label ~"Apps::Product::TorBrowser" /label ~"Apps::Type::Rebase" +/label ~"Apps::Impact::High" /label ~"Priority::Blocker" ===================================== .gitlab/issue_templates/063 Rebase - Rapid.md ===================================== @@ -290,4 +290,5 @@ gitGraph: /label ~"Apps::Product::TorBrowser" /label ~"Apps::Type::Rebase" +/label ~"Apps::Impact::High" /label ~"Priority::High" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/bda7ad… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/bda7ad… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.2.0esr-15.0-1] fixup! Add CI for Base Browser
by brizental (＠brizental) 27 Aug '25

27 Aug '25

brizental pushed to branch tor-browser-140.2.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: bda7adf3 by Beatriz Rizental at 2025-08-27T15:43:26+02:00 fixup! Add CI for Base Browser - - - - - 1 changed file: - .gitlab/ci/containers/base/Containerfile Changes: ===================================== .gitlab/ci/containers/base/Containerfile ===================================== @@ -9,6 +9,7 @@ FROM containers.torproject.org/tpo/tpa/base-images/python:bookworm RUN apt-get update && apt-get install -y \ clang \ + clang-tidy \ curl \ git \ libasound2-dev \ View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/bda7adf… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/bda7adf… You're receiving this email because of your account on gitlab.torproject.org.

1 0