- tbb-commits - lists.torproject.org

[tor-browser-build/maint-10.0-desktop] Bump NoScript version to 11.2
by gk＠torproject.org 02 Feb '21

02 Feb '21

commit 6def13178318ed1b042f2ebcc9501006a20fe478 Author: Georg Koppen <gk(a)torproject.org> Date: Tue Feb 2 08:21:42 2021 +0000 Bump NoScript version to 11.2 --- projects/tor-browser/config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/tor-browser/config b/projects/tor-browser/config index 35d53f0..f3fab28 100644 --- a/projects/tor-browser/config +++ b/projects/tor-browser/config @@ -77,9 +77,9 @@ input_files: enable: '[% c("var/snowflake") && ! c("var/android") %]' - filename: Bundle-Data enable: '[% ! c("var/android") %]' - - URL: https://addons.cdn.mozilla.net/user-media/addons/722/noscript_security_suit… + - URL: https://addons.cdn.mozilla.net/user-media/addons/722/noscript_security_suit… name: noscript - sha256sum: 5f68a63637e286433089aeb3b6a0aa930317dd988184876b5d6dcff2ca07bb34 + sha256sum: 4258bcd0bcdfc8ecb231d250e3adf1c477a1a672ede74a5cd10ba05a5381babb - filename: 'RelativeLink/start-tor-browser.desktop' enable: '[% c("var/linux") %]' - filename: 'RelativeLink/execdesktop'

1 0

[tor-browser-build/maint-10.0-desktop] Bug 40224: Backport Tor patch for v3 onion services
by gk＠torproject.org 02 Feb '21

02 Feb '21

commit 9f965640252fb1c64df5214cd71d19ef0e440126 Author: Matthew Finkel <sysrqb(a)torproject.org> Date: Mon Feb 1 21:31:46 2021 +0000 Bug 40224: Backport Tor patch for v3 onion services --- ...1-hs-v3-Require-reasonably-live-consensus.patch | 672 +++++++++++++++++++++ ...tests-Fix-unit-tests-after-merge-of-40237.patch | 97 +++ .../0003-Pick-up-merge-conflict-resolutions.patch | 82 +++ projects/tor/build | 4 + projects/tor/config | 3 + 5 files changed, 858 insertions(+) diff --git a/projects/tor/0001-hs-v3-Require-reasonably-live-consensus.patch b/projects/tor/0001-hs-v3-Require-reasonably-live-consensus.patch new file mode 100644 index 0000000..9a4ec5c --- /dev/null +++ b/projects/tor/0001-hs-v3-Require-reasonably-live-consensus.patch @@ -0,0 +1,672 @@ +From a363b64e82bc1dac2409a65dee0606c4b66f71fc Mon Sep 17 00:00:00 2001 +From: David Goulet <dgoulet(a)torproject.org> +Date: Mon, 11 Jan 2021 16:01:22 -0500 +Subject: [PATCH 1/3] hs-v3: Require reasonably live consensus + +Some days before this commit, the network experienced a DDoS on the directory +authorities that prevented them to generate a consensus for more than 5 hours +straight. + +That in turn entirely disabled onion service v3, client and service side, due +to the subsystem requiring a live consensus to function properly. + +We know require a reasonably live consensus which means that the HSv3 +subsystem will to its job for using the best consensus tor can find. If the +entire network is using an old consensus, than this should be alright. + +If the service happens to use a live consensus while a client is not, it +should still work because the client will use the current SRV it sees which +might be the previous SRV for the service for which it still publish +descriptors for. + +If the service is using an old one and somehow can't get a new one while +clients are on a new one, then reachability issues might arise. However, this +is a situation we already have at the moment since the service will simply not +work if it doesn't have a live consensus while a client has one. + +Fixes #40237 + +Signed-off-by: David Goulet <dgoulet(a)torproject.org> + +diff --git a/changes/ticket40237 b/changes/ticket40237 +new file mode 100644 +index 0000000000..fc32f59cd4 +--- /dev/null ++++ b/changes/ticket40237 +@@ -0,0 +1,5 @@ ++ o Major bugfixes (onion service v3): ++ - Stop requiring a live consensus for v3 clients and services to work. The ++ use of a reasonably live consensus will allow v3 to work properly in most ++ cases if the network failed to generate a consensus for more than 2 hours ++ in a row. Fixes bug 40237; bugfix on 0.3.5.1-alpha. +diff --git a/src/core/mainloop/mainloop.c b/src/core/mainloop/mainloop.c +index e4e17f6b76..b4dbedbfe4 100644 +--- a/src/core/mainloop/mainloop.c ++++ b/src/core/mainloop/mainloop.c +@@ -2154,7 +2154,8 @@ hs_service_callback(time_t now, const or_options_t *options) + /* We need to at least be able to build circuits and that we actually have + * a working network. */ + if (!have_completed_a_circuit() || net_is_disabled() || +- networkstatus_get_live_consensus(now) == NULL) { ++ !networkstatus_get_reasonably_live_consensus(now, ++ usable_consensus_flavor())) { + goto end; + } + +diff --git a/src/feature/hs/hs_cache.c b/src/feature/hs/hs_cache.c +index 44cd2505fd..ef5e88e947 100644 +--- a/src/feature/hs/hs_cache.c ++++ b/src/feature/hs/hs_cache.c +@@ -17,6 +17,7 @@ + #include "feature/hs/hs_common.h" + #include "feature/hs/hs_client.h" + #include "feature/hs/hs_descriptor.h" ++#include "feature/nodelist/microdesc.h" + #include "feature/nodelist/networkstatus.h" + #include "feature/rend/rendcache.h" + +@@ -739,7 +740,9 @@ cached_client_descriptor_has_expired(time_t now, + /* We use the current consensus time to see if we should expire this + * descriptor since we use consensus time for all other parts of the protocol + * as well (e.g. to build the blinded key and compute time periods). */ +- const networkstatus_t *ns = networkstatus_get_live_consensus(now); ++ const networkstatus_t *ns = ++ networkstatus_get_reasonably_live_consensus(now, ++ usable_consensus_flavor()); + /* If we don't have a recent consensus, consider this entry expired since we + * will want to fetch a new HS desc when we get a live consensus. */ + if (!ns) { +diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c +index fc1fd76efc..0f6109195b 100644 +--- a/src/feature/hs/hs_client.c ++++ b/src/feature/hs/hs_client.c +@@ -29,6 +29,7 @@ + #include "feature/hs/hs_descriptor.h" + #include "feature/hs/hs_ident.h" + #include "feature/nodelist/describe.h" ++#include "feature/nodelist/microdesc.h" + #include "feature/nodelist/networkstatus.h" + #include "feature/nodelist/nodelist.h" + #include "feature/nodelist/routerset.h" +@@ -1302,9 +1303,10 @@ can_client_refetch_desc(const ed25519_public_key_t *identity_pk, + goto cannot; + } + +- /* Without a live consensus we can't do any client actions. It is needed to +- * compute the hashring for a service. */ +- if (!networkstatus_get_live_consensus(approx_time())) { ++ /* Without a usable consensus we can't do any client actions. It is needed ++ * to compute the hashring for a service. */ ++ if (!networkstatus_get_reasonably_live_consensus(approx_time(), ++ usable_consensus_flavor())) { + log_info(LD_REND, "Can't fetch descriptor for service %s because we " + "are missing a live consensus. Stalling connection.", + safe_str_client(ed25519_fmt(identity_pk))); +diff --git a/src/feature/hs/hs_common.c b/src/feature/hs/hs_common.c +index 4639cdb68a..86d3fcab7d 100644 +--- a/src/feature/hs/hs_common.c ++++ b/src/feature/hs/hs_common.c +@@ -27,6 +27,7 @@ + #include "feature/hs/hs_service.h" + #include "feature/hs_common/shared_random_client.h" + #include "feature/nodelist/describe.h" ++#include "feature/nodelist/microdesc.h" + #include "feature/nodelist/networkstatus.h" + #include "feature/nodelist/nodelist.h" + #include "feature/nodelist/routerset.h" +@@ -276,7 +277,9 @@ hs_get_time_period_num(time_t now) + if (now != 0) { + current_time = now; + } else { +- networkstatus_t *ns = networkstatus_get_live_consensus(approx_time()); ++ networkstatus_t *ns = ++ networkstatus_get_reasonably_live_consensus(approx_time(), ++ usable_consensus_flavor()); + current_time = ns ? ns->valid_after : approx_time(); + } + +@@ -1107,7 +1110,8 @@ hs_in_period_between_tp_and_srv,(const networkstatus_t *consensus, time_t now)) + time_t srv_start_time, tp_start_time; + + if (!consensus) { +- consensus = networkstatus_get_live_consensus(now); ++ consensus = networkstatus_get_reasonably_live_consensus(now, ++ usable_consensus_flavor()); + if (!consensus) { + return 0; + } +@@ -1352,7 +1356,9 @@ hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, + sorted_nodes = smartlist_new(); + + /* Make sure we actually have a live consensus */ +- networkstatus_t *c = networkstatus_get_live_consensus(approx_time()); ++ networkstatus_t *c = ++ networkstatus_get_reasonably_live_consensus(approx_time(), ++ usable_consensus_flavor()); + if (!c || smartlist_len(c->routerstatus_list) == 0) { + log_warn(LD_REND, "No live consensus so we can't get the responsible " + "hidden service directories."); +diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c +index a42879a48f..2f3f45f252 100644 +--- a/src/feature/hs/hs_service.c ++++ b/src/feature/hs/hs_service.c +@@ -23,6 +23,7 @@ + #include "feature/hs_common/shared_random_client.h" + #include "feature/keymgt/loadkey.h" + #include "feature/nodelist/describe.h" ++#include "feature/nodelist/microdesc.h" + #include "feature/nodelist/networkstatus.h" + #include "feature/nodelist/nickname.h" + #include "feature/nodelist/node_select.h" +@@ -2504,7 +2505,8 @@ should_rotate_descriptors(hs_service_t *service, time_t now) + + tor_assert(service); + +- ns = networkstatus_get_live_consensus(now); ++ ns = networkstatus_get_reasonably_live_consensus(now, ++ usable_consensus_flavor()); + if (ns == NULL) { + goto no_rotation; + } +@@ -3188,10 +3190,8 @@ should_service_upload_descriptor(const hs_service_t *service, + } + + /* Don't upload desc if we don't have a live consensus */ +- if (!networkstatus_get_live_consensus(now)) { +- msg = tor_strdup("No live consensus"); +- log_cant_upload_desc(service, desc, msg, +- LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS); ++ if (!networkstatus_get_reasonably_live_consensus(now, ++ usable_consensus_flavor())) { + goto cannot; + } + +diff --git a/src/feature/hs_common/shared_random_client.c b/src/feature/hs_common/shared_random_client.c +index c2ea5afe32..4e8a2942fc 100644 +--- a/src/feature/hs_common/shared_random_client.c ++++ b/src/feature/hs_common/shared_random_client.c +@@ -13,6 +13,7 @@ + #include "app/config/config.h" + #include "feature/dirauth/authmode.h" + #include "feature/dirauth/voting_schedule.h" ++#include "feature/nodelist/microdesc.h" + #include "feature/nodelist/networkstatus.h" + #include "lib/encoding/binascii.h" + +@@ -55,7 +56,9 @@ int + get_voting_interval(void) + { + int interval; +- networkstatus_t *consensus = networkstatus_get_live_consensus(time(NULL)); ++ networkstatus_t *consensus = ++ networkstatus_get_reasonably_live_consensus(time(NULL), ++ usable_consensus_flavor()); + + if (consensus) { + /* Ideally we have a live consensus and we can just use that. */ +@@ -147,7 +150,8 @@ sr_get_current(const networkstatus_t *ns) + if (ns) { + consensus = ns; + } else { +- consensus = networkstatus_get_live_consensus(approx_time()); ++ consensus = networkstatus_get_reasonably_live_consensus(approx_time(), ++ usable_consensus_flavor()); + } + /* Ideally we would never be asked for an SRV without a live consensus. Make + * sure this assumption is correct. */ +@@ -170,7 +174,8 @@ sr_get_previous(const networkstatus_t *ns) + if (ns) { + consensus = ns; + } else { +- consensus = networkstatus_get_live_consensus(approx_time()); ++ consensus = networkstatus_get_reasonably_live_consensus(approx_time(), ++ usable_consensus_flavor()); + } + /* Ideally we would never be asked for an SRV without a live consensus. Make + * sure this assumption is correct. */ +@@ -242,13 +247,14 @@ sr_state_get_start_time_of_current_protocol_run(void) + int voting_interval = get_voting_interval(); + time_t beginning_of_curr_round; + +- /* This function is not used for voting purposes, so if we have a live +- consensus, use its valid-after as the beginning of the current round. +- If we have no consensus but we're an authority, use our own +- schedule. Otherwise, try using our view of the voting interval +- to figure out when the current round _should_ be starting. +- */ +- networkstatus_t *ns = networkstatus_get_live_consensus(approx_time()); ++ /* This function is not used for voting purposes, so if we have a reasonably ++ * live consensus, use its valid-after as the beginning of the current ++ * round. If we have no consensus but we're an authority, use our own ++ * schedule. Otherwise, try using our view of the voting interval to figure ++ * out when the current round _should_ be starting. */ ++ networkstatus_t *ns = ++ networkstatus_get_reasonably_live_consensus(approx_time(), ++ usable_consensus_flavor()); + if (ns) { + beginning_of_curr_round = ns->valid_after; + } else if (authdir_mode(get_options()) || ASSUME_AUTHORITY_SCHEDULING) { +diff --git a/src/feature/nodelist/nodelist.c b/src/feature/nodelist/nodelist.c +index 7454f342f9..6ee1d11cae 100644 +--- a/src/feature/nodelist/nodelist.c ++++ b/src/feature/nodelist/nodelist.c +@@ -362,7 +362,7 @@ node_set_hsdir_index(node_t *node, const networkstatus_t *ns) + tor_assert(node); + tor_assert(ns); + +- if (!networkstatus_is_live(ns, now)) { ++ if (!networkstatus_consensus_reasonably_live(ns, now)) { + static struct ratelim_t live_consensus_ratelim = RATELIM_INIT(30 * 60); + log_fn_ratelim(&live_consensus_ratelim, LOG_INFO, LD_GENERAL, + "Not setting hsdir index with a non-live consensus."); +diff --git a/src/test/test_hs_cache.c b/src/test/test_hs_cache.c +index f25bba3584..379f23ec72 100644 +--- a/src/test/test_hs_cache.c ++++ b/src/test/test_hs_cache.c +@@ -462,9 +462,10 @@ test_hsdir_revision_counter_check(void *arg) + static networkstatus_t mock_ns; + + static networkstatus_t * +-mock_networkstatus_get_live_consensus(time_t now) ++mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) + { + (void) now; ++ (void) flavor; + return &mock_ns; + } + +@@ -485,8 +486,8 @@ test_client_cache(void *arg) + /* Initialize HSDir cache subsystem */ + init_test(); + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + /* Set consensus time */ + parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC", +diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c +index ae5cc5ed84..fd84293dc2 100644 +--- a/src/test/test_hs_client.c ++++ b/src/test/test_hs_client.c +@@ -66,16 +66,18 @@ static networkstatus_t mock_ns; + + /* Always return NULL. */ + static networkstatus_t * +-mock_networkstatus_get_live_consensus_false(time_t now) ++mock_networkstatus_get_reasonably_live_consensus_false(time_t now, int flavor) + { + (void) now; ++ (void) flavor; + return NULL; + } + + static networkstatus_t * +-mock_networkstatus_get_live_consensus(time_t now) ++mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) + { + (void) now; ++ (void) flavor; + return &mock_ns; + } + +@@ -379,8 +381,8 @@ test_client_pick_intro(void *arg) + ed25519_keypair_t service_kp; + hs_descriptor_t *desc = NULL; + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + (void) arg; + +@@ -632,15 +634,15 @@ test_descriptor_fetch(void *arg) + get_options_mutable()->FetchHidServDescriptors = 1; + + /* 2. We don't have a live consensus. */ +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus_false); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus_false); + ret = hs_client_refetch_hsdesc(&service_pk); +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + tt_int_op(ret, OP_EQ, HS_CLIENT_FETCH_MISSING_INFO); + + /* From now on, return a live consensus. */ +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + /* 3. Not enough dir information. */ + MOCK(router_have_minimum_dir_info, +@@ -682,7 +684,7 @@ test_descriptor_fetch(void *arg) + + done: + connection_free_minimal(ENTRY_TO_CONN(ec)); +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + UNMOCK(router_have_minimum_dir_info); + hs_free_all(); + } +@@ -880,8 +882,8 @@ test_desc_has_arrived_cleanup(void *arg) + + hs_init(); + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + MOCK(connection_mark_unattached_ap_, + mock_connection_mark_unattached_ap_); + MOCK(router_have_minimum_dir_info, +@@ -953,7 +955,7 @@ test_desc_has_arrived_cleanup(void *arg) + tor_free(desc_str); + hs_free_all(); + +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + UNMOCK(connection_mark_unattached_ap_); + UNMOCK(router_have_minimum_dir_info); + } +@@ -974,8 +976,8 @@ test_close_intro_circuits_new_desc(void *arg) + + /* This is needed because of the client cache expiration timestamp is based + * on having a consensus. See cached_client_descriptor_has_expired(). */ +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + /* Set consensus time */ + parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC", +@@ -1101,7 +1103,7 @@ test_close_intro_circuits_new_desc(void *arg) + hs_descriptor_free(desc1); + hs_descriptor_free(desc2); + hs_free_all(); +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + } + + static void +diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c +index 9202074e25..e3d130fb32 100644 +--- a/src/test/test_hs_common.c ++++ b/src/test/test_hs_common.c +@@ -360,9 +360,10 @@ mock_networkstatus_get_latest_consensus(void) + } + + static networkstatus_t * +-mock_networkstatus_get_live_consensus(time_t now) ++mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) + { + (void) now; ++ (void) flavor; + + tt_assert(mock_ns); + +@@ -382,6 +383,8 @@ test_responsible_hsdirs(void *arg) + + MOCK(networkstatus_get_latest_consensus, + mock_networkstatus_get_latest_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + ns = networkstatus_get_latest_consensus(); + +@@ -418,6 +421,8 @@ test_responsible_hsdirs(void *arg) + smartlist_clear(ns->routerstatus_list); + networkstatus_vote_free(mock_ns); + cleanup_nodelist(); ++ ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + } + + static void +@@ -467,6 +472,8 @@ test_desc_reupload_logic(void *arg) + + hs_init(); + ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + MOCK(router_have_minimum_dir_info, + mock_router_have_minimum_dir_info); + MOCK(get_or_state, +@@ -911,9 +918,11 @@ static smartlist_t *service_responsible_hsdirs = NULL; + static smartlist_t *client_responsible_hsdirs = NULL; + + static networkstatus_t * +-mock_networkstatus_get_live_consensus_service(time_t now) ++mock_networkstatus_get_reasonably_live_consensus_service(time_t now, ++ int flavor) + { + (void) now; ++ (void) flavor; + + if (mock_service_ns) { + return mock_service_ns; +@@ -929,13 +938,14 @@ mock_networkstatus_get_live_consensus_service(time_t now) + static networkstatus_t * + mock_networkstatus_get_latest_consensus_service(void) + { +- return mock_networkstatus_get_live_consensus_service(0); ++ return mock_networkstatus_get_reasonably_live_consensus_service(0, 0); + } + + static networkstatus_t * +-mock_networkstatus_get_live_consensus_client(time_t now) ++mock_networkstatus_get_reasonably_live_consensus_client(time_t now, int flavor) + { + (void) now; ++ (void) flavor; + + if (mock_client_ns) { + return mock_client_ns; +@@ -951,7 +961,7 @@ mock_networkstatus_get_live_consensus_client(time_t now) + static networkstatus_t * + mock_networkstatus_get_latest_consensus_client(void) + { +- return mock_networkstatus_get_live_consensus_client(0); ++ return mock_networkstatus_get_reasonably_live_consensus_client(0, 0); + } + + /* Mock function because we are not trying to test the close circuit that does +@@ -1411,8 +1421,8 @@ run_reachability_scenario(const reachability_cfg_t *cfg, int num_scenario) + * === Client setup === + */ + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus_client); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus_client); + MOCK(networkstatus_get_latest_consensus, + mock_networkstatus_get_latest_consensus_client); + +@@ -1436,14 +1446,14 @@ run_reachability_scenario(const reachability_cfg_t *cfg, int num_scenario) + tt_int_op(smartlist_len(client_responsible_hsdirs), OP_EQ, 6); + + UNMOCK(networkstatus_get_latest_consensus); +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + + /* + * === Service setup === + */ + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus_service); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus_service); + MOCK(networkstatus_get_latest_consensus, + mock_networkstatus_get_latest_consensus_service); + +@@ -1470,7 +1480,7 @@ run_reachability_scenario(const reachability_cfg_t *cfg, int num_scenario) + tt_int_op(smartlist_len(service_responsible_hsdirs), OP_EQ, 8); + + UNMOCK(networkstatus_get_latest_consensus); +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + + /* Some testing of the values we just got from the client and service. */ + tt_mem_op(&client_blinded_pk, OP_EQ, &service_blinded_pk, +@@ -1721,8 +1731,8 @@ test_client_service_hsdir_set_sync(void *arg) + + MOCK(networkstatus_get_latest_consensus, + mock_networkstatus_get_latest_consensus); +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + MOCK(get_or_state, + get_or_state_replacement); + MOCK(hs_desc_encode_descriptor, +diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c +index 80383baff8..630cfef1fe 100644 +--- a/src/test/test_hs_service.c ++++ b/src/test/test_hs_service.c +@@ -83,9 +83,10 @@ + static networkstatus_t mock_ns; + + static networkstatus_t * +-mock_networkstatus_get_live_consensus(time_t now) ++mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) + { + (void) now; ++ (void) flavor; + return &mock_ns; + } + +@@ -1375,8 +1376,8 @@ test_rotate_descriptors(void *arg) + hs_init(); + MOCK(get_or_state, get_or_state_replacement); + MOCK(circuit_mark_for_close_, mock_circuit_mark_for_close); +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + /* Descriptor rotation happens with a consensus with a new SRV. */ + +@@ -1464,7 +1465,7 @@ test_rotate_descriptors(void *arg) + hs_free_all(); + UNMOCK(get_or_state); + UNMOCK(circuit_mark_for_close_); +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + } + + /** Test building descriptors: picking intro points, setting up their link +@@ -1484,8 +1485,8 @@ test_build_update_descriptors(void *arg) + + MOCK(get_or_state, + get_or_state_replacement); +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + dummy_state = or_state_new(); + +@@ -1715,8 +1716,8 @@ test_build_descriptors(void *arg) + + MOCK(get_or_state, + get_or_state_replacement); +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + dummy_state = or_state_new(); + +@@ -1816,8 +1817,8 @@ test_upload_descriptors(void *arg) + hs_init(); + MOCK(get_or_state, + get_or_state_replacement); +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + dummy_state = or_state_new(); + +diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c +index 148eb5cf90..9e49e835c9 100644 +--- a/src/test/test_shared_random.c ++++ b/src/test/test_shared_random.c +@@ -167,6 +167,15 @@ mock_networkstatus_get_live_consensus(time_t now) + return &mock_consensus; + } + ++/* Mock function to immediately return our local 'mock_consensus'. */ ++static networkstatus_t * ++mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) ++{ ++ (void) now; ++ (void) flavor; ++ return &mock_consensus; ++} ++ + static void + test_get_state_valid_until_time(void *arg) + { +@@ -179,6 +188,8 @@ test_get_state_valid_until_time(void *arg) + + MOCK(networkstatus_get_live_consensus, + mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC", + &mock_consensus.fresh_until); +@@ -235,7 +246,7 @@ test_get_state_valid_until_time(void *arg) + } + + done: +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + } + + /** Test the function that calculates the start time of the current SRV +@@ -251,6 +262,8 @@ test_get_start_time_of_current_run(void *arg) + + MOCK(networkstatus_get_live_consensus, + mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC", + &mock_consensus.fresh_until); +@@ -335,6 +348,7 @@ test_get_start_time_of_current_run(void *arg) + /* Next test is testing it without a consensus to use the testing voting + * interval . */ + UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + + /* Now let's alter the voting schedule and check the correctness of the + * function. Voting interval of 10 seconds, means that an SRV protocol run +@@ -366,8 +380,8 @@ test_get_start_time_functions(void *arg) + (void) arg; + int retval; + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC", + &mock_consensus.fresh_until); +@@ -388,7 +402,7 @@ test_get_start_time_functions(void *arg) + start_time_of_protocol_run); + + done: +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + } + + static void +-- +2.25.1 + diff --git a/projects/tor/0002-tests-Fix-unit-tests-after-merge-of-40237.patch b/projects/tor/0002-tests-Fix-unit-tests-after-merge-of-40237.patch new file mode 100644 index 0000000..32e6812 --- /dev/null +++ b/projects/tor/0002-tests-Fix-unit-tests-after-merge-of-40237.patch @@ -0,0 +1,97 @@ +From 10acc0ce99283ed0aa5c6c5d203f1b0514e60f4a Mon Sep 17 00:00:00 2001 +From: David Goulet <dgoulet(a)torproject.org> +Date: Tue, 12 Jan 2021 10:50:01 -0500 +Subject: [PATCH 2/3] tests: Fix unit tests after merge of #40237 + + +diff --git a/src/test/test_hs_cache.c b/src/test/test_hs_cache.c +index 379f23ec72..df96b2c791 100644 +--- a/src/test/test_hs_cache.c ++++ b/src/test/test_hs_cache.c +@@ -590,8 +590,8 @@ test_client_cache_decrypt(void *arg) + /* Initialize HSDir cache subsystem */ + hs_init(); + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + /* Set consensus time */ + parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC", +@@ -646,7 +646,7 @@ test_client_cache_decrypt(void *arg) + + hs_free_all(); + +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + } + + static void +@@ -660,8 +660,8 @@ test_client_cache_remove(void *arg) + + hs_init(); + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + /* Set consensus time. Lookup will not return the entry if it has expired + * and it is checked against the consensus valid_after time. */ +@@ -699,7 +699,7 @@ test_client_cache_remove(void *arg) + hs_descriptor_free(desc1); + hs_free_all(); + +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + } + + struct testcase_t hs_cache[] = { +diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c +index fd84293dc2..0cd7d81eea 100644 +--- a/src/test/test_hs_client.c ++++ b/src/test/test_hs_client.c +@@ -1122,8 +1122,8 @@ test_close_intro_circuits_cache_clean(void *arg) + + /* This is needed because of the client cache expiration timestamp is based + * on having a consensus. See cached_client_descriptor_has_expired(). */ +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + /* Set consensus time */ + parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC", +@@ -1188,7 +1188,7 @@ test_close_intro_circuits_cache_clean(void *arg) + hs_descriptor_free(desc1); + hs_free_all(); + rend_cache_free_all(); +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + } + + static void +@@ -1209,8 +1209,8 @@ test_socks_hs_errors(void *arg) + + (void) arg; + +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + MOCK(connection_mark_unattached_ap_, + mock_connection_mark_unattached_ap_no_close); + MOCK(read_file_to_str, mock_read_file_to_str); +@@ -1358,7 +1358,7 @@ test_socks_hs_errors(void *arg) + + hs_free_all(); + +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + UNMOCK(connection_mark_unattached_ap_); + UNMOCK(read_file_to_str); + UNMOCK(tor_listdir); +-- +2.25.1 + diff --git a/projects/tor/0003-Pick-up-merge-conflict-resolutions.patch b/projects/tor/0003-Pick-up-merge-conflict-resolutions.patch new file mode 100644 index 0000000..dcc8b52 --- /dev/null +++ b/projects/tor/0003-Pick-up-merge-conflict-resolutions.patch @@ -0,0 +1,82 @@ +From 2deca96cb8836a95095354cc717e1738f10b8ce1 Mon Sep 17 00:00:00 2001 +From: Matthew Finkel <sysrqb(a)torproject.org> +Date: Mon, 1 Feb 2021 21:03:54 +0000 +Subject: [PATCH 3/3] Pick up merge conflict resolutions + + +diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c +index 2f3f45f252..c29f39c6b4 100644 +--- a/src/feature/hs/hs_service.c ++++ b/src/feature/hs/hs_service.c +@@ -3192,6 +3192,9 @@ should_service_upload_descriptor(const hs_service_t *service, + /* Don't upload desc if we don't have a live consensus */ + if (!networkstatus_get_reasonably_live_consensus(now, + usable_consensus_flavor())) { ++ msg = tor_strdup("No reasonably live consensus"); ++ log_cant_upload_desc(service, desc, msg, ++ LOG_DESC_UPLOAD_REASON_NO_LIVE_CONSENSUS); + goto cannot; + } + +diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c +index 630cfef1fe..8b94bb6cf1 100644 +--- a/src/test/test_hs_service.c ++++ b/src/test/test_hs_service.c +@@ -91,9 +91,10 @@ mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) + } + + static networkstatus_t * +-mock_networkstatus_get_live_consensus_null(time_t now) ++mock_networkstatus_get_reasonably_live_consensus_null(time_t now, int flavor) + { + (void) now; ++ (void) flavor; + return NULL; + } + +@@ -2554,8 +2555,8 @@ test_cannot_upload_descriptors(void *arg) + hs_init(); + MOCK(get_or_state, + get_or_state_replacement); +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + + dummy_state = or_state_new(); + +@@ -2631,17 +2632,17 @@ test_cannot_upload_descriptors(void *arg) + + /* 4. Testing missing live consensus. */ + { +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus_null); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus_null); + setup_full_capture_of_logs(LOG_INFO); + run_upload_descriptor_event(now); + expect_log_msg_containing( + "Service [scrubbed] can't upload its current descriptor: " +- "No live consensus"); ++ "No reasonably live consensus"); + teardown_capture_of_logs(); + /* Reset. */ +- MOCK(networkstatus_get_live_consensus, +- mock_networkstatus_get_live_consensus); ++ MOCK(networkstatus_get_reasonably_live_consensus, ++ mock_networkstatus_get_reasonably_live_consensus); + } + + /* 5. Test missing minimum directory information. */ +@@ -2680,7 +2681,7 @@ test_cannot_upload_descriptors(void *arg) + done: + hs_free_all(); + UNMOCK(count_desc_circuit_established); +- UNMOCK(networkstatus_get_live_consensus); ++ UNMOCK(networkstatus_get_reasonably_live_consensus); + UNMOCK(get_or_state); + } + +-- +2.25.1 + diff --git a/projects/tor/build b/projects/tor/build index c7e9190..219301a 100644 --- a/projects/tor/build +++ b/projects/tor/build @@ -93,6 +93,10 @@ openssldir=/var/tmp/dist/openssl/openssl [% END %] cd /var/tmp/build/[% project %]-[% c('version') %] +# Patch Tor 0.4.4.6 with the fix for tpo/core/tor#40237 +patch -p1 < $rootdir/0001-hs-v3-Require-reasonably-live-consensus.patch +patch -p1 < $rootdir/0002-tests-Fix-unit-tests-after-merge-of-40237.patch +patch -p1 < $rootdir/0003-Pick-up-merge-conflict-resolutions.patch # add git hash to micro-revision.i for #24995 echo '"[% c("abbrev", { abbrev_length => 16 }) %]"' > micro-revision.i ./autogen.sh diff --git a/projects/tor/config b/projects/tor/config index 3050d7d..1a53d39 100644 --- a/projects/tor/config +++ b/projects/tor/config @@ -68,3 +68,6 @@ input_files: - name: zstd project: zstd enable: '[% c("var/android") %]' + - filename: '0001-hs-v3-Require-reasonably-live-consensus.patch' + - filename: '0002-tests-Fix-unit-tests-after-merge-of-40237.patch' + - filename: '0003-Pick-up-merge-conflict-resolutions.patch'

1 0

[tor-browser-build/master] Bump NoScript version to 11.2
by gk＠torproject.org 02 Feb '21

02 Feb '21

commit 2c784b891a3f8d8bafe7dd40cd4349342b5792bb Author: Georg Koppen <gk(a)torproject.org> Date: Tue Feb 2 08:21:42 2021 +0000 Bump NoScript version to 11.2 --- projects/tor-browser/config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/projects/tor-browser/config b/projects/tor-browser/config index 4111d63..b5b4470 100644 --- a/projects/tor-browser/config +++ b/projects/tor-browser/config @@ -78,9 +78,9 @@ input_files: enable: '[% c("var/snowflake") && ! c("var/android") %]' - filename: Bundle-Data enable: '[% ! c("var/android") %]' - - URL: https://addons.cdn.mozilla.net/user-media/addons/722/noscript_security_suit… + - URL: https://addons.cdn.mozilla.net/user-media/addons/722/noscript_security_suit… name: noscript - sha256sum: 5f68a63637e286433089aeb3b6a0aa930317dd988184876b5d6dcff2ca07bb34 + sha256sum: 4258bcd0bcdfc8ecb231d250e3adf1c477a1a672ede74a5cd10ba05a5381babb - filename: 'RelativeLink/start-tor-browser.desktop' enable: '[% c("var/linux") %]' - filename: 'RelativeLink/execdesktop'

1 0

[tor-browser-build/master] Bump HTTPS Everywhere version to 2021.1.27
by gk＠torproject.org 02 Feb '21

02 Feb '21

commit fb8c34548414ab3208e7e01a46a711220fc52684 Author: Georg Koppen <gk(a)torproject.org> Date: Tue Feb 2 08:19:59 2021 +0000 Bump HTTPS Everywhere version to 2021.1.27 --- projects/https-everywhere/config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/https-everywhere/config b/projects/https-everywhere/config index 255d36f..5ef51dd 100644 --- a/projects/https-everywhere/config +++ b/projects/https-everywhere/config @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 2020.11.17 +version: 2021.1.27 git_url: https://git.torproject.org/https-everywhere.git git_hash: '[% c("version") %]' git_submodule: 1

1 0

[tor-browser-build/master] Bug 40214: Update AMO Collection URL
by gk＠torproject.org 02 Feb '21

02 Feb '21

commit e71d7141310186fe22078d0971a21d67c470153d Author: Matthew Finkel <sysrqb(a)torproject.org> Date: Tue Feb 2 05:53:51 2021 +0000 Bug 40214: Update AMO Collection URL --- tools/fetch_allowed_addons.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/fetch_allowed_addons.py b/tools/fetch_allowed_addons.py index 065e490..ff82537 100755 --- a/tools/fetch_allowed_addons.py +++ b/tools/fetch_allowed_addons.py @@ -31,7 +31,7 @@ def patch_https_everywhere(addons): def main(argv): amo_collection = argv[0] if argv else '83a9cccfe6e24a34bd7b155ff9ee32' - url = 'https://addons.mozilla.org/api/v4/accounts/account/mozilla/collections/' + amo_collection + '/addons/' + url = 'https://services.addons.mozilla.org/api/v4/accounts/account/mozilla/collect…' + amo_collection + '/addons/' data = json.loads(fetch(url)) fetch_and_embed_icons(data) patch_https_everywhere(data)

1 0

[tor-browser-build/master] Update allowed_addons.json
by gk＠torproject.org 02 Feb '21

02 Feb '21

commit 9dc29fad2c6ab245f8519c1528b50b95647f2dc2 Author: Georg Koppen <gk(a)torproject.org> Date: Tue Feb 2 08:17:26 2021 +0000 Update allowed_addons.json --- projects/tor-browser/allowed_addons.json | 278 +++++++++++++++---------------- 1 file changed, 139 insertions(+), 139 deletions(-) diff --git a/projects/tor-browser/allowed_addons.json b/projects/tor-browser/allowed_addons.json index e9e5d9d..ad64dea 100644 --- a/projects/tor-browser/allowed_addons.json +++ b/projects/tor-browser/allowed_addons.json @@ -12,12 +12,12 @@ { "id": 13299734, "name": "Alexander Shutau", - "url": "https://addons.mozilla.org/en-US/android/user/13299734/", + "url": "https://addons.mozilla.org/en-US/firefox/user/13299734/", "username": "alexanderby", "picture_url": "https://addons.cdn.mozilla.net/user-media/userpics/13/13299/13299734.png?mo…" } ], - "average_daily_users": 566381, + "average_daily_users": 577081, "categories": { "android": [ "experimental", @@ -54,7 +54,7 @@ "platform": "all", "size": 518564, "status": "public", - "url": "https://addons.mozilla.org/android/downloads/file/3712931/dark_reader-4.9.2…", + "url": "https://addons.mozilla.org/firefox/downloads/file/3712931/dark_reader-4.9.2…", "permissions": [ "storage", "tabs", @@ -237,12 +237,12 @@ "category": "recommended" }, "ratings": { - "average": 4.5614, - "bayesian_average": 4.5597207572687815, - "count": 3258, - "text_count": 1077 + "average": 4.5585, + "bayesian_average": 4.556835213074099, + "count": 3293, + "text_count": 1090 }, - "ratings_url": "https://addons.mozilla.org/en-US/android/addon/darkreader/reviews/", + "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/reviews/", "requires_payment": false, "review_url": "https://addons.mozilla.org/en-US/reviewers/review/855413", "slug": "darkreader", @@ -335,8 +335,8 @@ "theme" ], "type": "extension", - "url": "https://addons.mozilla.org/en-US/android/addon/darkreader/", - "weekly_downloads": 25282 + "url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/", + "weekly_downloads": 26593 }, "notes": null }, @@ -347,12 +347,12 @@ { "id": 5474073, "name": "EFF Technologists", - "url": "https://addons.mozilla.org/en-US/android/user/5474073/", + "url": "https://addons.mozilla.org/en-US/firefox/user/5474073/", "username": "eff-technologists", "picture_url": "https://addons.cdn.mozilla.net/user-media/userpics/5/5474/5474073.png?modif…" } ], - "average_daily_users": 739840, + "average_daily_users": 743583, "categories": { "firefox": [ "privacy-security" @@ -361,7 +361,7 @@ "contributions_url": "https://www.paypal.me/SupportEFF?utm_content=product-page-contribute&utm_me…", "created": "2010-09-16T15:09:10Z", "current_version": { - "id": 5135114, + "id": 5172099, "compatibility": { "firefox": { "min": "42.0", @@ -372,19 +372,19 @@ "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/https-everywhere/versions…", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/https-everywhere/versions…", "files": [ { - "id": 3679479, - "created": "2020-11-16T23:33:04Z", - "hash": "sha256:a6ebcb0a05607e54e7a9fc0b5b3832eda6f13f8dce2ee802164a455919e385c9", + "id": 3716461, + "created": "2021-01-28T01:33:53Z", + "hash": "sha256:da049748bba7282c0f8c0ab85ac8f494e795e79d6bdc6f9f726d687aa8cc2a1f", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 1745655, + "size": 1748610, "status": "public", - "url": "https://addons.mozilla.org/android/downloads/file/3679479/https_everywhere-…", + "url": "https://addons.mozilla.org/firefox/downloads/file/3716461/https_everywhere-…", "permissions": [ "webNavigation", "webRequest", @@ -405,13 +405,13 @@ "name": { "en-US": "Multiple" }, - "url": "https://addons.mozilla.org/en-US/android/addon/https-everywhere/license/202…" + "url": "https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/license/202…" }, "release_notes": { - "en-US": "* Copy URL ability in EASE interstitial\n* Dependapot NPM updates\n* CRX distribution scripts for transparency for Edge and Opera\n* Port inclusion on allowlist for EASE\n* UI change to reflect a global setting" + "en-US": "2021.1.27\n* EASE Mode UI Changes\n* NPM Dependency updates\n* Geckodriver pull update\n* Chromedriver pull update\n* Integrate CSS Grid for Options Page and EASE UI\n* Put Options in new tab" }, "reviewed": null, - "version": "2020.11.17" + "version": "2021.1.27" }, "default_locale": "en-US", "description": { @@ -447,7 +447,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2020-11-17T09:09:47Z", + "last_updated": "2021-01-28T11:24:44Z", "name": { "de": "HTTPS Everywhere", "en-US": "HTTPS Everywhere", @@ -482,12 +482,12 @@ "category": "recommended" }, "ratings": { - "average": 4.6133, - "bayesian_average": 4.610763496975475, - "count": 2185, + "average": 4.6136, + "bayesian_average": 4.611070111786746, + "count": 2197, "text_count": 554 }, - "ratings_url": "https://addons.mozilla.org/en-US/android/addon/https-everywhere/reviews/", + "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/reviews/", "requires_payment": false, "review_url": "https://addons.mozilla.org/en-US/reviewers/review/229918", "slug": "https-everywhere", @@ -518,7 +518,7 @@ ], "type": "extension", "url": "https://www.eff.org/https-everywhere", - "weekly_downloads": 17897 + "weekly_downloads": 18225 }, "notes": null }, @@ -529,12 +529,12 @@ { "id": 6937656, "name": "Thomas Rientjes", - "url": "https://addons.mozilla.org/en-US/android/user/6937656/", + "url": "https://addons.mozilla.org/en-US/firefox/user/6937656/", "username": "Synzvato", "picture_url": "https://addons.cdn.mozilla.net/user-media/userpics/6/6937/6937656.png?modif…" } ], - "average_daily_users": 202121, + "average_daily_users": 204179, "categories": { "android": [ "security-privacy" @@ -569,7 +569,7 @@ "platform": "all", "size": 6857292, "status": "public", - "url": "https://addons.mozilla.org/android/downloads/file/3672658/decentraleyes-2.0…", + "url": "https://addons.mozilla.org/firefox/downloads/file/3672658/decentraleyes-2.0…", "permissions": [ "*://*/*", "privacy", @@ -747,12 +747,12 @@ "category": "recommended" }, "ratings": { - "average": 4.8002, - "bayesian_average": 4.7954104566041265, - "count": 1211, - "text_count": 306 + "average": 4.801, + "bayesian_average": 4.796215721212788, + "count": 1216, + "text_count": 307 }, - "ratings_url": "https://addons.mozilla.org/en-US/android/addon/decentraleyes/reviews/", + "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/reviews/", "requires_payment": false, "review_url": "https://addons.mozilla.org/en-US/reviewers/review/521554", "slug": "decentraleyes", @@ -844,8 +844,8 @@ "tracking" ], "type": "extension", - "url": "https://addons.mozilla.org/en-US/android/addon/decentraleyes/", - "weekly_downloads": 6066 + "url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/", + "weekly_downloads": 6199 }, "notes": null }, @@ -856,12 +856,12 @@ { "id": 5474073, "name": "EFF Technologists", - "url": "https://addons.mozilla.org/en-US/android/user/5474073/", + "url": "https://addons.mozilla.org/en-US/firefox/user/5474073/", "username": "eff-technologists", "picture_url": "https://addons.cdn.mozilla.net/user-media/userpics/5/5474/5474073.png?modif…" } ], - "average_daily_users": 976267, + "average_daily_users": 988059, "categories": { "android": [ "security-privacy" @@ -896,7 +896,7 @@ "platform": "all", "size": 1277059, "status": "public", - "url": "https://addons.mozilla.org/android/downloads/file/3691765/privacy_badger-20…", + "url": "https://addons.mozilla.org/firefox/downloads/file/3691765/privacy_badger-20…", "permissions": [ "tabs", "http://*/*", @@ -1405,12 +1405,12 @@ "category": "recommended" }, "ratings": { - "average": 4.7834, - "bayesian_average": 4.780097856300104, - "count": 1750, - "text_count": 413 + "average": 4.7854, + "bayesian_average": 4.7821169191877395, + "count": 1766, + "text_count": 412 }, - "ratings_url": "https://addons.mozilla.org/en-US/android/addon/privacy-badger17/reviews/", + "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/reviews/", "requires_payment": false, "review_url": "https://addons.mozilla.org/en-US/reviewers/review/506646", "slug": "privacy-badger17", @@ -1426,8 +1426,8 @@ }, "tags": [], "type": "extension", - "url": "https://addons.mozilla.org/en-US/android/addon/privacy-badger17/", - "weekly_downloads": 38261 + "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/", + "weekly_downloads": 39655 }, "notes": null }, @@ -1438,12 +1438,12 @@ { "id": 11423598, "name": "Raymond Hill", - "url": "https://addons.mozilla.org/en-US/android/user/11423598/", + "url": "https://addons.mozilla.org/en-US/firefox/user/11423598/", "username": "gorhill", "picture_url": null } ], - "average_daily_users": 4971335, + "average_daily_users": 4974716, "categories": { "android": [ "security-privacy" @@ -1455,30 +1455,30 @@ "contributions_url": "", "created": "2015-04-25T07:26:22Z", "current_version": { - "id": 5156717, + "id": 5174693, "compatibility": { "firefox": { - "min": "55.0", + "min": "57.0", "max": "*" }, "android": { - "min": "55.0", + "min": "57.0", "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/ublock-origin/versions/51…", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/ublock-origin/versions/51…", "files": [ { - "id": 3701081, - "created": "2020-12-29T13:58:02Z", - "hash": "sha256:5b94fd7f749319a6ff6d83dd20b05b29e733446465aff2ab7669499a3e8fb9cc", + "id": 3719054, + "created": "2021-02-01T14:04:16Z", + "hash": "sha256:5c3a5ef6f5b5475895053238026360020d6793b05541d20032ea9dd1c9cae451", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 2748800, + "size": 2742973, "status": "public", - "url": "https://addons.mozilla.org/android/downloads/file/3701081/ublock_origin-1.3…", + "url": "https://addons.mozilla.org/firefox/downloads/file/3719054/ublock_origin-1.3…", "permissions": [ "dns", "menus", @@ -1534,10 +1534,10 @@ "url": "http://www.gnu.org/licenses/gpl-3.0.html" }, "release_notes": { - "en-US": "<a href=\"https://outgoing.prod.mozaws.net/v1/9fa7d3c9ad42a6b694799cc29274f9b7089f1e6…" rel=\"nofollow\">Complete release notes</a>.\n\n<b>Closed as fixed:</b>\n\n<ul><li><a href=\"https://outgoing.prod.mozaws.net/v1/396d45d7f82e1bf630b3f16ab1f6be4d60ae2d0…" rel=\"nofollow\">Problems with asterisk in the destination of hostname-based rules</a></li></ul>\n<a href=\"https://outgoing.prod.mozaws.net/v1/345396c53b050d1081014dc73d56f95d30eb255…" rel=\"nofollow\">Commits history since 1.32.2</a>." + "en-US": "<a href=\"https://outgoing.prod.mozaws.net/v1/a24fd1d9a1598d49cdc2cdc6d3ecd4359712543…" rel=\"nofollow\">Complete release notes</a>.\n\n<b>Closed as fixed:</b>\n\n<ul><li><a href=\"https://outgoing.prod.mozaws.net/v1/0e94bcfacc284b39a3164377711e52b9ded21cd…" rel=\"nofollow\">After downgrading to 1.32.4, uBO is broken</a></li><li><a href=\"https://outgoing.prod.mozaws.net/v1/88ab9531e629dc0a259dbe61b357b13316fa1a9…" rel=\"nofollow\">Whitelisting a site on Chromium Edge still blocks resources fetched by service worker</a></li></ul>\n<a href=\"https://outgoing.prod.mozaws.net/v1/35c6fcff904629a7392564335b09eb1fe5f661f…" rel=\"nofollow \">Commits history since 1.33.0</a>." }, "reviewed": null, - "version": "1.32.4" + "version": "1.33.2" }, "default_locale": "en-US", "description": { @@ -1627,7 +1627,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2021-01-22T14:50:11Z", + "last_updated": "2021-02-02T00:55:07Z", "name": { "ar": "uBlock Origin", "bg": "uBlock Origin", @@ -1772,12 +1772,12 @@ "category": "recommended" }, "ratings": { - "average": 4.7336, - "bayesian_average": 4.733167443332824, - "count": 13208, - "text_count": 4402 + "average": 4.7334, + "bayesian_average": 4.732968759522842, + "count": 13285, + "text_count": 4420 }, - "ratings_url": "https://addons.mozilla.org/en-US/android/addon/ublock-origin/reviews/", + "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/reviews/", "requires_payment": false, "review_url": "https://addons.mozilla.org/en-US/reviewers/review/607454", "slug": "ublock-origin", @@ -1828,8 +1828,8 @@ }, "tags": [], "type": "extension", - "url": "https://addons.mozilla.org/en-US/android/addon/ublock-origin/", - "weekly_downloads": 118274 + "url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/", + "weekly_downloads": 124198 }, "notes": null }, @@ -1840,12 +1840,12 @@ { "id": 11797710, "name": "JanH", - "url": "https://addons.mozilla.org/en-US/android/user/11797710/", + "url": "https://addons.mozilla.org/en-US/firefox/user/11797710/", "username": "JanH", "picture_url": null } ], - "average_daily_users": 55478, + "average_daily_users": 58394, "categories": { "android": [ "photos-media" @@ -1876,7 +1876,7 @@ "platform": "all", "size": 11927, "status": "public", - "url": "https://addons.mozilla.org/android/downloads/file/3630185/videowiedergabe_i…", + "url": "https://addons.mozilla.org/firefox/downloads/file/3630185/videowiedergabe_i…", "permissions": [ "*://*.youtube.com/*", "*://*.youtube-nocookie.com/*", @@ -1958,12 +1958,12 @@ "category": "recommended" }, "ratings": { - "average": 4.5087, - "bayesian_average": 4.503205611529312, - "count": 979, - "text_count": 369 + "average": 4.5107, + "bayesian_average": 4.505196681975634, + "count": 983, + "text_count": 372 }, - "ratings_url": "https://addons.mozilla.org/en-US/android/addon/video-background-play-fix/re…", + "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/re…", "requires_payment": false, "review_url": "https://addons.mozilla.org/en-US/reviewers/review/811592", "slug": "video-background-play-fix", @@ -1985,8 +1985,8 @@ "youtube" ], "type": "extension", - "url": "https://addons.mozilla.org/en-US/android/addon/video-background-play-fix/", - "weekly_downloads": 59 + "url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/", + "weekly_downloads": 32 }, "notes": null }, @@ -1997,12 +1997,12 @@ { "id": 12808157, "name": "cowlicks", - "url": "https://addons.mozilla.org/en-US/android/user/12808157/", + "url": "https://addons.mozilla.org/en-US/firefox/user/12808157/", "username": "cowlicks", "picture_url": null } ], - "average_daily_users": 95688, + "average_daily_users": 95533, "categories": { "android": [ "experimental", @@ -2038,7 +2038,7 @@ "platform": "all", "size": 284724, "status": "public", - "url": "https://addons.mozilla.org/android/downloads/file/3360398/privacy_possum-20…", + "url": "https://addons.mozilla.org/firefox/downloads/file/3360398/privacy_possum-20…", "permissions": [ "tabs", "http://*/*", @@ -2141,12 +2141,12 @@ "category": "recommended" }, "ratings": { - "average": 4.4829, - "bayesian_average": 4.46463504208983, - "count": 292, - "text_count": 82 + "average": 4.4864, + "bayesian_average": 4.468197845946811, + "count": 294, + "text_count": 83 }, - "ratings_url": "https://addons.mozilla.org/en-US/android/addon/privacy-possum/reviews/", + "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/reviews/", "requires_payment": false, "review_url": "https://addons.mozilla.org/en-US/reviewers/review/953945", "slug": "privacy-possum", @@ -2168,8 +2168,8 @@ "tracking" ], "type": "extension", - "url": "https://addons.mozilla.org/en-US/android/addon/privacy-possum/", - "weekly_downloads": 1591 + "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/", + "weekly_downloads": 1565 }, "notes": null }, @@ -2180,12 +2180,12 @@ { "id": 12929064, "name": "Armin Sebastian", - "url": "https://addons.mozilla.org/en-US/android/user/12929064/", + "url": "https://addons.mozilla.org/en-US/firefox/user/12929064/", "username": "dessant", "picture_url": "https://addons.cdn.mozilla.net/user-media/userpics/12/12929/12929064.png?mo…" } ], - "average_daily_users": 161350, + "average_daily_users": 166133, "categories": { "android": [ "photos-media", @@ -2222,7 +2222,7 @@ "platform": "all", "size": 639916, "status": "public", - "url": "https://addons.mozilla.org/android/downloads/file/3702070/search_by_image-3…", + "url": "https://addons.mozilla.org/firefox/downloads/file/3702070/search_by_image-3…", "permissions": [ "contextMenus", "storage", @@ -2407,12 +2407,12 @@ "category": "recommended" }, "ratings": { - "average": 4.6609, - "bayesian_average": 4.653940298348592, - "count": 805, - "text_count": 168 + "average": 4.6601, + "bayesian_average": 4.653207694902121, + "count": 815, + "text_count": 169 }, - "ratings_url": "https://addons.mozilla.org/en-US/android/addon/search_by_image/reviews/", + "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/reviews/", "requires_payment": false, "review_url": "https://addons.mozilla.org/en-US/reviewers/review/824288", "slug": "search_by_image", @@ -2444,8 +2444,8 @@ "yandex" ], "type": "extension", - "url": "https://addons.mozilla.org/en-US/android/addon/search_by_image/", - "weekly_downloads": 8564 + "url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/", + "weekly_downloads": 8603 }, "notes": null }, @@ -2456,19 +2456,19 @@ { "id": 13394925, "name": "Thomas Wisniewski", - "url": "https://addons.mozilla.org/en-US/android/user/13394925/", + "url": "https://addons.mozilla.org/en-US/firefox/user/13394925/", "username": "wisniewskit", "picture_url": null }, { "id": 6084813, "name": "Rob W", - "url": "https://addons.mozilla.org/en-US/android/user/6084813/", + "url": "https://addons.mozilla.org/en-US/firefox/user/6084813/", "username": "RobW", "picture_url": null } ], - "average_daily_users": 32912, + "average_daily_users": 35051, "categories": { "android": [ "other" @@ -2499,7 +2499,7 @@ "platform": "all", "size": 13786, "status": "public", - "url": "https://addons.mozilla.org/android/downloads/file/3655036/google_search_fix…", + "url": "https://addons.mozilla.org/firefox/downloads/file/3655036/google_search_fix…", "permissions": [ "webRequest", "webRequestBlocking", @@ -2750,12 +2750,12 @@ "category": "recommended" }, "ratings": { - "average": 4.4419, - "bayesian_average": 4.436303974414219, - "count": 946, - "text_count": 254 + "average": 4.4383, + "bayesian_average": 4.432747479528366, + "count": 956, + "text_count": 257 }, - "ratings_url": "https://addons.mozilla.org/en-US/android/addon/google-search-fixer/reviews/", + "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/reviews/", "requires_payment": false, "review_url": "https://addons.mozilla.org/en-US/reviewers/review/869140", "slug": "google-search-fixer", @@ -2771,8 +2771,8 @@ }, "tags": [], "type": "extension", - "url": "https://addons.mozilla.org/en-US/android/addon/google-search-fixer/", - "weekly_downloads": 53 + "url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/", + "weekly_downloads": 60 }, "notes": null }, @@ -2783,12 +2783,12 @@ { "id": 143, "name": "Giorgio Maone", - "url": "https://addons.mozilla.org/en-US/android/user/143/", + "url": "https://addons.mozilla.org/en-US/firefox/user/143/", "username": "giorgio-maone", "picture_url": "https://addons.cdn.mozilla.net/user-media/userpics/0/0/143.png?modified=150…" } ], - "average_daily_users": 410215, + "average_daily_users": 408584, "categories": { "android": [ "performance", @@ -2802,7 +2802,7 @@ "contributions_url": "https://www.paypal.me/NoScript?utm_content=product-page-contribute&utm_medi…", "created": "2005-05-13T10:51:32Z", "current_version": { - "id": 5166141, + "id": 5171142, "compatibility": { "firefox": { "min": "59.0", @@ -2813,19 +2813,19 @@ "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/noscript/versions/5166141", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/noscript/versions/5171142", "files": [ { - "id": 3710503, - "created": "2021-01-17T22:30:16Z", - "hash": "sha256:5f68a63637e286433089aeb3b6a0aa930317dd988184876b5d6dcff2ca07bb34", + "id": 3715504, + "created": "2021-01-26T20:49:20Z", + "hash": "sha256:4258bcd0bcdfc8ecb231d250e3adf1c477a1a672ede74a5cd10ba05a5381babb", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 600156, + "size": 601909, "status": "public", - "url": "https://addons.mozilla.org/android/downloads/file/3710503/noscript_security…", + "url": "https://addons.mozilla.org/firefox/downloads/file/3715504/noscript_security…", "permissions": [ "contextMenus", "storage", @@ -2872,10 +2872,10 @@ "url": "http://www.gnu.org/licenses/gpl-2.0.html" }, "release_notes": { - "en-US": "v 11.1.9\n============================================================\nx Return null when webgl is not allowed (thanks Matthew \n Finkel for patch)\nx [XSS] Fixed memoization bug resulting in performance \n degradation on some payloads\nx [XSS] Include call stack in debugging log output\nx [XSS] Skip naps when InjectionChecker runs in its own \n worker\nx Shortcut for easier XSS filter testing\nx More lenient filter to add a new entry to per-site \n permissions\nx [L10n] Updated de\nx Replace script-embedded bitmap with css-embedded SVG as \n the placeholder logo\nx Updated TLDs\nx Remove source map reference causing console noise\nx Fix per-site permissions UI glitches when base domain is \n added to existing subdomain (thanks barbaz for reporting)" + "en-US": "v 11.2\n============================================================\nx [XSS] New UI to reveal and selectively remove permanent\n user choices\nx [L10n] Updated de\nx Webgl hook refactored on nscl/content/patchWindow.js and\n made Chromium-compatibile\nx Updated TLDs" }, "reviewed": null, - "version": "11.1.9" + "version": "11.2" }, "default_locale": "en-US", "description": { @@ -2925,7 +2925,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2021-01-19T08:35:13Z", + "last_updated": "2021-01-27T09:23:29Z", "name": { "de": "NoScript", "el": "NoScript", @@ -3013,12 +3013,12 @@ "category": "recommended" }, "ratings": { - "average": 4.5416, - "bayesian_average": 4.540012526012674, - "count": 3429, - "text_count": 2367 + "average": 4.5411, + "bayesian_average": 4.53951064079964, + "count": 3434, + "text_count": 2369 }, - "ratings_url": "https://addons.mozilla.org/en-US/android/addon/noscript/reviews/", + "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/reviews/", "requires_payment": false, "review_url": "https://addons.mozilla.org/en-US/reviewers/review/722", "slug": "noscript", @@ -3071,8 +3071,8 @@ "xss" ], "type": "extension", - "url": "https://addons.mozilla.org/en-US/android/addon/noscript/", - "weekly_downloads": 11292 + "url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/", + "weekly_downloads": 10673 }, "notes": null }, @@ -3083,12 +3083,12 @@ { "id": 4010195, "name": "Baris Derin", - "url": "https://addons.mozilla.org/en-US/android/user/4010195/", + "url": "https://addons.mozilla.org/en-US/firefox/user/4010195/", "username": "baris-derin", "picture_url": null } ], - "average_daily_users": 127688, + "average_daily_users": 128290, "categories": { "android": [ "performance", @@ -3125,7 +3125,7 @@ "platform": "all", "size": 234528, "status": "public", - "url": "https://addons.mozilla.org/android/downloads/file/3635763/youtube_high_defi…", + "url": "https://addons.mozilla.org/firefox/downloads/file/3635763/youtube_high_defi…", "permissions": [ "tabs", "storage", @@ -3227,12 +3227,12 @@ "category": "recommended" }, "ratings": { - "average": 4.1071, - "bayesian_average": 4.102893844607107, - "count": 1148, - "text_count": 550 + "average": 4.1125, + "bayesian_average": 4.108301527957989, + "count": 1156, + "text_count": 551 }, - "ratings_url": "https://addons.mozilla.org/en-US/android/addon/youtube-high-definition/revi…", + "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/revi…", "requires_payment": false, "review_url": "https://addons.mozilla.org/en-US/reviewers/review/328839", "slug": "youtube-high-definition", @@ -3267,8 +3267,8 @@ "youtube hd" ], "type": "extension", - "url": "https://addons.mozilla.org/en-US/android/addon/youtube-high-definition/", - "weekly_downloads": 1836 + "url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/", + "weekly_downloads": 2035 }, "notes": null }

1 0

[Git][tpo/applications/fenix][tor-browser-86.0.0b1-10.5-1] 8 commits: Bug 40002: Add GitLab CI
by Matthew Finkel 01 Feb '21

01 Feb '21

Matthew Finkel pushed to branch tor-browser-86.0.0b1-10.5-1 at The Tor Project / Applications / fenix Commits: 96f976b0 by Matthew Finkel at 2021-01-27T16:58:09+00:00 Bug 40002: Add GitLab CI Pin CI builds to runners with 32GB of RAM to avoid OOM conditions. - - - - - 3d0def78 by Matthew Finkel at 2021-01-27T16:59:05+00:00 Rename as Tor Browser Bug 40020: Change applicationId Bug 40020: Change app name Bug 40020: Change deeplink scheme Bug 40020: Change App icons Bug 40073: Use correct branding on About page Bug 40088: Use Tor Browser logo in migration screen - - - - - ba587e04 by Matthew Finkel at 2021-01-27T16:59:07+00:00 Disable features and functionality Bug 33594: Disable data collection by default (Glean) Bug 40019: Adjust is disabled on Release when data collection is disabled Bug 34338: Disable the crash reporter Bug 40014: Neuter Google Advertising ID Bug 40018: Disable Push service Bug 40034: Disable PWA onboading Bug 40072: Disable Tracking Protection Bug 40061: Do not show "Send to device" in sharing menu - - - - - 248adf05 by Georg Koppen at 2021-01-27T16:59:07+00:00 Modify build system Bug 40083: Make locale ordering in BuildConfig deterministic Bug 40042: Add option do overwrite timestamp in extension version Bug 40059: Use MOZ_BUILD_DATE for versionCode At the same time we adapt MOZ_BUILD_DATE to our needs where it is actually used and not in tor-browser-build. This gives us more flexibility. See: tor-browser-build#40084. Bug 40067: Fix reproducibility issue in classes2.dex We make sure our MOZ_BUILD_DATE gets used as a source for showing date related information on the Fenix about page. Bug 40071: Show only supported locales Bug 40064: Use Gecko Beta for Nightly and Debug variants Bug 40123: Allow building the instrumented tests apks for variants other than debug This allows to specify the variant of the instrumented tests via a `testBuildType` gradle argument. It also applies a workaround for a R8 issue from https://issuetracker.google.com/issues/140851070. - - - - - 24abe628 by Matthew Finkel at 2021-01-27T17:01:08+00:00 Add Tor integration and UI Bug 40001: Start Tor as part of the Fenix initialization Bug 40028: Implement Tor Service controller Bug 40028: Integrate Tor Controller into HomeFragment Bug 40028: Implement Tor connect and logger screens Bug 40028: Implement Tor Onboarding Bug 40028: Implement new home screen Bug 40028: Define bootstrapping events and Quick Start Bug 40041: Implement Tor Network Settings Bug 40041: Integrate Tor Network Settings - - - - - 022d1fed by Alex Catarineu at 2021-01-27T17:08:29+00:00 Modify UI/UX Bug 40015: Modify Home menu Bug 40016: Hide unwanted Settings Bug 40016: Modify Default toolbar menu Bug 40016: Add Donate settings button Bug 40016: Move Allow Screenshots under Advanced Bug 40016: Don't install WebCompat webext Bug 40016: Don't onboard Search Suggestions Bug 40094: Do not use MasterPasswordTipProvider in HomeFragment Bug 40095: Hide "Sign in to sync" in bookmarks Bug 40031: Hide Mozilla-specific items on About page Bug 40032: Set usesCleartextTraffic as false Bug 40063: Do not sort search engines alphabetically Bug 34378: Port external helper app prompting With the corresponding android-components patch, this allows all `startActivity` that may open external apps to be replaced by `TorUtils.startActivityPrompt`. Bug 34403: Disable Normal mode by default Bug 40087: Implement a switch for english locale spoofing - - - - - ab2d00f6 by Alex Catarineu at 2021-01-27T17:10:37+00:00 Modify Add-on support Bug 40030: Install HTTPS Everywhere and NoScript addons on startup HTTPS Everywhere is installed as a builtin extension and NoScript as a regular AMO addon. To avoid unnecessary I/O we only install NoScript the first time, and rely on the browser addon updating mechanism for keeping up with new versions. This is the same behaviour that was implemented in the Fennec-based Tor Browser, where it was installed as a "distribution addon", which also only occurred once. Bug 40062: HTTPS Everywhere is not shown as installed Also 40070: Consider storing the list of recommended addons This implements our own AddonsProvider, which loads the list of available addons from assets instead of fetching it from an endpoint. In this list, we replace https-everywhere by our https-everywhere-eff, so that the EFF one is shown as installed in the addons list and the AMO one is not displayed. Also, we hide the uninstall button for builtin addons. Bug 40058: Hide option for disallowing addon in private mode - - - - - d95db65d by Matthew Finkel at 2021-02-01T16:24:37+00:00 Add Security Level UI Bug 40026: Implement Security Level settings Bug 40026: Integrate Security Level settings - - - - - 30 changed files: - + .gitlab-ci.yml - app/build.gradle - app/proguard-rules.pro - app/src/androidTest/java/org/mozilla/fenix/ui/robots/SettingsSubMenuAboutRobot.kt - − app/src/beta/res/drawable/ic_launcher_foreground.xml - app/src/beta/res/mipmap-hdpi/ic_launcher.png - app/src/beta/res/mipmap-mdpi/ic_launcher.png - app/src/beta/res/mipmap-xhdpi/ic_launcher.png - app/src/beta/res/mipmap-xxhdpi/ic_launcher.png - app/src/beta/res/mipmap-xxxhdpi/ic_launcher.png - app/src/beta/res/values/static_strings.xml - app/src/beta/res/xml/shortcuts.xml - − app/src/debug/res/drawable/ic_launcher_foreground.xml - app/src/debug/res/xml/shortcuts.xml - app/src/main/AndroidManifest.xml - + app/src/main/assets/allowed_addons.json - app/src/main/java/org/mozilla/fenix/FeatureFlags.kt - app/src/main/java/org/mozilla/fenix/FenixApplication.kt - app/src/main/java/org/mozilla/fenix/HomeActivity.kt - app/src/main/java/org/mozilla/fenix/addons/InstalledAddonDetailsFragment.kt - app/src/main/java/org/mozilla/fenix/browser/BaseBrowserFragment.kt - app/src/main/java/org/mozilla/fenix/components/Analytics.kt - app/src/main/java/org/mozilla/fenix/components/Components.kt - app/src/main/java/org/mozilla/fenix/components/Core.kt - + app/src/main/java/org/mozilla/fenix/components/TorAddonCollectionProvider.kt - + app/src/main/java/org/mozilla/fenix/components/TorBrowserFeatures.kt - app/src/main/java/org/mozilla/fenix/components/metrics/AdjustMetricsService.kt - app/src/main/java/org/mozilla/fenix/components/metrics/MetricsUtils.kt - app/src/main/java/org/mozilla/fenix/components/toolbar/DefaultToolbarMenu.kt - app/src/main/java/org/mozilla/fenix/home/HomeFragment.kt The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/fenix/-/compare/0e6b466e02b0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/fenix/-/compare/0e6b466e02b0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[tor-browser-build/master] Bug 40221: Add tools/prune-old-builds
by gk＠torproject.org 01 Feb '21

01 Feb '21

commit 52ba09265002299e7fcba1f181c1656c372dbbc1 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Sun Jan 31 22:57:20 2021 +0100 Bug 40221: Add tools/prune-old-builds This script was already present in the directory tools/ansible/roles/tbb-nightly-build/files, however this directory will soon be removed as part of #40196. --- tools/prune-old-builds | 136 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) diff --git a/tools/prune-old-builds b/tools/prune-old-builds new file mode 100755 index 0000000..852a9da --- /dev/null +++ b/tools/prune-old-builds @@ -0,0 +1,136 @@ +#!/usr/bin/perl -w + +# Copyright (c) 2019, The Tor Project, Inc. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following disclaimer +# in the documentation and/or other materials provided with the +# distribution. +# +# * Neither the names of the copyright owners nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +# 'prune-old-builds' is a script to prune old builds. +# +# +# Usage: +# $ ./prune-old-builds [options] <directory> +# +# +# Available options: +# +# --dry-run +# Don't delete anything, but say what would be deleted. +# +# --prefix <prefix> +# Prefix of the directories to be removed. Default is 'tbb-nightly.'. +# +# --separator <c> +# Separator character to separate the year, month, day in the directory +# names. Default is '.'. +# +# --days <n> +# Number of days that we should keep. Default is 6. +# +# --weeks <n> +# Number of monday builds that we should keep. Default is 3. +# +# --months <n> +# Number of 1st day of the month builds that we should keep. +# Default is 3. + +use strict; +use Getopt::Long; +use DateTime; +use DateTime::Duration; +use File::Path qw(remove_tree); + +my %options = ( + days => 6, + weeks => 3, + months => 3, + prefix => 'tbb-nightly.', + separator => '.', +); + +sub keep_builds { + my %res; + + my $day = DateTime::Duration->new(days => 1); + my $week = DateTime::Duration->new(weeks => 1); + my $month = DateTime::Duration->new(months => 1); + + my $n = $options{days}; + my $dt = DateTime->now; + while ($n) { + $res{ $options{prefix} . $dt->ymd($options{separator}) } = 1; + $dt = $dt - $day; + $n--; + } + + my $w = $options{weeks}; + while ($dt->day_of_week != 1) { + $dt = $dt - $day; + } + while ($w) { + $res{ $options{prefix} . $dt->ymd($options{separator}) } = 1; + $dt = $dt - $week; + $w--; + } + + my $m = $options{months}; + $dt = DateTime->now; + while ($dt->day != 1) { + $dt = $dt - $day; + } + while ($m) { + $res{ $options{prefix} . $dt->ymd($options{separator}) } = 1; + $dt = $dt - $month; + $m--; + } + + return \%res; +} + +sub clean_directory { + my ($directory) = @_; + my $k = keep_builds; + chdir $directory || die "Error entering $directory"; + foreach my $file (glob "$options{prefix}*") { + next unless $file =~ m/^$options{prefix}\d{4}$options{separator}\d{2}$options{separator}\d{2}$/; + next if $k->{$file}; + if ($options{'dry-run'}) { + print "Would remove $file\n"; + } else { + remove_tree($file); + } + } +} + +my @opts = qw(days=i weeks=i months=i prefix=s dry-run!); +Getopt::Long::GetOptions(\%options, @opts); +die "Missing argument: directory to clean" unless @ARGV; +foreach my $dir (@ARGV) { + clean_directory($dir); +}

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 16940: After update, load local change notes.
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 89072a2d6e3104124a017ed590d3edb7d9c030ee Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Wed Nov 25 11:36:20 2015 -0500 Bug 16940: After update, load local change notes. Add an about:tbupdate page that displays the first section from TorBrowser/Docs/ChangeLog.txt and includes a link to the remote post-update page (typically our blog entry for the release). Always load about:tbupdate in a content process, but implement the code that reads the file system (changelog) in the chrome process for compatibility with future sandboxing efforts. Also fix bug 29440. Now about:tbupdate is styled as a fairly simple changelog page that is designed to be displayed via a link that is on about:tor. --- browser/actors/AboutTBUpdateChild.jsm | 12 +++ browser/actors/AboutTBUpdateParent.jsm | 120 +++++++++++++++++++++ browser/actors/moz.build | 6 ++ .../base/content/abouttbupdate/aboutTBUpdate.css | 74 +++++++++++++ .../base/content/abouttbupdate/aboutTBUpdate.js | 27 +++++ .../base/content/abouttbupdate/aboutTBUpdate.xhtml | 39 +++++++ browser/base/content/browser-siteIdentity.js | 2 +- browser/base/content/browser.js | 4 + browser/base/jar.mn | 5 + browser/components/BrowserContentHandler.jsm | 55 +++++++--- browser/components/BrowserGlue.jsm | 15 +++ browser/components/about/AboutRedirector.cpp | 6 ++ browser/components/about/components.conf | 3 + browser/components/moz.build | 5 +- .../locales/en-US/chrome/browser/aboutTBUpdate.dtd | 8 ++ browser/locales/jar.mn | 3 + toolkit/modules/RemotePageAccessManager.jsm | 5 + 17 files changed, 373 insertions(+), 16 deletions(-) diff --git a/browser/actors/AboutTBUpdateChild.jsm b/browser/actors/AboutTBUpdateChild.jsm new file mode 100644 index 000000000000..4670da19b3db --- /dev/null +++ b/browser/actors/AboutTBUpdateChild.jsm @@ -0,0 +1,12 @@ +// Copyright (c) 2020, The Tor Project, Inc. +// See LICENSE for licensing information. +// +// vim: set sw=2 sts=2 ts=8 et syntax=javascript: + +var EXPORTED_SYMBOLS = ["AboutTBUpdateChild"]; + +const { RemotePageChild } = ChromeUtils.import( + "resource://gre/actors/RemotePageChild.jsm" +); + +class AboutTBUpdateChild extends RemotePageChild {} diff --git a/browser/actors/AboutTBUpdateParent.jsm b/browser/actors/AboutTBUpdateParent.jsm new file mode 100644 index 000000000000..56a10394565a --- /dev/null +++ b/browser/actors/AboutTBUpdateParent.jsm @@ -0,0 +1,120 @@ +// Copyright (c) 2020, The Tor Project, Inc. +// See LICENSE for licensing information. +// +// vim: set sw=2 sts=2 ts=8 et syntax=javascript: + +"use strict"; + +this.EXPORTED_SYMBOLS = ["AboutTBUpdateParent"]; + +const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm"); +const { NetUtil } = ChromeUtils.import("resource://gre/modules/NetUtil.jsm"); +const { AppConstants } = ChromeUtils.import( + "resource://gre/modules/AppConstants.jsm" +); + +const kRequestUpdateMessageName = "FetchUpdateData"; + +/** + * This code provides services to the about:tbupdate page. Whenever + * about:tbupdate needs to do something chrome-privileged, it sends a + * message that's handled here. It is modeled after Mozilla's about:home + * implementation. + */ +class AboutTBUpdateParent extends JSWindowActorParent { + receiveMessage(aMessage) { + if (aMessage.name == kRequestUpdateMessageName) { + return this.releaseNoteInfo; + } + return undefined; + } + + get moreInfoURL() { + try { + return Services.prefs.getCharPref("torbrowser.post_update.url"); + } catch (e) {} + + // Use the default URL as a fallback. + return Services.urlFormatter.formatURLPref("startup.homepage_override_url"); + } + + // Read the text from the beginning of the changelog file that is located + // at TorBrowser/Docs/ChangeLog.txt and return an object that contains + // the following properties: + // version e.g., Tor Browser 8.5 + // releaseDate e.g., March 31 2019 + // releaseNotes details of changes (lines 2 - end of ChangeLog.txt) + // We attempt to parse the first line of ChangeLog.txt to extract the + // version and releaseDate. If parsing fails, we return the entire first + // line in version and omit releaseDate. + // + // On Mac OS, when building with --enable-tor-browser-data-outside-app-dir + // to support Gatekeeper signing, the ChangeLog.txt file is located in + // TorBrowser.app/Contents/Resources/TorBrowser/Docs/. + get releaseNoteInfo() { + let info = { moreInfoURL: this.moreInfoURL }; + + try { + let f; + if (AppConstants.TOR_BROWSER_DATA_OUTSIDE_APP_DIR) { + // "XREExeF".parent is the directory that contains firefox, i.e., + // Browser/ or, on Mac OS, TorBrowser.app/Contents/MacOS/. + f = Services.dirsvc.get("XREExeF", Ci.nsIFile).parent; + if (AppConstants.platform === "macosx") { + f = f.parent; + f.append("Resources"); + } + f.append("TorBrowser"); + } else { + // "DefProfRt" is .../TorBrowser/Data/Browser + f = Services.dirsvc.get("DefProfRt", Ci.nsIFile); + f = f.parent.parent; // Remove "Data/Browser" + } + + f.append("Docs"); + f.append("ChangeLog.txt"); + + let fs = Cc["@mozilla.org/network/file-input-stream;1"].createInstance( + Ci.nsIFileInputStream + ); + fs.init(f, -1, 0, 0); + let s = NetUtil.readInputStreamToString(fs, fs.available()); + fs.close(); + + // Truncate at the first empty line. + s = s.replace(/[\r\n][\r\n][\s\S]*$/m, ""); + + // Split into first line (version plus releaseDate) and + // remainder (releaseNotes). + // This first match() uses multiline mode with two capture groups: + // first line: (.*$) + // remaining lines: ([\s\S]+) + // [\s\S] matches all characters including end of line. This trick + // is needed because when using JavaScript regex in multiline mode, + // . does not match an end of line character. + let matchArray = s.match(/(.*$)\s*([\s\S]+)/m); + if (matchArray && matchArray.length == 3) { + info.releaseNotes = matchArray[2]; + let line1 = matchArray[1]; + // Extract the version and releaseDate. The first line looks like: + // Tor Browser 8.5 -- May 1 2019 + // The regex uses two capture groups: + // text that does not include a hyphen: (^[^-]*) + // remaining text: (.*$) + // In between we match optional whitespace, one or more hyphens, and + // optional whitespace by using: \s*-+\s* + matchArray = line1.match(/(^[^-]*)\s*-+\s*(.*$)/); + if (matchArray && matchArray.length == 3) { + info.version = matchArray[1]; + info.releaseDate = matchArray[2]; + } else { + info.version = line1; // Match failed: return entire line in version. + } + } else { + info.releaseNotes = s; // Only one line: use as releaseNotes. + } + } catch (e) {} + + return info; + } +} diff --git a/browser/actors/moz.build b/browser/actors/moz.build index 3952d5a95246..229f7290b98e 100644 --- a/browser/actors/moz.build +++ b/browser/actors/moz.build @@ -87,3 +87,9 @@ FINAL_TARGET_FILES.actors += [ "WebRTCChild.jsm", "WebRTCParent.jsm", ] + +if CONFIG["TOR_BROWSER_UPDATE"]: + FINAL_TARGET_FILES.actors += [ + "AboutTBUpdateChild.jsm", + "AboutTBUpdateParent.jsm", + ] diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.css b/browser/base/content/abouttbupdate/aboutTBUpdate.css new file mode 100644 index 000000000000..7c1a34b77f17 --- /dev/null +++ b/browser/base/content/abouttbupdate/aboutTBUpdate.css @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2019, The Tor Project, Inc. + * See LICENSE for licensing information. + * + * vim: set sw=2 sts=2 ts=8 et syntax=css: + */ + +:root { + --abouttor-text-color: white; + --abouttor-bg-toron-color: #420C5D; +} + +body { + font-family: Helvetica, Arial, sans-serif; + color: var(--abouttor-text-color); + background-color: var(--abouttor-bg-toron-color); + background-attachment: fixed; + background-size: 100% 100%; +} + +a { + color: var(--abouttor-text-color); +} + +.two-column-grid { + display: inline-grid; + grid-template-columns: auto auto; + grid-column-gap: 50px; + margin: 10px 0px 0px 50px; +} + +.two-column-grid div { + margin-top: 40px; + align-self: baseline; /* Align baseline of text across the row. */ +} + +.label-column { + font-size: 14px; + font-weight: 400; +} + +/* + * Use a reduced top margin to bring the row that contains the + * "visit our website" link closer to the row that precedes it. This + * looks better because the "visit our website" row does not have a + * label in the left column. + */ +div.more-info-row { + margin-top: 5px; + font-size: 14px; +} + +#version-content { + font-size: 50px; + font-weight: 300; +} + +body:not([havereleasedate]) .release-date-cell { + display: none; +} + +#releasedate-content { + font-size: 17px; +} + +#releasenotes-label { + align-self: start; /* Anchor "Release Notes" label at the top. */ +} + +#releasenotes-content { + font-family: monospace; + font-size: 15px; + white-space: pre; +} diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.js b/browser/base/content/abouttbupdate/aboutTBUpdate.js new file mode 100644 index 000000000000..ec070e2cb131 --- /dev/null +++ b/browser/base/content/abouttbupdate/aboutTBUpdate.js @@ -0,0 +1,27 @@ +// Copyright (c) 2020, The Tor Project, Inc. +// See LICENSE for licensing information. +// +// vim: set sw=2 sts=2 ts=8 et syntax=javascript: + +/* eslint-env mozilla/frame-script */ + +// aData may contain the following string properties: +// version +// releaseDate +// moreInfoURL +// releaseNotes +function onUpdate(aData) { + document.getElementById("version-content").textContent = aData.version; + if (aData.releaseDate) { + document.body.setAttribute("havereleasedate", "true"); + document.getElementById("releasedate-content").textContent = + aData.releaseDate; + } + if (aData.moreInfoURL) { + document.getElementById("infolink").setAttribute("href", aData.moreInfoURL); + } + document.getElementById("releasenotes-content").textContent = + aData.releaseNotes; +} + +RPMSendQuery("FetchUpdateData").then(onUpdate); diff --git a/browser/base/content/abouttbupdate/aboutTBUpdate.xhtml b/browser/base/content/abouttbupdate/aboutTBUpdate.xhtml new file mode 100644 index 000000000000..8489cfef5083 --- /dev/null +++ b/browser/base/content/abouttbupdate/aboutTBUpdate.xhtml @@ -0,0 +1,39 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<!DOCTYPE html [ + <!ENTITY % htmlDTD + PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" + "DTD/xhtml1-strict.dtd"> + %htmlDTD; + <!ENTITY % globalDTD SYSTEM "chrome://global/locale/global.dtd"> + %globalDTD; + <!ENTITY % tbUpdateDTD SYSTEM "chrome://browser/locale/aboutTBUpdate.dtd"> + %tbUpdateDTD; +]> + +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> + <meta http-equiv="Content-Security-Policy" content="default-src chrome:; object-src 'none'" /> + <title>&aboutTBUpdate.changelogTitle;</title> + <link rel="stylesheet" type="text/css" + href="chrome://browser/content/abouttbupdate/aboutTBUpdate.css"/> + <script src="chrome://browser/content/abouttbupdate/aboutTBUpdate.js" + type="text/javascript"/> +</head> +<body dir="&locale.dir;"> +<div class="two-column-grid"> + <div class="label-column">&aboutTBUpdate.version;</div> + <div id="version-content"/> + + <div class="label-column release-date-cell">&aboutTBUpdate.releaseDate;</div> + <div id="releasedate-content" class="release-date-cell"/> + + <div class="more-info-row"/> + <div class="more-info-row">&aboutTBUpdate.linkPrefix;<a id="infolink">&aboutTBUpdate.linkLabel;</a>&aboutTBUpdate.linkSuffix;</div> + + <div id="releasenotes-label" + class="label-column">&aboutTBUpdate.releaseNotes;</div> + <div id="releasenotes-content"></div> +</div> +</body> +</html> diff --git a/browser/base/content/browser-siteIdentity.js b/browser/base/content/browser-siteIdentity.js index 5850d7ceb4c2..9cf2ff85cbbd 100644 --- a/browser/base/content/browser-siteIdentity.js +++ b/browser/base/content/browser-siteIdentity.js @@ -57,7 +57,7 @@ var gIdentityHandler = { * RegExp used to decide if an about url should be shown as being part of * the browser UI. */ - _secureInternalPages: /^(?:accounts|addons|cache|certificate|config|crashes|downloads|license|logins|preferences|protections|rights|sessionrestore|support|welcomeback|ion)(?:[?#]|$)/i, + _secureInternalPages: (AppConstants.TOR_BROWSER_UPDATE ? /^(?:accounts|addons|cache|certificate|config|crashes|downloads|license|logins|preferences|protections|rights|sessionrestore|support|welcomeback|ion|tor|tbupdate)(?:[?#]|$)/i : /^(?:accounts|addons|cache|certificate|config|crashes|downloads|license|logins|preferences|protections|rights|sessionrestore|support|welcomeback|ion|tor)(?:[?#]|$)/i), /** * Whether the established HTTPS connection is considered "broken". diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js index 2d7341287566..5ad00bdddb30 100644 --- a/browser/base/content/browser.js +++ b/browser/base/content/browser.js @@ -658,6 +658,10 @@ var gInitialPages = [ "about:newinstall", ]; +if (AppConstants.TOR_BROWSER_UPDATE) { + gInitialPages.push("about:tbupdate"); +} + function isInitialPage(url) { if (!(url instanceof Ci.nsIURI)) { try { diff --git a/browser/base/jar.mn b/browser/base/jar.mn index 471544f6b7f7..d6c9e31c2c95 100644 --- a/browser/base/jar.mn +++ b/browser/base/jar.mn @@ -31,6 +31,11 @@ browser.jar: content/browser/aboutTabCrashed.css (content/aboutTabCrashed.css) content/browser/aboutTabCrashed.js (content/aboutTabCrashed.js) content/browser/aboutTabCrashed.xhtml (content/aboutTabCrashed.xhtml) +#ifdef TOR_BROWSER_UPDATE + content/browser/abouttbupdate/aboutTBUpdate.xhtml (content/abouttbupdate/aboutTBUpdate.xhtml) + content/browser/abouttbupdate/aboutTBUpdate.js (content/abouttbupdate/aboutTBUpdate.js) + content/browser/abouttbupdate/aboutTBUpdate.css (content/abouttbupdate/aboutTBUpdate.css) +#endif * content/browser/browser.css (content/browser.css) content/browser/browser.js (content/browser.js) * content/browser/browser.xhtml (content/browser.xhtml) diff --git a/browser/components/BrowserContentHandler.jsm b/browser/components/BrowserContentHandler.jsm index 0a37ca088ca0..ab63c16087f0 100644 --- a/browser/components/BrowserContentHandler.jsm +++ b/browser/components/BrowserContentHandler.jsm @@ -652,6 +652,23 @@ nsBrowserContentHandler.prototype = { } } + // Retrieve the home page early so we can compare it against about:tor + // to decide whether or not we need an override page (second tab) after + // an update was applied. + var startPage = ""; + try { + var choice = prefb.getIntPref("browser.startup.page"); + if (choice == 1 || choice == 3) { + startPage = HomePage.get(); + } + } catch (e) { + Cu.reportError(e); + } + + if (startPage == "about:blank") { + startPage = ""; + } + var override; var overridePage = ""; var additionalPage = ""; @@ -703,6 +720,16 @@ nsBrowserContentHandler.prototype = { // into account because that requires waiting for the session file // to be read. If a crash occurs after updating, before restarting, // we may open the startPage in addition to restoring the session. + // + // Tor Browser: Instead of opening the post-update "override page" + // directly, we ensure that about:tor will be opened in a special + // mode that notifies the user that their browser was updated. + // The about:tor page will provide a link to the override page + // where the user can learn more about the update, as well as a + // link to the Tor Browser changelog page (about:tbupdate). The + // override page URL comes from the openURL attribute within the + // updates.xml file or, if no showURL action is present, from the + // startup.homepage_override_url pref. willRestoreSession = SessionStartup.isAutomaticRestoreEnabled(); overridePage = Services.urlFormatter.formatURLPref( @@ -722,6 +749,20 @@ nsBrowserContentHandler.prototype = { overridePage = overridePage.replace("%OLD_VERSION%", old_mstone); overridePage = overridePage.replace("%OLD_TOR_BROWSER_VERSION%", old_tbversion); +#ifdef TOR_BROWSER_UPDATE + if (overridePage) + { + prefb.setCharPref("torbrowser.post_update.url", overridePage); + prefb.setBoolPref("torbrowser.post_update.shouldNotify", true); + // If the user's homepage is about:tor, we will inform them + // about the update on that page; otherwise, we arrange to + // open about:tor in a secondary tab. + if (startPage === "about:tor") + overridePage = ""; + else + overridePage = "about:tor"; + } +#endif break; case OVERRIDE_NEW_BUILD_ID: if (UpdateManager.readyUpdate) { @@ -794,20 +835,6 @@ nsBrowserContentHandler.prototype = { } } - var startPage = ""; - try { - var choice = prefb.getIntPref("browser.startup.page"); - if (choice == 1 || choice == 3) { - startPage = HomePage.get(); - } - } catch (e) { - Cu.reportError(e); - } - - if (startPage == "about:blank") { - startPage = ""; - } - let skipStartPage = (override == OVERRIDE_NEW_PROFILE || override == OVERRIDE_ALTERNATE_PROFILE) && diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm index ebc52d19e48d..d04fdda538de 100644 --- a/browser/components/BrowserGlue.jsm +++ b/browser/components/BrowserGlue.jsm @@ -730,6 +730,21 @@ let JSWINDOWACTORS = { }, }; +if (AppConstants.TOR_BROWSER_UPDATE) { + JSWINDOWACTORS["AboutTBUpdate"] = { + parent: { + moduleURI: "resource:///actors/AboutTBUpdateParent.jsm", + }, + child: { + moduleURI: "resource:///actors/AboutTBUpdateChild.jsm", + events: { + DOMWindowCreated: { capture: true }, + }, + }, + matches: ["about:tbupdate"], + }; +} + (function earlyBlankFirstPaint() { let startTime = Cu.now(); if ( diff --git a/browser/components/about/AboutRedirector.cpp b/browser/components/about/AboutRedirector.cpp index 9fb93eddaab2..bc1eaaae25c1 100644 --- a/browser/components/about/AboutRedirector.cpp +++ b/browser/components/about/AboutRedirector.cpp @@ -121,6 +121,12 @@ static const RedirEntry kRedirMap[] = { nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS}, {"ion", "chrome://browser/content/ion.html", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT}, +#ifdef TOR_BROWSER_UPDATE + {"tbupdate", "chrome://browser/content/abouttbupdate/aboutTBUpdate.xhtml", + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | + nsIAboutModule::URI_MUST_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT | + nsIAboutModule::HIDE_FROM_ABOUTABOUT}, +#endif }; static nsAutoCString GetAboutModuleName(nsIURI* aURI) { diff --git a/browser/components/about/components.conf b/browser/components/about/components.conf index 42011d509481..56731d70c386 100644 --- a/browser/components/about/components.conf +++ b/browser/components/about/components.conf @@ -32,6 +32,9 @@ pages = [ 'welcomeback', ] +if defined('TOR_BROWSER_UPDATE'): + pages.append('tbupdate') + Classes = [ { 'cid': '{7e4bb6ad-2fc4-4dc6-89ef-23e8e5ccf980}', diff --git a/browser/components/moz.build b/browser/components/moz.build index 78fce1bfb464..7e7b928d757d 100644 --- a/browser/components/moz.build +++ b/browser/components/moz.build @@ -88,11 +88,14 @@ EXTRA_COMPONENTS += [ ] EXTRA_JS_MODULES += [ - "BrowserContentHandler.jsm", "BrowserGlue.jsm", "distribution.js", ] +EXTRA_PP_JS_MODULES += [ + "BrowserContentHandler.jsm", +] + BROWSER_CHROME_MANIFESTS += [ "safebrowsing/content/test/browser.ini", "tests/browser/browser.ini", diff --git a/browser/locales/en-US/chrome/browser/aboutTBUpdate.dtd b/browser/locales/en-US/chrome/browser/aboutTBUpdate.dtd new file mode 100644 index 000000000000..2d1e59b40eaf --- /dev/null +++ b/browser/locales/en-US/chrome/browser/aboutTBUpdate.dtd @@ -0,0 +1,8 @@ +<!ENTITY aboutTBUpdate.changelogTitle "Tor Browser Changelog"> +<!ENTITY aboutTBUpdate.updated "Tor Browser has been updated."> +<!ENTITY aboutTBUpdate.linkPrefix "For the most up-to-date information about this release, "> +<!ENTITY aboutTBUpdate.linkLabel "visit our website"> +<!ENTITY aboutTBUpdate.linkSuffix "."> +<!ENTITY aboutTBUpdate.version "Version"> +<!ENTITY aboutTBUpdate.releaseDate "Release Date"> +<!ENTITY aboutTBUpdate.releaseNotes "Release Notes"> diff --git a/browser/locales/jar.mn b/browser/locales/jar.mn index 6000f3b48c01..2aecae56bdca 100644 --- a/browser/locales/jar.mn +++ b/browser/locales/jar.mn @@ -20,6 +20,9 @@ locale/browser/accounts.properties (%chrome/browser/accounts.properties) locale/browser/app-extension-fields.properties (%chrome/browser/app-extension-fields.properties) +#ifdef TOR_BROWSER_UPDATE + locale/browser/aboutTBUpdate.dtd (%chrome/browser/aboutTBUpdate.dtd) +#endif locale/browser/browser.dtd (%chrome/browser/browser.dtd) locale/browser/browser.properties (%chrome/browser/browser.properties) locale/browser/customizableui/customizableWidgets.properties (%chrome/browser/customizableui/customizableWidgets.properties) diff --git a/toolkit/modules/RemotePageAccessManager.jsm b/toolkit/modules/RemotePageAccessManager.jsm index 4d16894f1164..877aa998dd4e 100644 --- a/toolkit/modules/RemotePageAccessManager.jsm +++ b/toolkit/modules/RemotePageAccessManager.jsm @@ -192,6 +192,11 @@ let RemotePageAccessManager = { RPMAddMessageListener: ["*"], RPMRemoveMessageListener: ["*"], }, + "about:tbupdate": { + RPMSendQuery: [ + "FetchUpdateData", + ], + }, }, /**

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 23104: Add a default line height compensation
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 55151f69fe02715e35cb649ccc70cfac67e555f8 Author: Igor Oliveira <igor.oliveira(a)posteo.net> Date: Sun Dec 10 18:16:59 2017 -0200 Bug 23104: Add a default line height compensation Many fonts have issues with their vertical metrics. they are used to influence the height of ascenders and depth of descenders. Gecko uses it to calculate the line height (font height + ascender + descender), however because of that idiosyncratic behavior across multiple operating systems, it can be used to identify the user's OS. The solution proposed in the patch uses a default factor to be multiplied with the font size, simulating the concept of ascender and descender. This way all operating systems will have the same line height only and only if the frame is outside the chrome. --- layout/generic/ReflowInput.cpp | 19 +++++++++--- layout/generic/test/mochitest.ini | 1 + layout/generic/test/test_tor_bug23104.html | 50 ++++++++++++++++++++++++++++++ 3 files changed, 65 insertions(+), 5 deletions(-) diff --git a/layout/generic/ReflowInput.cpp b/layout/generic/ReflowInput.cpp index fb78c89e913b..60fdc5023d5e 100644 --- a/layout/generic/ReflowInput.cpp +++ b/layout/generic/ReflowInput.cpp @@ -31,6 +31,7 @@ #include "mozilla/SVGUtils.h" #include "mozilla/dom/HTMLInputElement.h" #include "nsGridContainerFrame.h" +#include "nsContentUtils.h" using namespace mozilla; using namespace mozilla::css; @@ -2666,7 +2667,8 @@ void ReflowInput::CalculateBlockSideMargins(LayoutFrameType aFrameType) { // For risk management, we use preference to control the behavior, and // eNoExternalLeading is the old behavior. -static nscoord GetNormalLineHeight(nsFontMetrics* aFontMetrics) { +static nscoord GetNormalLineHeight(nsIContent* aContent, + nsFontMetrics* aFontMetrics) { MOZ_ASSERT(nullptr != aFontMetrics, "no font metrics"); nscoord normalLineHeight; @@ -2674,6 +2676,12 @@ static nscoord GetNormalLineHeight(nsFontMetrics* aFontMetrics) { nscoord externalLeading = aFontMetrics->ExternalLeading(); nscoord internalLeading = aFontMetrics->InternalLeading(); nscoord emHeight = aFontMetrics->EmHeight(); + + if (nsContentUtils::ShouldResistFingerprinting() && + !aContent->IsInChromeDocument()) { + return NSToCoordRound(emHeight * NORMAL_LINE_HEIGHT_FACTOR); + } + switch (GetNormalLineHeightCalcControl()) { case eIncludeExternalLeading: normalLineHeight = emHeight + internalLeading + externalLeading; @@ -2691,7 +2699,8 @@ static nscoord GetNormalLineHeight(nsFontMetrics* aFontMetrics) { return normalLineHeight; } -static inline nscoord ComputeLineHeight(ComputedStyle* aComputedStyle, +static inline nscoord ComputeLineHeight(nsIContent* aContent, + ComputedStyle* aComputedStyle, nsPresContext* aPresContext, nscoord aBlockBSize, float aFontSizeInflation) { @@ -2720,7 +2729,7 @@ static inline nscoord ComputeLineHeight(ComputedStyle* aComputedStyle, RefPtr<nsFontMetrics> fm = nsLayoutUtils::GetFontMetricsForComputedStyle( aComputedStyle, aPresContext, aFontSizeInflation); - return GetNormalLineHeight(fm); + return GetNormalLineHeight(aContent, fm); } nscoord ReflowInput::CalcLineHeight() const { @@ -2742,7 +2751,7 @@ nscoord ReflowInput::CalcLineHeight(nsIContent* aContent, float aFontSizeInflation) { MOZ_ASSERT(aComputedStyle, "Must have a ComputedStyle"); - nscoord lineHeight = ComputeLineHeight(aComputedStyle, aPresContext, + nscoord lineHeight = ComputeLineHeight(aContent, aComputedStyle, aPresContext, aBlockBSize, aFontSizeInflation); NS_ASSERTION(lineHeight >= 0, "ComputeLineHeight screwed up"); @@ -2755,7 +2764,7 @@ nscoord ReflowInput::CalcLineHeight(nsIContent* aContent, if (!lh.IsNormal()) { RefPtr<nsFontMetrics> fm = nsLayoutUtils::GetFontMetricsForComputedStyle( aComputedStyle, aPresContext, aFontSizeInflation); - nscoord normal = GetNormalLineHeight(fm); + nscoord normal = GetNormalLineHeight(aContent, fm); if (lineHeight < normal) { lineHeight = normal; } diff --git a/layout/generic/test/mochitest.ini b/layout/generic/test/mochitest.ini index 2d61b5dae990..93d7d9ae1fb9 100644 --- a/layout/generic/test/mochitest.ini +++ b/layout/generic/test/mochitest.ini @@ -150,3 +150,4 @@ skip-if = debug == true || tsan # the test is slow. tsan: bug 1612707 support-files = file_reframe_for_lazy_load_image.html [test_bug1655135.html] +[test_tor_bug23104.html] diff --git a/layout/generic/test/test_tor_bug23104.html b/layout/generic/test/test_tor_bug23104.html new file mode 100644 index 000000000000..8ff1d2190c45 --- /dev/null +++ b/layout/generic/test/test_tor_bug23104.html @@ -0,0 +1,50 @@ +<!DOCTYPE HTML> +<meta charset="UTF-8"> +<html> +<head> + <title>Test for Tor Bug #23104: CSS line-height reveals the platform Tor browser is running</title> + <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> + <script type="application/javascript" src="/tests/SimpleTest/SpawnTask.js"></script> + <style type="text/css"> + span { + background-color: #000; + color: #fff; + font-size: 16.5px; + } + </style> +</head> +<body> +<span id="test1">Test1</span> +<span id="test2">كلمة</span> +<span id="test3">ação</span> +<script> + +let setPref = async function (key, value) { + await SpecialPowers.pushPrefEnv({"set": [[key, value]]}); +} + +function getStyle(el, styleprop) { + el = document.getElementById(el); + return document.defaultView.getComputedStyle(el, null).getPropertyValue(styleprop); +} + +function validateElement(elementName, isFingerprintResistent) { + var fontSize = getStyle(elementName, 'font-size'); + var lineHeight = getStyle(elementName, 'line-height'); + var validationCb = isFingerprintResistent ? is : isnot; + validationCb(parseFloat(lineHeight), Math.round(parseFloat(fontSize)) * 1.2, 'Line Height validation'); +} + +add_task(async function() { + await setPref("layout.css.line-height.normal-as-resolved-value.enabled", false); + for (let resistFingerprintingValue of [true, false]) { + await setPref("privacy.resistFingerprinting", resistFingerprintingValue); + for (let elementId of ['test1', 'test2', 'test3']) { + validateElement(elementId, resistFingerprintingValue); + } + } +}); + +</script> +</body> +</html>

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 16285: Exclude ClearKey system for now
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 7c1f1640d2165bd7dd752014021165dcd56a7ee5 Author: Georg Koppen <gk(a)torproject.org> Date: Mon May 22 12:44:40 2017 +0000 Bug 16285: Exclude ClearKey system for now In the past the ClearKey system had not been compiled when specifying --disable-eme. But that changed and it is even bundled nowadays (see: Mozilla's bug 1300654). We don't want to ship it right now as the use case for it is not really visible while the code had security vulnerabilities in the past. --- browser/installer/package-manifest.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in index f40210cc51cb..0929e113ea71 100644 --- a/browser/installer/package-manifest.in +++ b/browser/installer/package-manifest.in @@ -464,8 +464,8 @@ bin/libfreebl_64int_3.so #endif ; media -@RESPATH@/gmp-clearkey/0.1/@DLL_PREFIX@clearkey@DLL_SUFFIX@ -@RESPATH@/gmp-clearkey/0.1/manifest.json +;@RESPATH@/gmp-clearkey/0.1/@DLL_PREFIX@clearkey@DLL_SUFFIX@ +;@RESPATH@/gmp-clearkey/0.1/manifest.json #ifdef MOZ_DMD ; DMD

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 21830: Copying large text from web console leaks to /tmp
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 2e819c45ed8babc860c17255b6bdd7a00fd27f1c Author: Georg Koppen <gk(a)torproject.org> Date: Fri Aug 4 05:55:49 2017 +0000 Bug 21830: Copying large text from web console leaks to /tmp Patch written by Neill Miller --- widget/nsTransferable.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/widget/nsTransferable.cpp b/widget/nsTransferable.cpp index c82549a4d1d1..f8ecfbff0983 100644 --- a/widget/nsTransferable.cpp +++ b/widget/nsTransferable.cpp @@ -33,6 +33,7 @@ Notes to self: #include "nsILoadContext.h" #include "nsXULAppAPI.h" #include "mozilla/UniquePtr.h" +#include "mozilla/Preferences.h" using namespace mozilla; @@ -195,6 +196,11 @@ nsTransferable::Init(nsILoadContext* aContext) { if (aContext) { mPrivateData = aContext->UsePrivateBrowsing(); + } else { + // without aContext here to provide PrivateBrowsing information, + // we defer to the active configured setting + mPrivateData = + mozilla::Preferences::GetBool("browser.privatebrowsing.autostart"); } #ifdef DEBUG mInitialized = true;

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 21431: Clean-up system extensions shipped in Firefox
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 5200db21b8d525acc6d33361cd9706e4ceb6cb45 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Tue May 23 17:05:29 2017 -0400 Bug 21431: Clean-up system extensions shipped in Firefox Only ship the pdfjs extension. --- browser/components/BrowserGlue.jsm | 6 ++++++ browser/extensions/moz.build | 2 +- browser/installer/package-manifest.in | 1 - browser/locales/Makefile.in | 8 -------- browser/locales/jar.mn | 7 ------- 5 files changed, 7 insertions(+), 17 deletions(-) diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm index d04fdda538de..5ed564a0f25e 100644 --- a/browser/components/BrowserGlue.jsm +++ b/browser/components/BrowserGlue.jsm @@ -2141,6 +2141,9 @@ BrowserGlue.prototype = { const ID = "screenshots(a)mozilla.org"; const _checkScreenshotsPref = async () => { let addon = await AddonManager.getAddonByID(ID); + if (!addon) { + return; + } let disabled = Services.prefs.getBoolPref(PREF, false); if (disabled) { await addon.disable({ allowSystemAddons: true }); @@ -2157,6 +2160,9 @@ BrowserGlue.prototype = { const ID = "webcompat-reporter(a)mozilla.org"; Services.prefs.addObserver(PREF, async () => { let addon = await AddonManager.getAddonByID(ID); + if (!addon) { + return; + } let enabled = Services.prefs.getBoolPref(PREF, false); if (enabled && !addon.isActive) { await addon.enable({ allowSystemAddons: true }); diff --git a/browser/extensions/moz.build b/browser/extensions/moz.build index df98fa94f629..8b16ddc4a84a 100644 --- a/browser/extensions/moz.build +++ b/browser/extensions/moz.build @@ -4,7 +4,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -DIRS += ["doh-rollout", "formautofill", "screenshots", "webcompat", "report-site-issue"] +DIRS += [] if not CONFIG["TOR_BROWSER_DISABLE_TOR_LAUNCHER"]: DIRS += ["tor-launcher"] diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in index 0929e113ea71..eaedee212386 100644 --- a/browser/installer/package-manifest.in +++ b/browser/installer/package-manifest.in @@ -272,7 +272,6 @@ @RESPATH@/browser/chrome/icons/default/default64.png @RESPATH@/browser/chrome/icons/default/default128.png #endif -@RESPATH@/browser/features/* ; [DevTools Startup Files] @RESPATH@/browser/chrome/devtools-startup@JAREXT@ diff --git a/browser/locales/Makefile.in b/browser/locales/Makefile.in index 496379c4306f..0946188813da 100644 --- a/browser/locales/Makefile.in +++ b/browser/locales/Makefile.in @@ -58,10 +58,6 @@ l10n-%: @$(MAKE) -C ../../toolkit/locales l10n-$* XPI_ROOT_APPID='$(XPI_ROOT_APPID)' @$(MAKE) -C ../../services/sync/locales AB_CD=$* XPI_NAME=locale-$* @$(MAKE) -C ../../extensions/spellcheck/locales AB_CD=$* XPI_NAME=locale-$* -ifneq (,$(wildcard ../extensions/formautofill/locales)) - @$(MAKE) -C ../extensions/formautofill/locales AB_CD=$* XPI_NAME=locale-$* -endif - @$(MAKE) -C ../extensions/report-site-issue/locales AB_CD=$* XPI_NAME=locale-$* @$(MAKE) -C ../../devtools/client/locales AB_CD=$* XPI_NAME=locale-$* XPI_ROOT_APPID='$(XPI_ROOT_APPID)' @$(MAKE) -C ../../devtools/startup/locales AB_CD=$* XPI_NAME=locale-$* XPI_ROOT_APPID='$(XPI_ROOT_APPID)' @$(MAKE) l10n AB_CD=$* XPI_NAME=locale-$* PREF_DIR=$(PREF_DIR) @@ -75,14 +71,10 @@ chrome-%: @$(MAKE) -C ../../toolkit/locales chrome-$* @$(MAKE) -C ../../services/sync/locales chrome AB_CD=$* @$(MAKE) -C ../../extensions/spellcheck/locales chrome AB_CD=$* -ifneq (,$(wildcard ../extensions/formautofill/locales)) - @$(MAKE) -C ../extensions/formautofill/locales chrome AB_CD=$* -endif @$(MAKE) -C ../../devtools/client/locales chrome AB_CD=$* @$(MAKE) -C ../../devtools/startup/locales chrome AB_CD=$* @$(MAKE) chrome AB_CD=$* @$(MAKE) -C $(DEPTH)/$(MOZ_BRANDING_DIRECTORY)/locales chrome AB_CD=$* - @$(MAKE) -C ../extensions/report-site-issue/locales chrome AB_CD=$* package-win32-installer: $(SUBMAKEFILES) $(MAKE) -C ../installer/windows CONFIG_DIR=l10ngen ZIP_IN='$(ZIP_OUT)' installer diff --git a/browser/locales/jar.mn b/browser/locales/jar.mn index 2aecae56bdca..934205ce6e15 100644 --- a/browser/locales/jar.mn +++ b/browser/locales/jar.mn @@ -53,10 +53,3 @@ locale/browser/newInstall.dtd (%chrome/browser/newInstall.dtd) locale/browser/brandings.dtd (%chrome/browser/brandings.dtd) locale/browser/fxmonitor.properties (%chrome/browser/fxmonitor.properties) - -#ifdef XPI_NAME -# Bug 1240628, restructure how l10n repacks work with feature addons -# This is hacky, but ensures the chrome.manifest chain is complete -[.] chrome.jar: -% manifest features/chrome.manifest -#endif

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 25658: Replace security slider with security level UI
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 488d6021eb3f6dee519ed7bcd88436205b064faf Author: Richard Pospesel <richard(a)torproject.org> Date: Mon Mar 4 16:09:51 2019 -0800 Bug 25658: Replace security slider with security level UI This patch adds a new 'securitylevel' component to Tor Browser intended to replace the torbutton 'Security Slider'. This component adds a new Security Level toolbar button which visually indicates the current global security level via icon (as defined by the extensions.torbutton.security_slider pref), a drop-down hanger with a short description of the current security level, and a new section in the about:preferences#privacy page where users can change their current security level. In addition, the hanger and the preferences page will show a visual warning when the user has modified prefs associated with the security level and provide a one-click 'Restore Defaults' button to get the user back on recommended settings. Strings used by this patch are pulled from the torbutton extension, but en-US defaults are provided if there is an error loading from the extension. With this patch applied, the usual work-flow of "./mach build && ./mach run" work as expected, even if the torbutton extension is disabled. --- browser/base/content/browser.js | 10 + browser/base/content/browser.xhtml | 5 + browser/components/moz.build | 1 + browser/components/preferences/preferences.xhtml | 1 + browser/components/preferences/privacy.inc.xhtml | 2 + browser/components/preferences/privacy.js | 19 + .../securitylevel/content/securityLevel.js | 501 +++++++++++++++++++++ .../securitylevel/content/securityLevelButton.css | 9 + .../content/securityLevelButton.inc.xhtml | 7 + .../securitylevel/content/securityLevelButton.svg | 21 + .../securitylevel/content/securityLevelPanel.css | 82 ++++ .../content/securityLevelPanel.inc.xhtml | 38 ++ .../content/securityLevelPreferences.css | 26 ++ .../content/securityLevelPreferences.inc.xhtml | 62 +++ browser/components/securitylevel/jar.mn | 6 + browser/components/securitylevel/moz.build | 1 + 16 files changed, 791 insertions(+) diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js index 5ad00bdddb30..aa4542889d9a 100644 --- a/browser/base/content/browser.js +++ b/browser/base/content/browser.js @@ -213,6 +213,11 @@ XPCOMUtils.defineLazyScriptGetter( ["DownloadsButton", "DownloadsIndicatorView"], "chrome://browser/content/downloads/indicator.js" ); +XPCOMUtils.defineLazyScriptGetter( + this, + ["SecurityLevelButton"], + "chrome://browser/content/securitylevel/securityLevel.js" +); XPCOMUtils.defineLazyScriptGetter( this, "gEditItemOverlay", @@ -1811,6 +1816,9 @@ var gBrowserInit = { // doesn't flicker as the window is being shown. DownloadsButton.init(); + // Init the SecuritySettingsButton + SecurityLevelButton.init(); + // Certain kinds of automigration rely on this notification to complete // their tasks BEFORE the browser window is shown. SessionStore uses it to // restore tabs into windows AFTER important parts like gMultiProcessBrowser @@ -2490,6 +2498,8 @@ var gBrowserInit = { DownloadsButton.uninit(); + SecurityLevelButton.uninit(); + gAccessibilityServiceIndicator.uninit(); if (gToolbarKeyNavEnabled) { diff --git a/browser/base/content/browser.xhtml b/browser/base/content/browser.xhtml index 6898bdad1007..d33310813d4f 100644 --- a/browser/base/content/browser.xhtml +++ b/browser/base/content/browser.xhtml @@ -20,6 +20,8 @@ <?xml-stylesheet href="chrome://browser/content/browser.css" type="text/css"?> <?xml-stylesheet href="chrome://browser/content/tabbrowser.css" type="text/css"?> <?xml-stylesheet href="chrome://browser/content/downloads/downloads.css" type="text/css"?> +<?xml-stylesheet href="chrome://browser/content/securitylevel/securityLevelPanel.css"?> +<?xml-stylesheet href="chrome://browser/content/securitylevel/securityLevelButton.css"?> <?xml-stylesheet href="chrome://browser/content/places/places.css" type="text/css"?> <?xml-stylesheet href="chrome://browser/content/usercontext/usercontext.css" type="text/css"?> <?xml-stylesheet href="chrome://browser/skin/" type="text/css"?> @@ -644,6 +646,7 @@ #include ../../components/controlcenter/content/protectionsPanel.inc.xhtml #include ../../components/downloads/content/downloadsPanel.inc.xhtml #include ../../../devtools/startup/enableDevToolsPopup.inc.xhtml +#include ../../components/securitylevel/content/securityLevelPanel.inc.xhtml #include browser-allTabsMenu.inc.xhtml <hbox id="downloads-animation-container"> @@ -2004,6 +2007,8 @@ </stack> </toolbarbutton> +#include ../../components/securitylevel/content/securityLevelButton.inc.xhtml + <toolbarbutton id="library-button" class="toolbarbutton-1 chromeclass-toolbar-additional subviewbutton-nav" removable="true" onmousedown="PanelUI.showSubView('appMenu-libraryView', this, event);" diff --git a/browser/components/moz.build b/browser/components/moz.build index 7e7b928d757d..f4ec78486769 100644 --- a/browser/components/moz.build +++ b/browser/components/moz.build @@ -51,6 +51,7 @@ DIRS += [ "protocolhandler", "resistfingerprinting", "search", + "securitylevel", "sessionstore", "shell", "syncedtabs", diff --git a/browser/components/preferences/preferences.xhtml b/browser/components/preferences/preferences.xhtml index 4b0c351c9185..7464274ac4d7 100644 --- a/browser/components/preferences/preferences.xhtml +++ b/browser/components/preferences/preferences.xhtml @@ -12,6 +12,7 @@ <?xml-stylesheet href="chrome://browser/skin/preferences/search.css"?> <?xml-stylesheet href="chrome://browser/skin/preferences/containers.css"?> <?xml-stylesheet href="chrome://browser/skin/preferences/privacy.css"?> +<?xml-stylesheet href="chrome://browser/content/securitylevel/securityLevelPreferences.css"?> <!DOCTYPE html> diff --git a/browser/components/preferences/privacy.inc.xhtml b/browser/components/preferences/privacy.inc.xhtml index 09d66e136d81..96f7a021f645 100644 --- a/browser/components/preferences/privacy.inc.xhtml +++ b/browser/components/preferences/privacy.inc.xhtml @@ -924,6 +924,8 @@ <html:h1 data-l10n-id="security-header"/> </hbox> +#include ../securitylevel/content/securityLevelPreferences.inc.xhtml +  <groupbox id="browsingProtectionGroup" data-category="panePrivacy" hidden="true"> <label><html:h2 data-l10n-id="security-browsing-protection"/></label> diff --git a/browser/components/preferences/privacy.js b/browser/components/preferences/privacy.js index 0706f9e8bae9..2827dc8341ee 100644 --- a/browser/components/preferences/privacy.js +++ b/browser/components/preferences/privacy.js @@ -80,6 +80,12 @@ XPCOMUtils.defineLazyGetter(this, "AlertsServiceDND", function() { } }); +XPCOMUtils.defineLazyScriptGetter( + this, + ["SecurityLevelPreferences"], + "chrome://browser/content/securitylevel/securityLevel.js" +); + XPCOMUtils.defineLazyServiceGetter( this, "listManager", @@ -305,6 +311,18 @@ function setUpContentBlockingWarnings() { var gPrivacyPane = { _pane: null, + /** + * Show the Security Level UI + */ + _initSecurityLevel() { + SecurityLevelPreferences.init(); + let unload = () => { + window.removeEventListener("unload", unload); + SecurityLevelPreferences.uninit(); + }; + window.addEventListener("unload", unload); + }, + /** * Whether the prompt to restart Firefox should appear when changing the autostart pref. */ @@ -516,6 +534,7 @@ var gPrivacyPane = { this.trackingProtectionReadPrefs(); this.networkCookieBehaviorReadPrefs(); this._initTrackingProtectionExtensionControl(); + this._initSecurityLevel(); Services.telemetry.setEventRecordingEnabled("pwmgr", true); diff --git a/browser/components/securitylevel/content/securityLevel.js b/browser/components/securitylevel/content/securityLevel.js new file mode 100644 index 000000000000..b47d0cfb545e --- /dev/null +++ b/browser/components/securitylevel/content/securityLevel.js @@ -0,0 +1,501 @@ +"use strict"; + +ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm"); +ChromeUtils.import("resource://gre/modules/Services.jsm"); + +XPCOMUtils.defineLazyModuleGetters(this, { + CustomizableUI: "resource:///modules/CustomizableUI.jsm", + PanelMultiView: "resource:///modules/PanelMultiView.jsm", +}); + +ChromeUtils.defineModuleGetter( + this, + "TorStrings", + "resource:///modules/TorStrings.jsm" +); + +/* + Security Level Prefs + + Getters and Setters for relevant torbutton prefs +*/ +const SecurityLevelPrefs = { + security_slider_pref : "extensions.torbutton.security_slider", + security_custom_pref : "extensions.torbutton.security_custom", + + get securitySlider() { + try { + return Services.prefs.getIntPref(this.security_slider_pref); + } catch(e) { + // init pref to 4 (standard) + const val = 4; + Services.prefs.setIntPref(this.security_slider_pref, val); + return val; + } + }, + + set securitySlider(val) { + Services.prefs.setIntPref(this.security_slider_pref, val); + }, + + get securityCustom() { + try { + return Services.prefs.getBoolPref(this.security_custom_pref); + } catch(e) { + // init custom to false + const val = false; + Services.prefs.setBoolPref(this.security_custom_pref, val); + return val; + } + }, + + set securityCustom(val) { + Services.prefs.setBoolPref(this.security_custom_pref, val); + }, +}; /* Security Level Prefs */ + +/* + Security Level Button Code + + Controls init and update of the security level toolbar button +*/ + +const SecurityLevelButton = { + _securityPrefsBranch : null, + + _populateXUL : function(securityLevelButton) { + if (securityLevelButton != null) { + securityLevelButton.setAttribute("tooltiptext", TorStrings.securityLevel.securityLevel); + securityLevelButton.setAttribute("label", TorStrings.securityLevel.securityLevel); + } + }, + + _configUIFromPrefs : function(securityLevelButton) { + if (securityLevelButton != null) { + let securitySlider = SecurityLevelPrefs.securitySlider; + let classList = securityLevelButton.classList; + classList.remove("standard", "safer", "safest"); + switch(securitySlider) { + case 4: + classList.add("standard"); + securityLevelButton.setAttribute("tooltiptext", TorStrings.securityLevel.standard.tooltip); + break; + case 2: + classList.add("safer"); + securityLevelButton.setAttribute("tooltiptext", TorStrings.securityLevel.safer.tooltip); + break; + case 1: + classList.add("safest"); + securityLevelButton.setAttribute("tooltiptext", TorStrings.securityLevel.safest.tooltip); + break; + } + } + }, + + get button() { + let button = document.getElementById("security-level-button"); + if (!button) { + return null; + } + return button; + }, + + get anchor() { + let anchor = this.button.icon; + if (!anchor) { + return null; + } + + anchor.setAttribute("consumeanchor", SecurityLevelButton.button.id); + return anchor; + }, + + init : function() { + // set the initial class based off of the current pref + let button = this.button; + this._populateXUL(button); + this._configUIFromPrefs(button); + + this._securityPrefsBranch = Services.prefs.getBranch("extensions.torbutton."); + this._securityPrefsBranch.addObserver("", this, false); + + CustomizableUI.addListener(this); + + SecurityLevelPanel.init(); + }, + + uninit : function() { + CustomizableUI.removeListener(this); + + this._securityPrefsBranch.removeObserver("", this); + this._securityPrefsBranch = null; + + SecurityLevelPanel.uninit(); + }, + + observe : function(subject, topic, data) { + switch(topic) { + case "nsPref:changed": + if (data == "security_slider") { + this._configUIFromPrefs(this.button); + } + break; + } + }, + + // callback for entering the 'Customize Firefox' screen to set icon + onCustomizeStart : function(window) { + let navigatorToolbox = document.getElementById("navigator-toolbox"); + let button = navigatorToolbox.palette.querySelector("#security-level-button"); + this._populateXUL(button); + this._configUIFromPrefs(button); + }, + + // callback when CustomizableUI modifies DOM + onWidgetAfterDOMChange : function(aNode, aNextNode, aContainer, aWasRemoval) { + if (aNode.id == "security-level-button" && !aWasRemoval) { + this._populateXUL(aNode); + this._configUIFromPrefs(aNode); + } + }, + + // for when the toolbar button needs to be activated and displays the Security Level panel + // + // In the toolbarbutton xul you'll notice we register this callback for both onkeypress and + // onmousedown. We do this to match the behavior of other panel spawning buttons such as Downloads, + // Library, and the Hamburger menus. Using oncommand alone would result in only getting fired + // after onclick, which is mousedown followed by mouseup. + onCommand : function(aEvent) { + // snippet stolen from /browser/components/downloads/indicator.js DownloadsIndicatorView.onCommand(evt) + if ( + (aEvent.type == "mousedown" && aEvent.button != 0) || + (aEvent.type == "keypress" && aEvent.key != " " && aEvent.key != "Enter") + ) { + return; + } + + // we need to set this attribute for the button to be shaded correctly to look like it is pressed + // while the security level panel is open + this.button.setAttribute("open", "true"); + SecurityLevelPanel.show(); + }, +}; /* Security Level Button */ + +/* + Security Level Panel Code + + Controls init and update of the panel in the security level hanger +*/ + +const SecurityLevelPanel = { + _securityPrefsBranch : null, + _panel : null, + _anchor : null, + _populated : false, + + _populateXUL : function() { + // get the panel elements we need to populate + let panelview = document.getElementById("securityLevel-panelview"); + let labelHeader = panelview.querySelector("#securityLevel-header"); + let labelCustomWarning = panelview.querySelector("#securityLevel-customWarning") + let labelLearnMore = panelview.querySelector("#securityLevel-learnMore"); + let buttonRestoreDefaults = panelview.querySelector("#securityLevel-restoreDefaults"); + let buttonAdvancedSecuritySettings = panelview.querySelector("#securityLevel-advancedSecuritySettings"); + + labelHeader.setAttribute("value", TorStrings.securityLevel.securityLevel); + labelCustomWarning.setAttribute("value", TorStrings.securityLevel.customWarning); + labelLearnMore.setAttribute("value", TorStrings.securityLevel.learnMore); + labelLearnMore.setAttribute("href", TorStrings.securityLevel.learnMoreURL); + buttonRestoreDefaults.setAttribute("label", TorStrings.securityLevel.restoreDefaults); + buttonAdvancedSecuritySettings.setAttribute("label", TorStrings.securityLevel.advancedSecuritySettings); + + // rest of the XUL is set based on security prefs + this._configUIFromPrefs(); + + this._populated = true; + }, + + _configUIFromPrefs : function() { + // get security prefs + let securitySlider = SecurityLevelPrefs.securitySlider; + let securityCustom = SecurityLevelPrefs.securityCustom; + + // get the panel elements we need to populate + let panelview = document.getElementById("securityLevel-panelview"); + let labelLevel = panelview.querySelector("#securityLevel-level"); + let labelCustomWarning = panelview.querySelector("#securityLevel-customWarning") + let summary = panelview.querySelector("#securityLevel-summary"); + let buttonRestoreDefaults = panelview.querySelector("#securityLevel-restoreDefaults"); + let buttonAdvancedSecuritySettings = panelview.querySelector("#securityLevel-advancedSecuritySettings"); + + // only visible when user is using custom settings + labelCustomWarning.hidden = !securityCustom; + buttonRestoreDefaults.hidden = !securityCustom; + + // Descriptions change based on security level + switch(securitySlider) { + // standard + case 4: + labelLevel.setAttribute("value", TorStrings.securityLevel.standard.level); + summary.textContent = TorStrings.securityLevel.standard.summary; + break; + // safer + case 2: + labelLevel.setAttribute("value", TorStrings.securityLevel.safer.level); + summary.textContent = TorStrings.securityLevel.safer.summary; + break; + // safest + case 1: + labelLevel.setAttribute("value", TorStrings.securityLevel.safest.level); + summary.textContent = TorStrings.securityLevel.safest.summary; + break; + } + + // override the summary text with custom warning + if (securityCustom) { + summary.textContent = TorStrings.securityLevel.custom.summary; + } + }, + + init : function() { + this._securityPrefsBranch = Services.prefs.getBranch("extensions.torbutton."); + this._securityPrefsBranch.addObserver("", this, false); + }, + + uninit : function() { + this._securityPrefsBranch.removeObserver("", this); + this._securityPrefsBranch = null; + }, + + show : function() { + // we have to defer this until after the browser has finished init'ing before + // we can populate the panel + if (!this._populated) { + this._populateXUL(); + } + + let panel = document.getElementById("securityLevel-panel"); + panel.hidden = false; + PanelMultiView.openPopup(panel, SecurityLevelButton.anchor, "bottomcenter topright", + 0, 0, false, null).catch(Cu.reportError); + }, + + hide : function() { + let panel = document.getElementById("securityLevel-panel"); + PanelMultiView.hidePopup(panel); + }, + + restoreDefaults : function() { + SecurityLevelPrefs.securityCustom = false; + // hide and reshow so that layout re-renders properly + this.hide(); + this.show(this._anchor); + }, + + openAdvancedSecuritySettings : function() { + openPreferences("privacy-securitylevel"); + this.hide(); + }, + + // callback when prefs change + observe : function(subject, topic, data) { + switch(topic) { + case "nsPref:changed": + if (data == "security_slider" || data == "security_custom") { + this._configUIFromPrefs(); + } + break; + } + }, + + // callback when the panel is displayed + onPopupShown : function(event) { + SecurityLevelButton.button.setAttribute("open", "true"); + }, + + // callback when the panel is hidden + onPopupHidden : function(event) { + SecurityLevelButton.button.removeAttribute("open"); + } +}; /* Security Level Panel */ + +/* + Security Level Preferences Code + + Code to handle init and update of security level section in about:preferences#privacy +*/ + +const SecurityLevelPreferences = +{ + _securityPrefsBranch : null, + + _populateXUL : function() { + let groupbox = document.getElementById("securityLevel-groupbox"); + + let labelHeader = groupbox.querySelector("#securityLevel-header"); + labelHeader.textContent = TorStrings.securityLevel.securityLevel; + + let spanOverview = groupbox.querySelector("#securityLevel-overview"); + spanOverview.textContent = TorStrings.securityLevel.overview; + + let labelLearnMore = groupbox.querySelector("#securityLevel-learnMore"); + labelLearnMore.setAttribute("value", TorStrings.securityLevel.learnMore); + labelLearnMore.setAttribute("href", TorStrings.securityLevel.learnMoreURL); + + let radiogroup = document.getElementById("securityLevel-radiogroup"); + radiogroup.addEventListener("command", SecurityLevelPreferences.selectSecurityLevel); + + let populateRadioElements = function(vboxQuery, stringStruct) { + let vbox = groupbox.querySelector(vboxQuery); + + let radio = vbox.querySelector("radio"); + radio.setAttribute("label", stringStruct.level); + + let customWarning = vbox.querySelector("#securityLevel-customWarning"); + customWarning.setAttribute("value", TorStrings.securityLevel.customWarning); + + let labelSummary = vbox.querySelector("#securityLevel-summary"); + labelSummary.textContent = stringStruct.summary; + + let labelRestoreDefaults = vbox.querySelector("#securityLevel-restoreDefaults"); + labelRestoreDefaults.setAttribute("value", TorStrings.securityLevel.restoreDefaults); + labelRestoreDefaults.addEventListener("click", SecurityLevelPreferences.restoreDefaults); + + let description1 = vbox.querySelector("#securityLevel-description1"); + if (description1) { + description1.textContent = stringStruct.description1; + } + let description2 = vbox.querySelector("#securityLevel-description2"); + if (description2) { + description2.textContent = stringStruct.description2; + } + let description3 = vbox.querySelector("#securityLevel-description3"); + if (description3) { + description3.textContent = stringStruct.description3; + } + }; + + populateRadioElements("#securityLevel-vbox-standard", TorStrings.securityLevel.standard); + populateRadioElements("#securityLevel-vbox-safer", TorStrings.securityLevel.safer); + populateRadioElements("#securityLevel-vbox-safest", TorStrings.securityLevel.safest); + }, + + _configUIFromPrefs : function() { + // read our prefs + let securitySlider = SecurityLevelPrefs.securitySlider; + let securityCustom = SecurityLevelPrefs.securityCustom; + + // get our elements + let groupbox = document.getElementById("securityLevel-groupbox"); + + let radiogroup = groupbox.querySelector("#securityLevel-radiogroup"); + let labelStandardCustom = groupbox.querySelector("#securityLevel-vbox-standard label#securityLevel-customWarning"); + let labelSaferCustom = groupbox.querySelector("#securityLevel-vbox-safer label#securityLevel-customWarning"); + let labelSafestCustom = groupbox.querySelector("#securityLevel-vbox-safest label#securityLevel-customWarning"); + let labelStandardRestoreDefaults = groupbox.querySelector("#securityLevel-vbox-standard label#securityLevel-restoreDefaults"); + let labelSaferRestoreDefaults = groupbox.querySelector("#securityLevel-vbox-safer label#securityLevel-restoreDefaults"); + let labelSafestRestoreDefaults = groupbox.querySelector("#securityLevel-vbox-safest label#securityLevel-restoreDefaults"); + + // hide custom label by default until we know which level we're at + labelStandardCustom.hidden = true; + labelSaferCustom.hidden = true; + labelSafestCustom.hidden = true; + + labelStandardRestoreDefaults.hidden = true; + labelSaferRestoreDefaults.hidden = true; + labelSafestRestoreDefaults.hidden = true; + + switch(securitySlider) { + // standard + case 4: + radiogroup.value = "standard"; + labelStandardCustom.hidden = !securityCustom; + labelStandardRestoreDefaults.hidden = !securityCustom; + break; + // safer + case 2: + radiogroup.value = "safer"; + labelSaferCustom.hidden = !securityCustom; + labelSaferRestoreDefaults.hidden = !securityCustom; + break; + // safest + case 1: + radiogroup.value = "safest"; + labelSafestCustom.hidden = !securityCustom; + labelSafestRestoreDefaults.hidden = !securityCustom; + break; + } + }, + + init : function() { + // populate XUL with localized strings + this._populateXUL(); + + // read prefs and populate UI + this._configUIFromPrefs(); + + // register for pref chagnes + this._securityPrefsBranch = Services.prefs.getBranch("extensions.torbutton."); + this._securityPrefsBranch.addObserver("", this, false); + }, + + uninit : function() { + // unregister for pref change events + this._securityPrefsBranch.removeObserver("", this); + this._securityPrefsBranch = null; + }, + + // callback for when prefs change + observe : function(subject, topic, data) { + switch(topic) { + case "nsPref:changed": + if (data == "security_slider" || + data == "security_custom") { + this._configUIFromPrefs(); + } + break; + } + }, + + selectSecurityLevel : function() { + // radio group elements + let radiogroup = document.getElementById("securityLevel-radiogroup"); + + // update pref based on selected radio option + switch (radiogroup.value) { + case "standard": + SecurityLevelPrefs.securitySlider = 4; + break; + case "safer": + SecurityLevelPrefs.securitySlider = 2; + break; + case "safest": + SecurityLevelPrefs.securitySlider = 1; + break; + } + + SecurityLevelPreferences.restoreDefaults(); + }, + + restoreDefaults : function() { + SecurityLevelPrefs.securityCustom = false; + }, +}; /* Security Level Prefereces */ + +Object.defineProperty(this, "SecurityLevelButton", { + value: SecurityLevelButton, + enumerable: true, + writable: false +}); + +Object.defineProperty(this, "SecurityLevelPanel", { + value: SecurityLevelPanel, + enumerable: true, + writable: false +}); + +Object.defineProperty(this, "SecurityLevelPreferences", { + value: SecurityLevelPreferences, + enumerable: true, + writable: false +}); diff --git a/browser/components/securitylevel/content/securityLevelButton.css b/browser/components/securitylevel/content/securityLevelButton.css new file mode 100644 index 000000000000..81f2365bae28 --- /dev/null +++ b/browser/components/securitylevel/content/securityLevelButton.css @@ -0,0 +1,9 @@ +toolbarbutton#security-level-button.standard { + list-style-image: url("chrome://browser/content/securitylevel/securityLevelButton.svg#standard"); +} +toolbarbutton#security-level-button.safer { + list-style-image: url("chrome://browser/content/securitylevel/securityLevelButton.svg#safer"); +} +toolbarbutton#security-level-button.safest { + list-style-image: url("chrome://browser/content/securitylevel/securityLevelButton.svg#safest"); +} diff --git a/browser/components/securitylevel/content/securityLevelButton.inc.xhtml b/browser/components/securitylevel/content/securityLevelButton.inc.xhtml new file mode 100644 index 000000000000..96ee1ec0ca49 --- /dev/null +++ b/browser/components/securitylevel/content/securityLevelButton.inc.xhtml @@ -0,0 +1,7 @@ +<toolbarbutton id="security-level-button" class="toolbarbutton-1 chromeclass-toolbar-additional" + badged="true" + removable="true" + onmousedown="SecurityLevelButton.onCommand(event);" + onkeypress="SecurityLevelButton.onCommand(event);" + closemenu="none" + cui-areatype="toolbar"/> diff --git a/browser/components/securitylevel/content/securityLevelButton.svg b/browser/components/securitylevel/content/securityLevelButton.svg new file mode 100644 index 000000000000..8535cdcc531e --- /dev/null +++ b/browser/components/securitylevel/content/securityLevelButton.svg @@ -0,0 +1,21 @@ +<svg width="14px" height="16px" viewBox="0 0 14 16" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> + <style> + use:not(:target) { + display: none; + } + </style> + <defs> + <g id="standard_icon" stroke="none" stroke-width="1"> + <path d="M7.0 2.16583509C7.0 2.16583509 2.0 4.24375717 2.0 4.24375717C2.0 4.24375717 2.0 7.27272727 2.0 7.27272727C2.0 10.2413541 4.13435329 13.0576771 7.0 13.9315843C9.8656467 13.0576771 12.0 10.2413541 12.0 7.27272727C12.0 7.27272727 12.0 4.24375717 12.0 4.24375717C12.0 4.24375717 7.0 2.16583509 7.0 2.16583509C7.0 2.16583509 7.0 2.16583509 7.0 2.16583509M7.0 0.0C7.0 0.0 14.0 2.90909091 14.0 2.90909091C14.0 2.90909091 14.0 7.27272727 14.0 7.27272727C14.0 11.3090909 11.0133333 15.0836364 7.0 16.0C2.98666667 15.0836364 0.0 11.3090909 0.0 7.27272727C0.0 7.27272727 0.0 2.90909091 0.0 2.90909091C0.0 2.90909091 7.0 0.0 7.0 0.0C7.0 0.0 7.0 0.0 7.0 0.0" /> + </g> + <g id="safer_icon" stroke="none" stroke-width="1"> + <path fill-rule="nonzero" d="M7.0 2.1658351C7.0 13.931584 7.0 2.1658351 7.0 13.931584C9.8656467 13.057677 12.0 10.241354 12.0 7.2727273C12.0 7.2727273 12.0 4.2437572 12.0 4.2437572C12.0 4.2437572 7.0 2.1658351 7.0 2.1658351C7.0 2.1658351 7.0 2.1658351 7.0 2.1658351M7.0 0.0C7.0 0.0 14.0 2.9090909 14.0 2.9090909C14.0 2.9090909 14.0 7.2727273 14.0 7.2727273C14.0 11.309091 11.013333 15.083636 7.0 16.0C2.9866667 15.083636 0.0 11.309091 0.0 7.2727273C0.0 7.2727273 0.0 2.9090909 0.0 2.9090909C0.0 2.9090909 7.0 0.0 7.0 0.0"/> + </g> + <g id="safest_icon" stroke="none" stroke-width="1"> + <path d="M7.0 0.0C7.0 0.0 14.0 2.90909091 14.0 2.90909091C14.0 2.90909091 14.0 7.27272727 14.0 7.27272727C14.0 11.3090909 11.0133333 15.0836364 7.0 16.0C2.98666667 15.0836364 0.0 11.3090909 0.0 7.27272727C0.0 7.27272727 0.0 2.90909091 0.0 2.90909091C0.0 2.90909091 7.0 0.0 7.0 0.0C7.0 0.0 7.0 0.0 7.0 0.0" /> + </g> + </defs> + <use id="standard" fill="context-fill" fill-opacity="context-fill-opacity" href="#standard_icon" /> + <use id="safer" fill="context-fill" fill-opacity="context-fill-opacity" href="#safer_icon" /> + <use id="safest" fill="context-fill" fill-opacity="context-fill-opacity" href="#safest_icon" /> +</svg> diff --git a/browser/components/securitylevel/content/securityLevelPanel.css b/browser/components/securitylevel/content/securityLevelPanel.css new file mode 100644 index 000000000000..70022e2bd4b2 --- /dev/null +++ b/browser/components/securitylevel/content/securityLevelPanel.css @@ -0,0 +1,82 @@ +/* Security Level CSS */ + +panel#securityLevel-panel > .panel-arrowcontainer > .panel-arrowcontent { + padding: 0; +} + +panelview#securityLevel-panelview { + width: 20em; +} + +panelview#securityLevel-panelview>vbox.panel-subview-body { + padding: 1em; +} + +label#securityLevel-header { + text-transform: uppercase; + color: var(--panel-disabled-color); + font-size: 0.85em; + margin: 0 0 0.4em 0; + padding: 0; +} + +hbox#securityLevel-levelHbox { + margin-bottom: 1em; +} + +label#securityLevel-level { + font-size: 1.5em; + margin: 0 0.5em 0 0; + padding: 0; +} + +label#securityLevel-customWarning { + border-radius: 2px; + background-color: #ffe845; + text-transform: uppercase; + font-weight: bolder; + font-size: 0.8em; + height: 1em; + line-height: 1em; + vertical-align: middle; + margin: auto; + padding: 0.4em; +} + +panelview#securityLevel-panelview description { + margin: 0 -0.5em 0.5em 0; + padding: 0 !important; +} + +label#securityLevel-learnMore { + margin: 0 0 1.0em 0; + padding: 0; +} + +panelview#securityLevel-panelview button { + -moz-appearance: none; + background-color: var(--arrowpanel-dimmed); +} + +panelview#securityLevel-panelview button:hover { + background-color: var(--arrowpanel-dimmed-further); +} + +panelview#securityLevel-panelview button:active { + background-color: var(--arrowpanel-dimmed-even-further); +} + +button#securityLevel-restoreDefaults { + margin: 0 0 1.0em 0; + padding: 0.45em; + color: inherit !important; +} + +button#securityLevel-advancedSecuritySettings { + margin: 0 -1.0em -1.0em -1.0em; + border-radius: 0; + border-top: 1px solid var(--panel-separator-color); + padding: 0; + height: 3.0em; + color: inherit !important; +} diff --git a/browser/components/securitylevel/content/securityLevelPanel.inc.xhtml b/browser/components/securitylevel/content/securityLevelPanel.inc.xhtml new file mode 100644 index 000000000000..4abbb12dd856 --- /dev/null +++ b/browser/components/securitylevel/content/securityLevelPanel.inc.xhtml @@ -0,0 +1,38 @@ +<panel id="securityLevel-panel" + role="group" + type="arrow" + orient="vertical" + level="top" + hidden="true" + class="panel-no-padding" + onpopupshown="SecurityLevelPanel.onPopupShown(event);" + onpopuphidden="SecurityLevelPanel.onPopupHidden(event);" + > + <panelmultiview mainViewId="securityLevel-panelview"> + <panelview id="securityLevel-panelview" descriptionheightworkaround="true"> + <vbox class="panel-subview-body"> + <label id="securityLevel-header"/> + <hbox id="securityLevel-levelHbox"> + <label id="securityLevel-level"/> + <vbox> + <spacer flex="1"/> + <label id="securityLevel-customWarning"/> + <spacer flex="1"/> + </vbox> + </hbox> + <description id="securityLevel-summary"/> + <label + id="securityLevel-learnMore" + class="learnMore text-link" + onclick="SecurityLevelPanel.hide();" + is="text-link"/> + <button + id="securityLevel-restoreDefaults" + oncommand="SecurityLevelPanel.restoreDefaults();"/> + <button + id="securityLevel-advancedSecuritySettings" + oncommand="SecurityLevelPanel.openAdvancedSecuritySettings();"/> + </vbox> + </panelview> + </panelmultiview> +</panel> diff --git a/browser/components/securitylevel/content/securityLevelPreferences.css b/browser/components/securitylevel/content/securityLevelPreferences.css new file mode 100644 index 000000000000..0d1040d177d8 --- /dev/null +++ b/browser/components/securitylevel/content/securityLevelPreferences.css @@ -0,0 +1,26 @@ +label#securityLevel-customWarning { + border-radius: 2px; + background-color: #ffe845; + text-transform: uppercase; + font-weight: bolder; + font-size: 0.7em; + height: 1em; + line-height: 1em; + padding: 0.35em; +} + +radiogroup#securityLevel-radiogroup radio { + font-weight: bold; +} + +vbox#securityLevel-vbox-standard, +vbox#securityLevel-vbox-safer, +vbox#securityLevel-vbox-safest { + margin-top: 0.4em; +} + +vbox#securityLevel-vbox-standard description.indent, +vbox#securityLevel-vbox-safer description.indent, +vbox#securityLevel-vbox-safest description.indent { + margin-inline-start: 0 !important; +} diff --git a/browser/components/securitylevel/content/securityLevelPreferences.inc.xhtml b/browser/components/securitylevel/content/securityLevelPreferences.inc.xhtml new file mode 100644 index 000000000000..a108d44a7b51 --- /dev/null +++ b/browser/components/securitylevel/content/securityLevelPreferences.inc.xhtml @@ -0,0 +1,62 @@ +<groupbox id="securityLevel-groupbox" data-category="panePrivacy" hidden="true"> + <label><html:h2 id="securityLevel-header"/></label> + <vbox data-subcategory="securitylevel" flex="1"> + <description flex="1"> + <html:span id="securityLevel-overview" class="tail-with-learn-more"/> + <label id="securityLevel-learnMore" class="learnMore text-link" is="text-link"/> + </description> + <radiogroup id="securityLevel-radiogroup"> + <vbox id="securityLevel-vbox-standard"> + <hbox> + <radio value="standard"/> + <vbox> + <spacer flex="1"/> + <label id="securityLevel-customWarning"/> + <spacer flex="1"/> + </vbox> + </hbox> + <description flex="1"> + <html:span id="securityLevel-summary" class="tail-with-learn-more"/> + <label id="securityLevel-restoreDefaults" + class="learnMore text-link"/> + </description> + </vbox> + <vbox id="securityLevel-vbox-safer"> + <hbox> + <radio value="safer"/> + <vbox> + <spacer flex="1"/> + <label id="securityLevel-customWarning"/> + <spacer flex="1"/> + </vbox> + </hbox> + <description flex="1"> + <html:span id="securityLevel-summary" class="tail-with-learn-more"/> + <label id="securityLevel-restoreDefaults" + class="learnMore text-link"/> + </description> + <description id="securityLevel-description1" class="indent tip-caption"/> + <description id="securityLevel-description2" class="indent tip-caption"/> + <description id="securityLevel-description3" class="indent tip-caption"/> + </vbox> + <vbox id="securityLevel-vbox-safest"> + <hbox> + <radio value="safest"/> + <vbox> + <spacer flex="1"/> + <label id="securityLevel-customWarning"/> + <spacer flex="1"/> + </vbox> + </hbox> + <description flex="1"> + <html:span id="securityLevel-summary" class="tail-with-learn-more"/> + <label id="securityLevel-restoreDefaults" + class="learnMore text-link"/> + </description> + <description id="securityLevel-description1" class="indent tip-caption"/> + <description id="securityLevel-description2" class="indent tip-caption"/> + <description id="securityLevel-description3" class="indent tip-caption"/> + </vbox> + </radiogroup> + </vbox> +</groupbox> diff --git a/browser/components/securitylevel/jar.mn b/browser/components/securitylevel/jar.mn new file mode 100644 index 000000000000..9ac408083fbc --- /dev/null +++ b/browser/components/securitylevel/jar.mn @@ -0,0 +1,6 @@ +browser.jar: + content/browser/securitylevel/securityLevel.js (content/securityLevel.js) + content/browser/securitylevel/securityLevelPanel.css (content/securityLevelPanel.css) + content/browser/securitylevel/securityLevelButton.css (content/securityLevelButton.css) + content/browser/securitylevel/securityLevelPreferences.css (content/securityLevelPreferences.css) + content/browser/securitylevel/securityLevelButton.svg (content/securityLevelButton.svg) diff --git a/browser/components/securitylevel/moz.build b/browser/components/securitylevel/moz.build new file mode 100644 index 000000000000..2661ad7cb9f3 --- /dev/null +++ b/browser/components/securitylevel/moz.build @@ -0,0 +1 @@ +JAR_MANIFESTS += ["jar.mn"]

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 28369: Stop shipping pingsender executable
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 81cbba848e50dcd2e09d843cf20e6629f27d115d Author: Alex Catarineu <acat(a)torproject.org> Date: Wed Apr 10 17:52:51 2019 +0200 Bug 28369: Stop shipping pingsender executable --- browser/app/macbuild/Contents/MacOS-files.in | 1 - browser/installer/package-manifest.in | 4 ---- browser/installer/windows/nsis/shared.nsh | 1 - python/mozbuild/mozbuild/artifacts.py | 2 -- toolkit/components/telemetry/app/TelemetrySend.jsm | 19 +------------------ toolkit/components/telemetry/moz.build | 4 ---- 6 files changed, 1 insertion(+), 30 deletions(-) diff --git a/browser/app/macbuild/Contents/MacOS-files.in b/browser/app/macbuild/Contents/MacOS-files.in index 3c6a1db5d6ea..bebc656a0a05 100644 --- a/browser/app/macbuild/Contents/MacOS-files.in +++ b/browser/app/macbuild/Contents/MacOS-files.in @@ -16,7 +16,6 @@ #if defined(MOZ_CRASHREPORTER) /minidump-analyzer #endif -/pingsender /pk12util /ssltunnel /xpcshell diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in index eaedee212386..82e880938f8f 100644 --- a/browser/installer/package-manifest.in +++ b/browser/installer/package-manifest.in @@ -443,10 +443,6 @@ bin/libfreebl_64int_3.so @BINPATH@/minidump-analyzer@BIN_SUFFIX@ #endif -; [ Ping Sender ] -; -@BINPATH@/pingsender@BIN_SUFFIX@ - ; Shutdown Terminator @RESPATH@/components/terminator.manifest diff --git a/browser/installer/windows/nsis/shared.nsh b/browser/installer/windows/nsis/shared.nsh index 77e28bc0ae0f..ed0c27bd055b 100755 --- a/browser/installer/windows/nsis/shared.nsh +++ b/browser/installer/windows/nsis/shared.nsh @@ -1491,7 +1491,6 @@ ${RemoveDefaultBrowserAgentShortcut} Push "crashreporter.exe" Push "default-browser-agent.exe" Push "minidump-analyzer.exe" - Push "pingsender.exe" Push "updater.exe" Push "${FileMainEXE}" !macroend diff --git a/python/mozbuild/mozbuild/artifacts.py b/python/mozbuild/mozbuild/artifacts.py index 50ca81a4aaf5..3f3454b4b7b5 100644 --- a/python/mozbuild/mozbuild/artifacts.py +++ b/python/mozbuild/mozbuild/artifacts.py @@ -495,7 +495,6 @@ class LinuxArtifactJob(ArtifactJob): "{product}/{product}", "{product}/{product}-bin", "{product}/minidump-analyzer", - "{product}/pingsender", "{product}/plugin-container", "{product}/updater", "{product}/**/*.so", @@ -550,7 +549,6 @@ class MacArtifactJob(ArtifactJob): "{product}-bin", "*.dylib", "minidump-analyzer", - "pingsender", "plugin-container.app/Contents/MacOS/plugin-container", "updater.app/Contents/MacOS/org.mozilla.updater", # 'xpcshell', diff --git a/toolkit/components/telemetry/app/TelemetrySend.jsm b/toolkit/components/telemetry/app/TelemetrySend.jsm index caf11f440681..ce27382be7e0 100644 --- a/toolkit/components/telemetry/app/TelemetrySend.jsm +++ b/toolkit/components/telemetry/app/TelemetrySend.jsm @@ -1578,23 +1578,6 @@ var TelemetrySendImpl = { }, runPingSender(pings, observer) { - if (AppConstants.platform === "android") { - throw Components.Exception("", Cr.NS_ERROR_NOT_IMPLEMENTED); - } - - const exeName = - AppConstants.platform === "win" ? "pingsender.exe" : "pingsender"; - - let exe = Services.dirsvc.get("GreBinD", Ci.nsIFile); - exe.append(exeName); - - let params = pings.flatMap(ping => [ping.url, ping.path]); - let process = Cc["@mozilla.org/process/util;1"].createInstance( - Ci.nsIProcess - ); - process.init(exe); - process.startHidden = true; - process.noShell = true; - process.runAsync(params, params.length, observer); + throw Components.Exception("", Cr.NS_ERROR_NOT_IMPLEMENTED); }, }; diff --git a/toolkit/components/telemetry/moz.build b/toolkit/components/telemetry/moz.build index 4701fb0561e4..238b12a09ffa 100644 --- a/toolkit/components/telemetry/moz.build +++ b/toolkit/components/telemetry/moz.build @@ -8,10 +8,6 @@ include("/ipc/chromium/chromium-config.mozbuild") FINAL_LIBRARY = "xul" -DIRS = [ - "pingsender", -] - DEFINES["MOZ_APP_VERSION"] = '"%s"' % CONFIG["MOZ_APP_VERSION"] LOCAL_INCLUDES += [

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 23247: Communicating security expectations for .onion
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 11a393ec90e956e4cf195fea8dbe0f694b623fc1 Author: Richard Pospesel <richard(a)torproject.org> Date: Fri Jun 8 13:38:40 2018 -0700 Bug 23247: Communicating security expectations for .onion Encrypting pages hosted on Onion Services with SSL/TLS is redundant (in terms of hiding content) as all traffic within the Tor network is already fully encrypted. Therefore, serving HTTP pages from an Onion Service is more or less fine. Prior to this patch, Tor Browser would mostly treat pages delivered via Onion Services as well as pages delivered in the ordinary fashion over the internet in the same way. This created some inconsistencies in behaviour and misinformation presented to the user relating to the security of pages delivered via Onion Services: - HTTP Onion Service pages did not have any 'lock' icon indicating the site was secure - HTTP Onion Service pages would be marked as unencrypted in the Page Info screen - Mixed-mode content restrictions did not apply to HTTP Onion Service pages embedding Non-Onion HTTP content This patch fixes the above issues, and also adds several new 'Onion' icons to the mix to indicate all of the various permutations of Onion Services hosted HTTP or HTTPS pages with HTTP or HTTPS content. Strings for Onion Service Page Info page are pulled from Torbutton's localization strings. --- browser/base/content/browser-siteIdentity.js | 39 ++++++++----- browser/base/content/pageinfo/security.js | 64 ++++++++++++++++++---- .../shared/identity-block/identity-block.inc.css | 19 +++++++ .../themes/shared/identity-block/onion-slash.svg | 5 ++ .../themes/shared/identity-block/onion-warning.svg | 6 ++ browser/themes/shared/identity-block/onion.svg | 3 + browser/themes/shared/jar.inc.mn | 3 + dom/base/nsContentUtils.cpp | 19 +++++++ dom/base/nsContentUtils.h | 5 ++ dom/base/nsGlobalWindowOuter.cpp | 3 +- dom/ipc/WindowGlobalActor.cpp | 5 +- dom/ipc/WindowGlobalChild.cpp | 6 +- dom/presentation/PresentationRequest.cpp | 3 +- dom/security/nsMixedContentBlocker.cpp | 16 +++++- .../modules/geckoview/GeckoViewProgress.jsm | 4 ++ security/manager/ssl/nsSecureBrowserUI.cpp | 12 ++++ 16 files changed, 180 insertions(+), 32 deletions(-) diff --git a/browser/base/content/browser-siteIdentity.js b/browser/base/content/browser-siteIdentity.js index 9cf2ff85cbbd..58bcbfd3c69a 100644 --- a/browser/base/content/browser-siteIdentity.js +++ b/browser/base/content/browser-siteIdentity.js @@ -144,6 +144,10 @@ var gIdentityHandler = { ); }, + get _uriIsOnionHost() { + return this._uriHasHost ? this._uri.host.toLowerCase().endsWith(".onion") : false; + }, + get _isAboutNetErrorPage() { return ( gBrowser.selectedBrowser.documentURI && @@ -839,9 +843,9 @@ var gIdentityHandler = { get pointerlockFsWarningClassName() { // Note that the fullscreen warning does not handle _isSecureInternalUI. if (this._uriHasHost && this._isSecureConnection) { - return "verifiedDomain"; + return this._uriIsOnionHost ? "onionVerifiedDomain" : "verifiedDomain"; } - return "unknownIdentity"; + return this._uriIsOnionHost ? "onionUnknownIdentity" : "unknownIdentity"; }, /** @@ -849,6 +853,10 @@ var gIdentityHandler = { * built-in (returns false) or imported (returns true). */ _hasCustomRoot() { + if (!this._secInfo) { + return false; + } + let issuerCert = null; issuerCert = this._secInfo.succeededCertChain[ this._secInfo.succeededCertChain.length - 1 @@ -891,11 +899,13 @@ var gIdentityHandler = { "identity.extension.label", [extensionName] ); - } else if (this._uriHasHost && this._isSecureConnection) { + } else if (this._uriHasHost && this._isSecureConnection && this._secInfo) { // This is a secure connection. - this._identityBox.className = "verifiedDomain"; + // _isSecureConnection implicitly includes onion services, which may not have an SSL certificate + const uriIsOnionHost = this._uriIsOnionHost; + this._identityBox.className = uriIsOnionHost ? "onionVerifiedDomain" : "verifiedDomain"; if (this._isMixedActiveContentBlocked) { - this._identityBox.classList.add("mixedActiveBlocked"); + this._identityBox.classList.add(uriIsOnionHost ? "onionMixedActiveBlocked" : "mixedActiveBlocked"); } if (!this._isCertUserOverridden) { // It's a normal cert, verifier is the CA Org. @@ -906,17 +916,17 @@ var gIdentityHandler = { } } else if (this._isBrokenConnection) { // This is a secure connection, but something is wrong. - this._identityBox.className = "unknownIdentity"; + const uriIsOnionHost = this._uriIsOnionHost; + this._identityBox.className = uriIsOnionHost ? "onionUnknownIdentity" : "unknownIdentity"; if (this._isMixedActiveContentLoaded) { - this._identityBox.classList.add("mixedActiveContent"); + this._identityBox.classList.add(uriIsOnionHost ? "onionMixedActiveContent" : "mixedActiveContent"); } else if (this._isMixedActiveContentBlocked) { - this._identityBox.classList.add( - "mixedDisplayContentLoadedActiveBlocked" - ); + this._identityBox.classList.add(uriIsOnionHost ? "onionMixedDisplayContentLoadedActiveBlocked" : "mixedDisplayContentLoadedActiveBlocked"); } else if (this._isMixedPassiveContentLoaded) { - this._identityBox.classList.add("mixedDisplayContent"); + this._identityBox.classList.add(uriIsOnionHost ? "onionMixedDisplayContent" : "mixedDisplayContent"); } else { + // TODO: ignore weak https cipher for onionsites? this._identityBox.classList.add("weakCipher"); } } else if (this._isAboutCertErrorPage) { @@ -929,8 +939,8 @@ var gIdentityHandler = { // Network errors and blocked pages get a more neutral icon this._identityBox.className = "unknownIdentity"; } else if (this._isPotentiallyTrustworthy) { - // This is a local resource (and shouldn't be marked insecure). - this._identityBox.className = "localResource"; + // This is a local resource or an onion site (and shouldn't be marked insecure). + this._identityBox.className = this._uriIsOnionHost ? "onionUnknownIdentity" : "localResource"; } else { // This is an insecure connection. let warnOnInsecure = @@ -954,7 +964,8 @@ var gIdentityHandler = { } if (this._isCertUserOverridden) { - this._identityBox.classList.add("certUserOverridden"); + const uriIsOnionHost = this._uriIsOnionHost; + this._identityBox.classList.add(uriIsOnionHost ? "onionCertUserOverridden" : "certUserOverridden"); // Cert is trusted because of a security exception, verifier is a special string. tooltip = gNavigatorBundle.getString( "identity.identified.verified_by_you" diff --git a/browser/base/content/pageinfo/security.js b/browser/base/content/pageinfo/security.js index 6a2d09ec8442..192e9f763700 100644 --- a/browser/base/content/pageinfo/security.js +++ b/browser/base/content/pageinfo/security.js @@ -22,6 +22,13 @@ ChromeUtils.defineModuleGetter( "PluralForm", "resource://gre/modules/PluralForm.jsm" ); +XPCOMUtils.defineLazyGetter( + this, + "gTorButtonBundle", + function() { + return Services.strings.createBundle("chrome://torbutton/locale/torbutton.properties"); + } +); var security = { async init(uri, windowInfo) { @@ -60,6 +67,11 @@ var security = { (Ci.nsIWebProgressListener.STATE_LOADED_MIXED_ACTIVE_CONTENT | Ci.nsIWebProgressListener.STATE_LOADED_MIXED_DISPLAY_CONTENT); var isEV = ui.state & Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL; + var isOnion = false; + const hostName = this.windowInfo.hostName; + if (hostName && hostName.endsWith(".onion")) { + isOnion = true; + } let retval = { cAName: "", @@ -69,6 +81,7 @@ var security = { isBroken, isMixed, isEV, + isOnion, cert: null, certificateTransparency: null, }; @@ -107,6 +120,7 @@ var security = { isBroken, isMixed, isEV, + isOnion, cert, certChain: certChainArray, certificateTransparency: undefined, @@ -349,22 +363,50 @@ async function securityOnLoad(uri, windowInfo) { } msg2 = pkiBundle.getString("pageInfo_Privacy_None2"); } else if (info.encryptionStrength > 0) { - hdr = pkiBundle.getFormattedString( - "pageInfo_EncryptionWithBitsAndProtocol", - [info.encryptionAlgorithm, info.encryptionStrength + "", info.version] - ); + if (!info.isOnion) { + hdr = pkiBundle.getFormattedString( + "pageInfo_EncryptionWithBitsAndProtocol", + [info.encryptionAlgorithm, info.encryptionStrength + "", info.version] + ); + } else { + try { + hdr = gTorButtonBundle.formatStringFromName( + "pageInfo_OnionEncryptionWithBitsAndProtocol", + [info.encryptionAlgorithm, info.encryptionStrength + "", info.version] + ); + } catch(err) { + hdr = "Connection Encrypted (Onion Service, " + + info.encryptionAlgorithm + + ", " + + info.encryptionStrength + + " bit keys, " + + info.version + + ")"; + } + } msg1 = pkiBundle.getString("pageInfo_Privacy_Encrypted1"); msg2 = pkiBundle.getString("pageInfo_Privacy_Encrypted2"); } else { - hdr = pkiBundle.getString("pageInfo_NoEncryption"); - if (windowInfo.hostName != null) { - msg1 = pkiBundle.getFormattedString("pageInfo_Privacy_None1", [ - windowInfo.hostName, - ]); + if (!info.isOnion) { + hdr = pkiBundle.getString("pageInfo_NoEncryption"); + if (windowInfo.hostName != null) { + msg1 = pkiBundle.getFormattedString("pageInfo_Privacy_None1", [ + windowInfo.hostName, + ]); + } else { + msg1 = pkiBundle.getString("pageInfo_Privacy_None4"); + } + msg2 = pkiBundle.getString("pageInfo_Privacy_None2"); } else { - msg1 = pkiBundle.getString("pageInfo_Privacy_None4"); + try { + hdr = gTorButtonBundle.GetStringFromName("pageInfo_OnionEncryption"); + } catch (err) { + hdr = "Connection Encrypted (Onion Service)"; + } + + msg1 = pkiBundle.getString("pageInfo_Privacy_Encrypted1"); + msg2 = pkiBundle.getString("pageInfo_Privacy_Encrypted2"); } - msg2 = pkiBundle.getString("pageInfo_Privacy_None2"); } setText("security-technical-shortform", hdr); setText("security-technical-longform1", msg1); diff --git a/browser/themes/shared/identity-block/identity-block.inc.css b/browser/themes/shared/identity-block/identity-block.inc.css index 59d0f1c775a6..2eec10e21077 100644 --- a/browser/themes/shared/identity-block/identity-block.inc.css +++ b/browser/themes/shared/identity-block/identity-block.inc.css @@ -187,6 +187,25 @@ toolbar[brighttext] #identity-box[pageproxystate="valid"].chromeUI > #identity-i list-style-image: url(chrome://global/skin/icons/connection-mixed-active-loaded.svg); } +#identity-box[pageproxystate="valid"].onionUnknownIdentity > #identity-icon, +#identity-box[pageproxystate="valid"].onionVerifiedDomain > #identity-icon, +#identity-box[pageproxystate="valid"].onionMixedActiveBlocked > #identity-icon { + list-style-image: url(chrome://browser/skin/onion.svg); + visibility: visible; +} + +#identity-box[pageproxystate="valid"].onionMixedDisplayContent > #identity-icon, +#identity-box[pageproxystate="valid"].onionMixedDisplayContentLoadedActiveBlocked > #identity-icon, +#identity-box[pageproxystate="valid"].onionCertUserOverridden > #identity-icon { + list-style-image: url(chrome://browser/skin/onion-warning.svg); + visibility: visible; +} + +#identity-box[pageproxystate="valid"].onionMixedActiveContent > #identity-icon { + list-style-image: url(chrome://browser/skin/onion-slash.svg); + visibility: visible; +} + #permissions-granted-icon { list-style-image: url(chrome://browser/skin/permissions.svg); } diff --git a/browser/themes/shared/identity-block/onion-slash.svg b/browser/themes/shared/identity-block/onion-slash.svg new file mode 100644 index 000000000000..e7c98b769482 --- /dev/null +++ b/browser/themes/shared/identity-block/onion-slash.svg @@ -0,0 +1,5 @@ +<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"> + <path d="M3.409559 13.112147C3.409559 13.112147 8.200807 8.103115 8.200807 8.103115C8.200807 8.103115 8.200807 6.516403 8.200807 6.516403C8.620819 6.516403 9.009719 6.703075 9.274171 6.998639C9.274171 6.998639 10.160863 6.080835 10.160863 6.080835C9.663071 5.567487 8.978607 5.256367 8.200807 5.256367C8.200807 5.256367 8.200807 4.400787 8.200807 4.400787C9.196391 4.400787 10.098639 4.805243 10.736435 5.458595C10.736435 5.458595 11.623127 4.540791 11.623127 4.540791C10.751991 3.669655 9.538623 3.125195 8.200807 3.125195C8.200807 3.125195 8.200807 2.269615 8.200807 2.269615C9.756407 2.269615 11.172003 2.907411 12.214255 3.918551C12.214255 3.918551 13.100947 3.000747 13.100947 3.000747C11.825355 1.756267 10.098639 0.994023 8.185251 0.994023C4.311807 0.994023 1.185051 4.120779 1.185051 7.994223C1.185051 10.016503 2.040631 11.836555 3.409559 13.112147C3.409559 13.112147 3.409559 13.112147 3.409559 13.112147" fill-opacity="context-fill-opacity" fill="context-fill" /> + <path d="M14.205423 4.416343C14.205423 4.416343 13.287619 5.380815 13.287619 5.380815C13.692075 6.158615 13.909859 7.045307 13.909859 7.994223C13.909859 11.152091 11.358675 13.718831 8.200807 13.718831C8.200807 13.718831 8.200807 12.863251 8.200807 12.863251C10.891995 12.863251 13.069835 10.669855 13.069835 7.978667C13.069835 7.278647 12.929831 6.625295 12.665379 6.018611C12.665379 6.018611 11.685351 7.045307 11.685351 7.045307C11.763131 7.340871 11.809799 7.651991 11.809799 7.963111C11.809799 9.954279 10.207531 11.556547 8.216363 11.572103C8.216363 11.572103 8.216363 10.716523 8.216363 10.716523C9.725295 10.700967 10.954219 9.472043 10.954219 7.963111C10.954219 7.916443 10.954219 7.854219 10.954219 7.807551C10.954219 7.807551 4.887379 14.169955 4.887379 14.169955C5.867407 14.698859 6.987439 14.994423 8.185251 14.994423C12.058695 14.994423 15.185451 11.867667 15.185451 7.994223C15.185451 6.687519 14.827663 5.474151 14.205423 4.416343C14.205423 4.416343 14.205423 4.416343 14.205423 4.416343" fill-opacity="context-fill-opacity" fill="context-fill" /> + <path d="M1.791735 15.461103C1.402835 15.461103 1.045047 15.212207 0.889487 14.838863C0.733927 14.465519 0.827267 14.014395 1.107271 13.734387C1.107271 13.734387 13.458735 0.822907 13.458735 0.822907C13.847635 0.434007 14.454319 0.449563 14.827663 0.838467C15.201007 1.227367 15.216563 1.865163 14.843223 2.269619C14.843223 2.269619 2.491759 15.181099 2.491759 15.181099C2.289531 15.352215 2.040635 15.461107 1.791739 15.461107C1.791739 15.461107 1.791735 15.461103 1.791735 15.461103" fill="#ff0039" /> +</svg> diff --git a/browser/themes/shared/identity-block/onion-warning.svg b/browser/themes/shared/identity-block/onion-warning.svg new file mode 100644 index 000000000000..d42a7dab7246 --- /dev/null +++ b/browser/themes/shared/identity-block/onion-warning.svg @@ -0,0 +1,6 @@ +<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"> + <path d="M15.8630401732 14.127C15.8630401732 14.127 12.6649598146 7.716 12.6649598146 7.716C12.4469357756 7.279935 12.0003277145 7.0043454 11.5116853046 7.0043454C11.0230428947 7.0043454 10.5764348336 7.279935 10.3584107946 7.716C10.3584107946 7.716 7.1573218938 14.127 7.1573218938 14.127C6.95646770542 14.527294 6.97733695982 15.002669 7.21250176686 15.38393C7.4476665739 15.765191 7.86372750208 15.998191 8.3126020986 16.0C8.3126020986 16.0 14.7077599684 16.0 14.7077599684 16.0C15.1566344646 15.9982 15.572695794 15.765191 15.8078605007 15.38393C16.0430252075 15.002669 16.0638944619 14.527294 15.8630371647 14.127C15.8630371647 14.127 15.8630401732 14.127 15.8630401732 14.127" fill="#ffbf00" /> + <path d="M11.5106824572 8.0C11.6210488221 7.99691 11.7223975832 8.060469 11.7674113916 8.161C11.7674113916 8.161 14.9644889028 14.573 14.9644889028 14.573C15.0126456349 14.66534 15.0076715118 14.776305 14.9514518866 14.864C14.9011992034 14.95041 14.8079143382 15.002854 14.7077599684 15.001048C14.7077599684 15.001048 8.3126020986 15.001048 8.3126020986 15.001048C8.2124480296 15.002854 8.1191607576 14.950409 8.0689101804 14.864C8.0124814615 14.77637 8.0075053327 14.665298 8.0558731642 14.573C8.0558731642 14.573 11.2529506754 8.161 11.2529506754 8.161C11.2981038796 8.0601247 11.3999560701 7.9964997 11.5106824572 8.0M11.5106824572 6.9999751C11.0194557096 6.9969427 10.5701148893 7.2754275 10.3554022524 7.716C10.3554022524 7.716 7.1573218938 14.127 7.1573218938 14.127C6.95646770542 14.527294 6.97733695982 15.002669 7.21250176686 15.38393C7.4476665739 15.765191 7.86372750208 15.998191 8.3126020986 16.0C8.3126020986 16.0 14.7077599684 16.0 14.7077599684 16.0C15.1566344646 15.9982 15.57269 5794 15.765191 15.8078605007 15.38393C16.0430252075 15.002669 16.0638944619 14.527294 15.8630371647 14.127C15.8630371647 14.127 12.6649598146 7.716 12.6649598146 7.716C12.4504036219 7.2757546 12.0015481798 6.9973287 11.5106824572 6.9999751C11.5106824572 6.9999751 11.5106824572 6.9999751 11.5106824572 6.9999751" opacity="0.35" fill="#d76e00" /> + <path d="M11.5327451 12.0C11.8096733867 12.0 12.0341688 11.776142 12.0341688 11.5C12.0341688 11.5 12.0341688 9.5 12.0341688 9.5C12.0341688 9.2238576 11.8096733867 9.0 11.5327451 9.0C11.2558168133 9.0 11.0313214 9.2238576 11.0313214 9.5C11.0313214 9.5 11.0313214 11.5 11.0313214 11.5C11.0313214 11.776142 11.2558168133 12.0 11.5327451 12.0C11.5327451 12.0 11.5327451 12.0 11.5327451 12.0M11.5327451 12.809C11.1500294496 12.809 10.8397775466 13.118371 10.8397775466 13.5C10.8397775466 13.881629 11.1500294496 14.191 11.5327451 14.191C11.9154607504 14.191 12.2257126534 13.881629 12.2257126534 13.5C12.2257126534 13.118371 11.9154607504 12.809 11.5327451 12.809C11.5327451 12.809 11.5327451 12.809 11.5327451 12.809" fill="#ffffff" /> + <path d="M7.08030321348 6.552C7.90163523408 6.56 8.5645173655 7.225 8.5645173655 8.046C8.5645173655 8.866 7.90163523408 9.532 7.08030321348 9.54C7.08030321348 9.54 7.08030321348 6.552 7.08030321348 6.552M6.30610502068 13.756C6.30610502068 13.756 9.4991711423 7.353 9.4991711423 7.353C9.5453021227 7.259 9.6144985933 7.184 9.6716608951 7.098C9.2845617987 6.039 8.2756973143 5.277 7.08030321348 5.271C7.08030321348 5.271 7.08030321348 4.417 7.08030321348 4.417C8.5043465215 4.423 9.7238089599 5.251 10.3164917733 6.443C10.6795225321 6.21 11.1067355245 6.074 11.5519997701 6.074C11.5519997701 6.074 11.5620282441 6.074 11.5620282441 6.074C11.5620282441 6.074 11.5640339389 6.074 11.5640339389 6.074C11.5660396337 6.074 11.5690481759 6.075 11.5710538707 6.075C10.8108955415 4.35 9.0900094031 3.141 7.08030321348 3.135C7.08030321348 3.135 7.08030321348 2.281 7.08030321348 2.281C9.6716608951 2.288 11.8618796167 3.993 12.5889439817 6.34C13.0231769059 6.561 13.3922247491 6.9 13.6088397875 7.344C13.60 88397875 7.344 14.1162805719 8.361 14.1162805719 8.361C14.1202919615 8.256 14.1313232829 8.152 14.1313232829 8.046C14.1313232829 4.155 10.9683425833 1.0 7.06626334988 1.0C3.16318126908 1.0 0.00020056948 4.155 0.00020056948 8.046C0.00020056948 11.603 2.64571201068 14.536 6.08046435568 15.015C6.03633907008 14.595 6.10252699848 14.16 6.30610502068 13.756C6.30610502068 13.756 6.30610502068 13.756 6.30610502068 13.756" fill-opacity="context-fill-opacity" fill="context-fill" /> +</svg> diff --git a/browser/themes/shared/identity-block/onion.svg b/browser/themes/shared/identity-block/onion.svg new file mode 100644 index 000000000000..b123a9786acc --- /dev/null +++ b/browser/themes/shared/identity-block/onion.svg @@ -0,0 +1,3 @@ +<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16"> + <path d="M8.01435945 13.726867125C8.01435945 13.726867125 8.01435945 12.87830525 8.01435945 12.87830525C10.70227825 12.87051775 12.87869375 10.689666 12.87869375 7.9998060125C12.87869375 5.310140275 10.70227825 3.1292621 8.01435945 3.121500325C8.01435945 3.121500325 8.01435945 2.272938975 8.01435945 2.272938975C11.170899375 2.280892725 13.727061375 4.8415202875 13.727061375 7.9998060125C13.727061375 11.158285375 11.170899375 13.719105 8.01435945 13.726867125C8.01435945 13.726867125 8.01435945 13.726867125 8.01435945 13.726867125M8.01435945 10.756805625C9.5304373 10.74884925 10.75758175 9.5180185125 10.75758175 7.9998060125C10.75758175 6.4817875 9.5304373 5.2509564125 8.01435945 5.2430005625C8.01435945 5.2430005625 8.01435945 4.3946332875 8.01435945 4.3946332875C9.999251625 4.4023945375 11.60614275 6.013167425 11.60614275 7.9998060125C11.60614275 9.986639375 9.999251625 11.597411125 8.01435945 11.605172375C8.01435945 11.605172375 8.01435945 10.756805625 8.01435945 10.756805625M8.01 435945 6.5157454625C8.8276046625 6.5235067125 9.484837025 7.184620575 9.484837025 7.9998060125C9.484837025 8.815185875 8.8276046625 9.4762985125 8.01435945 9.4840608125C8.01435945 9.4840608125 8.01435945 6.5157454625 8.01435945 6.5157454625M1.0 7.9998060125C1.0 11.8659705 4.1338360375 15.0 8.0000000875 15.0C11.8659705 15.0 15.0 11.8659705 15.0 7.9998060125C15.0 4.1338360375 11.8659705 1.0 8.0000000875 1.0C4.1338360375 1.0 1.0 4.1338360375 1.0 7.9998060125C1.0 7.9998060125 1.0 7.9998060125 1.0 7.9998060125" fill-rule="even-odd" fill-opacity="context-fill-opacity" fill="context-fill" /> +</svg> diff --git a/browser/themes/shared/jar.inc.mn b/browser/themes/shared/jar.inc.mn index a5832b9251bb..45e1010c7963 100644 --- a/browser/themes/shared/jar.inc.mn +++ b/browser/themes/shared/jar.inc.mn @@ -56,6 +56,9 @@ skin/classic/browser/fxaSignout.css (../shared/fxaSignout.css) skin/classic/browser/permissions.svg (../shared/identity-block/permissions.svg) skin/classic/browser/connection-secure.svg (../shared/identity-block/connection-secure.svg) + skin/classic/browser/onion.svg (../shared/identity-block/onion.svg) + skin/classic/browser/onion-slash.svg (../shared/identity-block/onion-slash.svg) + skin/classic/browser/onion-warning.svg (../shared/identity-block/onion-warning.svg) skin/classic/browser/info.svg (../shared/info.svg) skin/classic/browser/newInstall.css (../shared/newInstall.css) skin/classic/browser/newInstallPage.css (../shared/newInstallPage.css) diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp index 86850992a914..861afbdfb820 100644 --- a/dom/base/nsContentUtils.cpp +++ b/dom/base/nsContentUtils.cpp @@ -9277,6 +9277,25 @@ bool nsContentUtils::ComputeIsSecureContext(nsIChannel* aChannel) { return principal->GetIsOriginPotentiallyTrustworthy(); } +/* static */ bool nsContentUtils::DocumentHasOnionURI(Document* aDocument) { + if (!aDocument) { + return false; + } + + nsIURI* uri = aDocument->GetDocumentURI(); + if (!uri) { + return false; + } + + nsAutoCString host; + if (NS_SUCCEEDED(uri->GetHost(host))) { + bool hasOnionURI = StringEndsWith(host, ".onion"_ns); + return hasOnionURI; + } + + return false; +} + /* static */ void nsContentUtils::TryToUpgradeElement(Element* aElement) { NodeInfo* nodeInfo = aElement->NodeInfo(); diff --git a/dom/base/nsContentUtils.h b/dom/base/nsContentUtils.h index d418448ef27a..ea7d4e519a8a 100644 --- a/dom/base/nsContentUtils.h +++ b/dom/base/nsContentUtils.h @@ -2987,6 +2987,11 @@ class nsContentUtils { */ static bool HttpsStateIsModern(Document* aDocument); + /** + * Returns true of the document's URI is a .onion + */ + static bool DocumentHasOnionURI(Document* aDocument); + /** * Returns true if the channel is for top-level window and is over secure * context. diff --git a/dom/base/nsGlobalWindowOuter.cpp b/dom/base/nsGlobalWindowOuter.cpp index 25dc13cc6fa6..85142d4e0c4f 100644 --- a/dom/base/nsGlobalWindowOuter.cpp +++ b/dom/base/nsGlobalWindowOuter.cpp @@ -1879,7 +1879,8 @@ bool nsGlobalWindowOuter::ComputeIsSecureContext(Document* aDocument, return false; } - if (nsContentUtils::HttpsStateIsModern(aDocument)) { + if (nsContentUtils::HttpsStateIsModern(aDocument) || + nsContentUtils::DocumentHasOnionURI(aDocument)) { return true; } diff --git a/dom/ipc/WindowGlobalActor.cpp b/dom/ipc/WindowGlobalActor.cpp index 64085dbe5d4c..b859ba966ac8 100644 --- a/dom/ipc/WindowGlobalActor.cpp +++ b/dom/ipc/WindowGlobalActor.cpp @@ -20,6 +20,7 @@ #include "mozilla/net/CookieJarSettings.h" #include "mozilla/dom/WindowGlobalChild.h" #include "mozilla/dom/WindowGlobalParent.h" +#include "mozilla/dom/nsMixedContentBlocker.h" #include "nsGlobalWindowInner.h" #include "nsNetUtil.h" @@ -116,7 +117,9 @@ WindowGlobalInit WindowGlobalActor::WindowInitializer( // Init Mixed Content Fields nsCOMPtr<nsIURI> innerDocURI = NS_GetInnermostURI(doc->GetDocumentURI()); if (innerDocURI) { - fields.mIsSecure = innerDocURI->SchemeIs("https"); + fields.mIsSecure = + innerDocURI->SchemeIs("https") || + nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(innerDocURI); } nsCOMPtr<nsIChannel> mixedChannel; aWindow->GetDocShell()->GetMixedContentChannel(getter_AddRefs(mixedChannel)); diff --git a/dom/ipc/WindowGlobalChild.cpp b/dom/ipc/WindowGlobalChild.cpp index cb157abcfadd..6eeb318f8099 100644 --- a/dom/ipc/WindowGlobalChild.cpp +++ b/dom/ipc/WindowGlobalChild.cpp @@ -41,6 +41,8 @@ #include "nsIHttpChannelInternal.h" #include "nsIURIMutator.h" +#include "mozilla/dom/nsMixedContentBlocker.h" + using namespace mozilla::ipc; using namespace mozilla::dom::ipc; @@ -238,7 +240,9 @@ void WindowGlobalChild::OnNewDocument(Document* aDocument) { nsCOMPtr<nsIURI> innerDocURI = NS_GetInnermostURI(aDocument->GetDocumentURI()); if (innerDocURI) { - txn.SetIsSecure(innerDocURI->SchemeIs("https")); + txn.SetIsSecure( + innerDocURI->SchemeIs("https") || + nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(innerDocURI)); } nsCOMPtr<nsIChannel> mixedChannel; mWindowGlobal->GetDocShell()->GetMixedContentChannel( diff --git a/dom/presentation/PresentationRequest.cpp b/dom/presentation/PresentationRequest.cpp index 6a7595a3bda9..9247bb07f1ef 100644 --- a/dom/presentation/PresentationRequest.cpp +++ b/dom/presentation/PresentationRequest.cpp @@ -469,7 +469,8 @@ bool PresentationRequest::IsProhibitMixedSecurityContexts(Document* aDocument) { nsCOMPtr<Document> doc = aDocument; while (doc && !nsContentUtils::IsChromeDoc(doc)) { - if (nsContentUtils::HttpsStateIsModern(doc)) { + if (nsContentUtils::HttpsStateIsModern(doc) || + nsContentUtils::DocumentHasOnionURI(doc)) { return true; } diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp index 64a9f3178874..ba88625eda69 100644 --- a/dom/security/nsMixedContentBlocker.cpp +++ b/dom/security/nsMixedContentBlocker.cpp @@ -638,8 +638,8 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect, return NS_OK; } - // Check the parent scheme. If it is not an HTTPS page then mixed content - // restrictions do not apply. + // Check the parent scheme. If it is not an HTTPS or .onion page then mixed + // content restrictions do not apply. nsCOMPtr<nsIURI> innerRequestingLocation = NS_GetInnermostURI(requestingLocation); if (!innerRequestingLocation) { @@ -654,6 +654,17 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect, bool parentIsHttps = innerRequestingLocation->SchemeIs("https"); if (!parentIsHttps) { + bool parentIsOnion = IsPotentiallyTrustworthyOnion(innerRequestingLocation); + if (!parentIsOnion) { + *aDecision = ACCEPT; + return NS_OK; + } + } + + bool isHttpScheme = innerContentLocation->SchemeIs("http"); + // .onion URLs are encrypted and authenticated. Don't treat them as mixed + // content if potentially trustworthy (i.e. whitelisted). + if (isHttpScheme && IsPotentiallyTrustworthyOnion(innerContentLocation)) { *aDecision = ACCEPT; MOZ_LOG(sMCBLog, LogLevel::Verbose, (" -> decision: Request will be allowed because the requesting " @@ -680,7 +691,6 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect, return NS_OK; } - bool isHttpScheme = innerContentLocation->SchemeIs("http"); if (isHttpScheme && IsPotentiallyTrustworthyOrigin(innerContentLocation)) { *aDecision = ACCEPT; return NS_OK; diff --git a/mobile/android/modules/geckoview/GeckoViewProgress.jsm b/mobile/android/modules/geckoview/GeckoViewProgress.jsm index 23652971ca69..c9ac11577021 100644 --- a/mobile/android/modules/geckoview/GeckoViewProgress.jsm +++ b/mobile/android/modules/geckoview/GeckoViewProgress.jsm @@ -145,6 +145,10 @@ var IdentityHandler = { result.host = uri.host; } + if (!aBrowser.securityUI.secInfo) { + return result; + } + const cert = aBrowser.securityUI.secInfo.serverCert; result.certificate = aBrowser.securityUI.secInfo.serverCert.getBase64DERString(); diff --git a/security/manager/ssl/nsSecureBrowserUI.cpp b/security/manager/ssl/nsSecureBrowserUI.cpp index b4de1a331ffc..f1ce39582854 100644 --- a/security/manager/ssl/nsSecureBrowserUI.cpp +++ b/security/manager/ssl/nsSecureBrowserUI.cpp @@ -9,6 +9,7 @@ #include "mozilla/Logging.h" #include "mozilla/Unused.h" #include "mozilla/dom/Document.h" +#include "mozilla/dom/nsMixedContentBlocker.h" #include "nsContentUtils.h" #include "nsIChannel.h" #include "nsDocShell.h" @@ -85,6 +86,17 @@ void nsSecureBrowserUI::RecomputeSecurityFlags() { } } } + + // any protocol routed over tor is secure + if (!(mState & nsIWebProgressListener::STATE_IS_SECURE)) { + nsCOMPtr<nsIURI> innerDocURI = NS_GetInnermostURI(win->GetDocumentURI()); + if (innerDocURI && + nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(innerDocURI)) { + MOZ_LOG(gSecureBrowserUILog, LogLevel::Debug, (" is onion")); + mState = (mState & ~nsIWebProgressListener::STATE_IS_INSECURE) | + nsIWebProgressListener::STATE_IS_SECURE; + } + } } // Add upgraded-state flags when request has been

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 26353: Prevent speculative connect that violated FPI.
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 1f64d1b58af61c0a141a1533718cc18ee3ab34a0 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Sat Jul 14 08:50:55 2018 -0700 Bug 26353: Prevent speculative connect that violated FPI. Connections were observed in the catch-all circuit when the user entered an https or http URL in the URL bar, or typed a search term. --- toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm index 568e70688dc4..e1adbc72bdad 100644 --- a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm +++ b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm @@ -93,6 +93,9 @@ class RemoteWebNavigation { } uri = Services.uriFixup.getFixupURIInfo(aURI, fixupFlags).preferredURI; +/******************************************************************************* + TOR BROWSER: Disable the following speculative connect until + we can make it properly obey first-party isolation. // We know the url is going to be loaded, let's start requesting network // connection before the content process asks. @@ -116,6 +119,7 @@ class RemoteWebNavigation { } Services.io.speculativeConnect(uri, principal, null); } +*******************************************************************************/ } catch (ex) { // Can't setup speculative connection for this uri string for some // reason (such as failing to parse the URI), just ignore it.

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 26345: Hide tracking protection UI
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 9860be85cf7ca224da7fcccc7610ec4964f801e7 Author: Alex Catarineu <acat(a)torproject.org> Date: Tue Sep 10 16:29:31 2019 +0200 Bug 26345: Hide tracking protection UI --- browser/base/content/browser-siteIdentity.js | 4 ++-- browser/base/content/browser.xhtml | 4 ++-- browser/components/about/AboutRedirector.cpp | 4 ---- browser/components/about/components.conf | 1 - browser/components/moz.build | 1 - browser/themes/shared/preferences/privacy.css | 4 ++++ 6 files changed, 8 insertions(+), 10 deletions(-) diff --git a/browser/base/content/browser-siteIdentity.js b/browser/base/content/browser-siteIdentity.js index 58bcbfd3c69a..ea6a6a0f7833 100644 --- a/browser/base/content/browser-siteIdentity.js +++ b/browser/base/content/browser-siteIdentity.js @@ -1063,10 +1063,10 @@ var gIdentityHandler = { this._refreshPermissionIcons(); - // Hide the shield icon if it is a chrome page. + // Bug 26345: Hide tracking protection UI. gProtectionsHandler._trackingProtectionIconContainer.classList.toggle( "chromeUI", - this._isSecureInternalUI + true ); }, diff --git a/browser/base/content/browser.xhtml b/browser/base/content/browser.xhtml index d33310813d4f..06a9d5d34326 100644 --- a/browser/base/content/browser.xhtml +++ b/browser/base/content/browser.xhtml @@ -774,7 +774,7 @@ oncommand="gSync.toggleAccountPanel('PanelUI-fxa', this, event)"/> </toolbaritem> <toolbarseparator class="sync-ui-item"/> - <toolbaritem> + <toolbaritem hidden="true"> <toolbarbutton id="appMenu-protection-report-button" class="subviewbutton subviewbutton-iconic" oncommand="gProtectionsHandler.openProtections(); gProtectionsHandler.recordClick('open_full_report', null, 'app_menu');"> @@ -785,7 +785,7 @@ </label> </toolbarbutton> </toolbaritem> - <toolbarseparator id="appMenu-tp-separator"/> + <toolbarseparator hidden="true" id="appMenu-tp-separator"/> <toolbarbutton id="appMenu-new-window-button" class="subviewbutton subviewbutton-iconic" label="&newNavigatorCmd.label;" diff --git a/browser/components/about/AboutRedirector.cpp b/browser/components/about/AboutRedirector.cpp index bc1eaaae25c1..d96e405b9985 100644 --- a/browser/components/about/AboutRedirector.cpp +++ b/browser/components/about/AboutRedirector.cpp @@ -115,10 +115,6 @@ static const RedirEntry kRedirMap[] = { nsIAboutModule::URI_MUST_LOAD_IN_CHILD | nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT}, - {"protections", "chrome://browser/content/protections.html", - nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | - nsIAboutModule::URI_MUST_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT | - nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS}, {"ion", "chrome://browser/content/ion.html", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT}, #ifdef TOR_BROWSER_UPDATE diff --git a/browser/components/about/components.conf b/browser/components/about/components.conf index 56731d70c386..290fce3feed9 100644 --- a/browser/components/about/components.conf +++ b/browser/components/about/components.conf @@ -20,7 +20,6 @@ pages = [ 'policies', 'preferences', 'privatebrowsing', - 'protections', 'profiling', 'reader', 'restartrequired', diff --git a/browser/components/moz.build b/browser/components/moz.build index f4ec78486769..c90f0a4dad33 100644 --- a/browser/components/moz.build +++ b/browser/components/moz.build @@ -47,7 +47,6 @@ DIRS += [ "preferences", "privatebrowsing", "prompts", - "protections", "protocolhandler", "resistfingerprinting", "search", diff --git a/browser/themes/shared/preferences/privacy.css b/browser/themes/shared/preferences/privacy.css index f66aa8d46721..3843bda85887 100644 --- a/browser/themes/shared/preferences/privacy.css +++ b/browser/themes/shared/preferences/privacy.css @@ -114,6 +114,10 @@ /* Content Blocking */ +#trackingGroup { + display: none; +} + /* Override styling that sets descriptions as grey */ #trackingGroup description.indent, #trackingGroup .indent > description {

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 31575: Replace Firefox Home (newtab) with about:tor
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 5c0a089aa8f2f63022b06d21b9c58811f473afaf Author: Alex Catarineu <acat(a)torproject.org> Date: Mon Sep 9 13:04:34 2019 +0200 Bug 31575: Replace Firefox Home (newtab) with about:tor Avoid loading AboutNewTab in BrowserGlue.jsm in order to avoid several network requests that we do not need. Besides, about:newtab will now point to about:blank or about:tor (depending on browser.newtabpage.enabled) and about:home will point to about:tor. --- browser/components/BrowserGlue.jsm | 33 ++---------------------- browser/components/newtab/AboutNewTabService.jsm | 15 +---------- browser/components/preferences/home.inc.xhtml | 4 +-- browser/components/preferences/preferences.xhtml | 5 +++- browser/modules/HomePage.jsm | 2 +- 5 files changed, 10 insertions(+), 49 deletions(-) diff --git a/browser/components/BrowserGlue.jsm b/browser/components/BrowserGlue.jsm index 5ed564a0f25e..197d6e191c15 100644 --- a/browser/components/BrowserGlue.jsm +++ b/browser/components/BrowserGlue.jsm @@ -18,7 +18,6 @@ const { AppConstants } = ChromeUtils.import( ); XPCOMUtils.defineLazyModuleGetters(this, { - AboutNewTab: "resource:///modules/AboutNewTab.jsm", ActorManagerParent: "resource://gre/modules/ActorManagerParent.jsm", AddonManager: "resource://gre/modules/AddonManager.jsm", AppMenuNotifications: "resource://gre/modules/AppMenuNotifications.jsm", @@ -220,28 +219,6 @@ let JSWINDOWACTORS = { matches: ["about:newinstall"], }, - AboutNewTab: { - parent: { - moduleURI: "resource:///actors/AboutNewTabParent.jsm", - }, - child: { - moduleURI: "resource:///actors/AboutNewTabChild.jsm", - events: { - DOMContentLoaded: {}, - pageshow: {}, - visibilitychange: {}, - }, - }, - // The wildcard on about:newtab is for the ?endpoint query parameter - // that is used for snippets debugging. The wildcard for about:home - // is similar, and also allows for falling back to loading the - // about:home document dynamically if an attempt is made to load - // about:home?jscache from the AboutHomeStartupCache as a top-level - // load. - matches: ["about:home*", "about:welcome", "about:newtab*"], - remoteTypes: ["privilegedabout"], - }, - AboutPlugins: { parent: { moduleURI: "resource:///actors/AboutPluginsParent.jsm", @@ -1769,8 +1746,6 @@ BrowserGlue.prototype = { // the first browser window has finished initializing _onFirstWindowLoaded: function BG__onFirstWindowLoaded(aWindow) { - AboutNewTab.init(); - TabCrashHandler.init(); ProcessHangMonitor.init(); @@ -5214,12 +5189,8 @@ var AboutHomeStartupCache = { return { pageInputStream: null, scriptInputStream: null }; } - let state = AboutNewTab.activityStream.store.getState(); - return new Promise(resolve => { - this._cacheDeferred = resolve; - this.log.trace("Parent is requesting cache streams."); - this._procManager.sendAsyncMessage(this.CACHE_REQUEST_MESSAGE, { state }); - }); + this.log.error("Activity Stream is disabled in Tor Browser."); + return { pageInputStream: null, scriptInputStream: null }; }, /** diff --git a/browser/components/newtab/AboutNewTabService.jsm b/browser/components/newtab/AboutNewTabService.jsm index 65e4d38b8d42..9d6fcbe063a0 100644 --- a/browser/components/newtab/AboutNewTabService.jsm +++ b/browser/components/newtab/AboutNewTabService.jsm @@ -430,20 +430,7 @@ class BaseAboutNewTabService { * the newtab page has no effect on the result of this function. */ get defaultURL() { - // Generate the desired activity stream resource depending on state, e.g., - // "resource://activity-stream/prerendered/activity-stream.html" - // "resource://activity-stream/prerendered/activity-stream-debug.html" - // "resource://activity-stream/prerendered/activity-stream-noscripts.html" - return [ - "resource://activity-stream/prerendered/", - "activity-stream", - // Debug version loads dev scripts but noscripts separately loads scripts - this.activityStreamDebug && !this.privilegedAboutProcessEnabled - ? "-debug" - : "", - this.privilegedAboutProcessEnabled ? "-noscripts" : "", - ".html", - ].join(""); + return "about:tor"; } get welcomeURL() { diff --git a/browser/components/preferences/home.inc.xhtml b/browser/components/preferences/home.inc.xhtml index c348e1cf754b..c37dc5e731f6 100644 --- a/browser/components/preferences/home.inc.xhtml +++ b/browser/components/preferences/home.inc.xhtml @@ -33,7 +33,7 @@ class="check-home-page-controlled" data-preference-related="browser.startup.homepage"> <menupopup> - <menuitem value="0" data-l10n-id="home-mode-choice-default" /> + <menuitem value="0" label="&aboutTor.title;" /> <menuitem value="2" data-l10n-id="home-mode-choice-custom" /> <menuitem value="1" data-l10n-id="home-mode-choice-blank" /> </menupopup> @@ -85,7 +85,7 @@ Preferences so we need to handle setting the pref manually.--> <menulist id="newTabMode" flex="1" data-preference-related="browser.newtabpage.enabled"> <menupopup> - <menuitem value="0" data-l10n-id="home-mode-choice-default" /> + <menuitem value="0" label="&aboutTor.title;" /> <menuitem value="1" data-l10n-id="home-mode-choice-blank" /> </menupopup> </menulist> diff --git a/browser/components/preferences/preferences.xhtml b/browser/components/preferences/preferences.xhtml index 7464274ac4d7..5f218b7f3e4b 100644 --- a/browser/components/preferences/preferences.xhtml +++ b/browser/components/preferences/preferences.xhtml @@ -14,7 +14,10 @@ <?xml-stylesheet href="chrome://browser/skin/preferences/privacy.css"?> <?xml-stylesheet href="chrome://browser/content/securitylevel/securityLevelPreferences.css"?> -<!DOCTYPE html> +<!DOCTYPE html [ +<!ENTITY % aboutTorDTD SYSTEM "chrome://torbutton/locale/aboutTor.dtd"> + %aboutTorDTD; +]> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:html="http://www.w3.org/1999/xhtml" diff --git a/browser/modules/HomePage.jsm b/browser/modules/HomePage.jsm index c903787fde48..bf67b1c5d173 100644 --- a/browser/modules/HomePage.jsm +++ b/browser/modules/HomePage.jsm @@ -20,7 +20,7 @@ XPCOMUtils.defineLazyModuleGetters(this, { }); const kPrefName = "browser.startup.homepage"; -const kDefaultHomePage = "about:home"; +const kDefaultHomePage = "about:tor"; const kExtensionControllerPref = "browser.startup.homepage_override.extensionControlled"; const kHomePageIgnoreListId = "homepage-urls";

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 30541: Disable WebGL readPixel() for web content
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 4ee5f11197b6aead1e297ec5e1db975995cbdd74 Author: Georg Koppen <gk(a)torproject.org> Date: Wed May 29 12:29:19 2019 +0000 Bug 30541: Disable WebGL readPixel() for web content --- dom/canvas/ClientWebGLContext.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/dom/canvas/ClientWebGLContext.cpp b/dom/canvas/ClientWebGLContext.cpp index 6015d42679e0..0c7c39ff1082 100644 --- a/dom/canvas/ClientWebGLContext.cpp +++ b/dom/canvas/ClientWebGLContext.cpp @@ -4666,6 +4666,14 @@ bool ClientWebGLContext::ReadPixels_SharedPrecheck( return false; } + // Security check passed, but don't let content readPixel calls through for + // now, if Resist Fingerprinting Mode is enabled. + if (nsContentUtils::ResistFingerprinting(aCallerType)) { + JsWarning("readPixels: Not allowed in Resist Fingerprinting Mode"); + out_error.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR); + return false; + } + return true; }

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 27511: Add new identity button to toolbar
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 044c602b407b61ecd6664cf949b6e32c643cc111 Author: Alex Catarineu <acat(a)torproject.org> Date: Fri Oct 4 19:08:33 2019 +0200 Bug 27511: Add new identity button to toolbar Also added 'New circuit for this site' button to CustomizableUI, but not visible by default. --- browser/base/content/browser.xhtml | 10 ++++++++++ .../components/customizableui/CustomizableUI.jsm | 21 +++++++++++++++++++++ browser/themes/shared/icons/new_circuit.svg | 8 ++++++++ browser/themes/shared/icons/new_identity.svg | 9 +++++++++ browser/themes/shared/jar.inc.mn | 3 +++ browser/themes/shared/menupanel.inc.css | 8 ++++++++ browser/themes/shared/toolbarbutton-icons.inc.css | 8 ++++++++ 7 files changed, 67 insertions(+) diff --git a/browser/base/content/browser.xhtml b/browser/base/content/browser.xhtml index 06a9d5d34326..8ae339e65491 100644 --- a/browser/base/content/browser.xhtml +++ b/browser/base/content/browser.xhtml @@ -2177,6 +2177,16 @@ ondragenter="newWindowButtonObserver.onDragOver(event)" ondragexit="newWindowButtonObserver.onDragExit(event)"/> + <toolbarbutton id="new-identity-button" class="toolbarbutton-1 chromeclass-toolbar-additional" + label="&torbutton.context_menu.new_identity;" + oncommand="torbutton_new_identity();" + tooltiptext="&torbutton.context_menu.new_identity;"/> + + <toolbarbutton id="new-circuit-button" class="toolbarbutton-1 chromeclass-toolbar-additional" + label="&torbutton.context_menu.new_circuit;" + oncommand="torbutton_new_circuit();" + tooltiptext="&torbutton.context_menu.new_circuit;"/> + <toolbarbutton id="fullscreen-button" class="toolbarbutton-1 chromeclass-toolbar-additional" observes="View:FullScreen" type="checkbox" diff --git a/browser/components/customizableui/CustomizableUI.jsm b/browser/components/customizableui/CustomizableUI.jsm index f05262cb574f..83000cc65491 100644 --- a/browser/components/customizableui/CustomizableUI.jsm +++ b/browser/components/customizableui/CustomizableUI.jsm @@ -75,6 +75,8 @@ const kSubviewEvents = ["ViewShowing", "ViewHiding"]; */ var kVersion = 16; +var kTorVersion = 1; + /** * Buttons removed from built-ins by version they were removed. kVersion must be * bumped any time a new id is added to this. Use the button id as key, and @@ -590,6 +592,20 @@ var CustomizableUIInternal = { navbarPlacements.push("fxa-toolbar-menu-button"); } } + + let currentTorVersion = gSavedState.currentTorVersion; + if (currentTorVersion < 1 && gSavedState.placements) { + let navbarPlacements = gSavedState.placements[CustomizableUI.AREA_NAVBAR]; + if (navbarPlacements) { + let secLevelIndex = navbarPlacements.indexOf("security-level-button"); + if (secLevelIndex === -1) { + let urlbarIndex = navbarPlacements.indexOf("urlbar-container"); + secLevelIndex = urlbarIndex + 1; + navbarPlacements.splice(secLevelIndex, 0, "security-level-button"); + } + navbarPlacements.splice(secLevelIndex + 1, 0, "new-identity-button"); + } + } }, /** @@ -2432,6 +2448,10 @@ var CustomizableUIInternal = { gSavedState.currentVersion = 0; } + if (!("currentTorVersion" in gSavedState)) { + gSavedState.currentTorVersion = 0; + } + gSeenWidgets = new Set(gSavedState.seen || []); gDirtyAreaCache = new Set(gSavedState.dirtyAreaCache || []); gNewElementCount = gSavedState.newElementCount || 0; @@ -2510,6 +2530,7 @@ var CustomizableUIInternal = { seen: gSeenWidgets, dirtyAreaCache: gDirtyAreaCache, currentVersion: kVersion, + currentTorVersion: kTorVersion, newElementCount: gNewElementCount, }; diff --git a/browser/themes/shared/icons/new_circuit.svg b/browser/themes/shared/icons/new_circuit.svg new file mode 100644 index 000000000000..e0a93cc83502 --- /dev/null +++ b/browser/themes/shared/icons/new_circuit.svg @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<svg width="16px" height="16px" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> + <title>Icon / New Circuit(a)1.5x</title> + <g id="Icon-/-New-Circuit" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"> + <path d="M13.4411138,10.1446317 L9.5375349,10.1446317 C8.99786512,10.1446317 8.56164018,10.5818326 8.56164018,11.1205264 C8.56164018,11.6592203 8.99786512,12.0964212 9.5375349,12.0964212 L11.4571198,12.0964212 C10.7554515,13.0479185 9.73466563,13.692009 8.60067597,13.9359827 C8.41818366,13.9720908 8.23276366,14.0033194 8.04734366,14.0218614 C7.97219977,14.0277168 7.89803177,14.0306445 7.82288788,14.0335722 C6.07506044,14.137017 4.290149,13.4499871 3.38647049,11.857327 C2.52280367,10.3349312 2.77263271,8.15966189 3.93687511,6.87343267 C5.12453898,5.56183017 7.44814431,5.04363008 8.21226987,3.38558497 C9.01738301,4.92847451 9.60682342,5.02801577 10.853041,6.15029468 C11.2892659,6.54455615 11.9704404,7.55558307 12.1861132,8.10501179 C12.3051723,8.40949094 12.5013272,9.17947187 12.5013272,9.17947187 L14.2862386,9.17947187 C14.2091429,7.59754654 13.439162,5.96877827 12.2261248,4.93628166 C11.279507,4.13116853 10.5065984,3.84718317 9.77662911,2.8088312 C9.63219669,2.60194152 9.599 99216,2.4565332 9.56290816,2.21646311 C9.53851079,2.00762164 9.54143848,1.78511764 9.62048595,1.53919218 C9.65952174,1.41720534 9.59804037,1.28545955 9.47702943,1.23764071 L6.40296106,0.0167964277 C6.32391359,-0.0134563083 6.23413128,-0.00272146652 6.16679454,0.0480250584 L5.95502539,0.206120002 C5.85743592,0.280288 5.82815908,0.416913259 5.89159223,0.523285783 C6.70060895,1.92564648 6.36978064,2.82542141 5.8984235,3.20211676 C5.4914754,3.4900057 4.99084141,3.72226864 4.63366394,3.95453159 C3.82367132,4.47956294 3.03222071,5.02508808 2.40374451,5.76774396 C0.434388969,8.09427695 0.519291809,12.0046871 2.77165682,14.1077402 C3.65288975,14.9284676 4.70295247,15.4749686 5.81742423,15.7570022 C5.81742423,15.7570022 6.13556591,15.833122 6.21754107,15.8497122 C7.36616915,16.0829511 8.53529102,16.0146384 9.62243774,15.6672199 C9.67416016,15.6525815 9.77174963,15.620377 9.76784605,15.6154975 C10.7730176,15.2700308 11.7049971,14.7010841 12.4652191,13.90573 L12.4652191,15.0241053 C12.4652191, 15.5627992 12.901444,16 13.4411138,16 C13.9798077,16 14.4170085,15.5627992 14.4170085,15.0241053 L14.4170085,11.1205264 C14.4170085,10.5818326 13.9798077,10.1446317 13.4411138,10.1446317" id="Fill-3" fill="context-fill" fill-opacity="context-fill-opacity"></path> + <path d="M5.107,7.462 C4.405,8.078 4,8.946 4,9.839 C4,10.712 4.422,11.57 5.13,12.132 C5.724,12.607 6.627,12.898 7.642,12.949 L7.642,5.8 C7.39,6.029 7.103,6.227 6.791,6.387 C5.993,6.812 5.489,7.133 5.107,7.462" id="Fill-1" fill="context-fill" fill-opacity="context-fill-opacity"></path> + </g> +</svg> diff --git a/browser/themes/shared/icons/new_identity.svg b/browser/themes/shared/icons/new_identity.svg new file mode 100644 index 000000000000..91d5b35f7e80 --- /dev/null +++ b/browser/themes/shared/icons/new_identity.svg @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<svg width="16px" height="16px" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> + <title>New Identity Icon</title> + <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"> + <g id="New-Identity-Icon" fill="#000000" fill-rule="nonzero"> + <path d="M4.65687153,14.5532899 L5.79494313,12.0855326 C5.8689125,11.9251399 5.6620883,11.7793527 5.53742729,11.9040137 L3.77194352,13.6694975 L2.32342782,12.2228406 L4.089841,10.4564274 C4.21450201,10.3317664 4.06871482,10.1249422 3.90832206,10.1989116 L1.43773764,11.338287 L0.206601383,10.1087306 C0.0509544211,9.9532834 -0.0167994233,9.75447206 0.00351451705,9.53432844 C0.0238284574,9.31418483 0.154794797,9.13897939 0.330406365,9.0302193 L4.61213917,6.53066101 C4.98542292,6.31331572 5.42541251,6.16259067 5.8659261,6.07796117 C6.63682488,5.92985954 7.40999434,6.06817199 8.09666802,6.42610336 L12.618483,1.910278 C13.0562019,1.47313888 13.7399062,1.45652879 14.1403159,1.87828207 C14.5407256,2.30003536 14.523905,2.96081599 14.0861861,3.39795511 L9.56437119,7.91378047 C9.92258101,8.57753432 10.0391721,9.37155544 9.91292178,10.1416209 C9.85023328,10.5817332 9.67706706,10.9989392 9.45960494,11.3937636 L6.95651989,15.6478297 C6.84761416,15.82321 6.6720026,15.9319701 6.47398108 ,15.9964916 C6.25354962,16.0167745 6.0544801,15.9491049 5.89883314,15.7936577 L4.65687153,14.5532899 L4.65687153,14.5532899 Z M6.35600863,9.57888316 C6.35684236,9.57982492 6.35770616,9.58074275 6.35860024,9.58163642 L7.56801202,10.7899206 C7.78820303,11.010009 8.15567242,10.9533982 8.29166823,10.678253 C8.42766403,10.4031079 8.55818512,10.1511975 8.61427424,9.83946755 C8.73630873,9.14856819 8.51477165,8.45005355 8.01189873,7.92920397 C8.01085853,7.92816425 8.00979562,7.92715687 8.00871022,7.92618158 C8.00773493,7.92509618 8.00672754,7.92403327 8.00568783,7.92299307 C7.48483824,7.42012014 6.7863236,7.19858307 6.09542425,7.32061756 C5.78369428,7.37670668 5.53178393,7.50722777 5.25663877,7.64322357 C4.98149362,7.77921937 4.92488284,8.14668876 5.14497116,8.36687978 L6.35325537,9.57629155 C6.35414904,9.57718564 6.35506687,9.57804944 6.35600863,9.57888316 L6.35600863,9.57888316 Z M3.56503003,4.86094581 C3.44279837,4.85716019 3.33693302,4.76594656 3.31450832,4.6450962 C3.29259157,4.5009814 3 3.24425431,4.36089837 3.1719467,4.23194774 C3.04272848,4.15978087 2.90235166,4.11153221 2.75793184,4.08964745 C2.63678145,4.06729735 2.5453314,3.9616241 2.54155161,3.83961366 C2.53777182,3.71760322 2.62276629,3.61489221 2.74265726,3.59658884 C2.88757581,3.57942626 3.02687427,3.53584537 3.15371096,3.46798665 C3.21938702,3.3436261 3.26061987,3.20700605 3.27529255,3.0651408 C3.29205048,2.94466859 3.39451537,2.85825378 3.5172925,2.86104768 C3.6386065,2.86399065 3.74452528,2.95324633 3.76872081,3.07292141 C3.79288781,3.21715288 3.84342323,3.35694342 3.91777207,3.4852254 C4.04615548,3.55876237 4.18583906,3.60883869 4.32991405,3.63297757 C4.45015386,3.6576218 4.53936117,3.76418021 4.54139495,3.88559216 C4.54342874,4.00700411 4.45770065,4.10814717 4.33816215,4.12536877 C4.1960481,4.14067978 4.05931708,4.18249381 3.9349938,4.24866259 C3.86697751,4.37522253 3.82328954,4.51422019 3.80607564,4.65882867 C3.78847982,4.77811508 3.68677836,4.86339193 3.56503003,4.86094581 Z M14.4103464,14.3126948 C14.2513672,14.307719 14.1137716,14.188804 14.0849193,14.0314492 C14.045996,13.7585014 13.9510862,13.4938971 13.8061961,13.2543814 C13.5663773,13.109665 13.301434,13.0148623 13.0281329,12.9759728 C12.8707684,12.946921 12.75198,12.8095493 12.7470672,12.6509372 C12.7421545,12.492325 12.8525523,12.3587997 13.0082799,12.3350024 C13.2816632,12.3044807 13.5433622,12.2185794 13.7775725,12.0824861 C13.9099238,11.8524988 13.992337,11.5955854 14.0197279,11.3275956 C14.0417134,11.1717293 14.1740126,11.0598594 14.3327736,11.0628895 C14.4905572,11.0667732 14.6282205,11.1831391 14.6593783,11.3389665 C14.703143,11.6110771 14.8017156,11.8740418 14.9490566,12.1117486 C15.1872615,12.2578242 15.450159,12.3559923 15.7221615,12.4004323 C15.8783433,12.4324665 15.9942186,12.5709889 15.9968634,12.7288231 C15.9995083,12.8866572 15.8881575,13.0181443 15.7328877,13.0405352 C15.4641157,13.0669716 15.2064728,13.14931 14.9763475,13.2823129 C14.8406047,13.5164173 14.7548186,13.7777086 14.724105,14.0506041 C14.70 09285,14.2056508 14.5685348,14.3162427 14.4103464,14.3126948 Z M8.37194288,2.75251202 C8.23729358,2.7482977 8.12075529,2.6475812 8.09631849,2.5143077 C8.06335201,2.28313133 7.98296703,2.05902158 7.86025062,1.85616098 C7.65713325,1.73359169 7.43273641,1.65329741 7.2012608,1.62035947 C7.06797908,1.59575373 6.9673698,1.47940513 6.96320889,1.34506671 C6.95904797,1.21072829 7.05255074,1.09763741 7.18444606,1.07748204 C7.41599123,1.0516313 7.6376403,0.978876138 7.83600755,0.863610339 C7.94810399,0.668819911 8.01790485,0.45122403 8.04110388,0.224246882 C8.05972477,0.0922341146 8.17177714,-0.00251545243 8.30624168,5.089704e-05 C8.43987839,0.00334026838 8.55647391,0.101897787 8.58286336,0.233877601 C8.61993042,0.464344927 8.70341768,0.687066016 8.82820981,0.888394549 C9.02996027,1.012115 9.25262444,1.09525963 9.4830002,1.13289867 C9.6152802,1.16003037 9.71342219,1.27735361 9.71566226,1.41103311 C9.71790232,1.5447126 9.62359245,1.65607713 9.49208487,1.67504141 C9.26444525,1.69743199 9.0462315 3,1.76716948 8.85132417,1.87981789 C8.73635526,2.07809534 8.66369764,2.2993991 8.63768445,2.53053117 C8.61805481,2.66184983 8.50592239,2.75551697 8.37194288,2.75251202 Z" id="Shape" fill="context-fill" fill-opacity="context-fill-opacity"></path> + </g> + </g> +</svg> \ No newline at end of file diff --git a/browser/themes/shared/jar.inc.mn b/browser/themes/shared/jar.inc.mn index 45e1010c7963..e1e2919bd177 100644 --- a/browser/themes/shared/jar.inc.mn +++ b/browser/themes/shared/jar.inc.mn @@ -298,3 +298,6 @@ skin/classic/browser/privatebrowsing/favicon.svg (../shared/privatebrowsing/favicon.svg) skin/classic/browser/privatebrowsing/private-browsing.svg (../shared/privatebrowsing/private-browsing.svg) skin/classic/browser/critical.svg (../shared/icons/critical.svg) + + skin/classic/browser/new_circuit.svg (../shared/icons/new_circuit.svg) + skin/classic/browser/new_identity.svg (../shared/icons/new_identity.svg) diff --git a/browser/themes/shared/menupanel.inc.css b/browser/themes/shared/menupanel.inc.css index 5c16ad076fda..432a012c3326 100644 --- a/browser/themes/shared/menupanel.inc.css +++ b/browser/themes/shared/menupanel.inc.css @@ -177,3 +177,11 @@ toolbarpaletteitem[place="palette"] > #bookmarks-menu-button, #appMenu-library-downloads-show-button { list-style-image: url("chrome://browser/skin/folder.svg"); } + +#appMenuNewIdentity { + list-style-image: url("chrome://browser/skin/new_identity.svg"); +} + +#appMenuNewCircuit { + list-style-image: url("chrome://browser/skin/new_circuit.svg"); +} diff --git a/browser/themes/shared/toolbarbutton-icons.inc.css b/browser/themes/shared/toolbarbutton-icons.inc.css index ed1d928e9c89..2e034569c148 100644 --- a/browser/themes/shared/toolbarbutton-icons.inc.css +++ b/browser/themes/shared/toolbarbutton-icons.inc.css @@ -233,6 +233,14 @@ toolbar[brighttext] { list-style-image: url("chrome://browser/skin/new-tab.svg"); } +#new-identity-button { + list-style-image: url("chrome://browser/skin/new_identity.svg"); +} + +#new-circuit-button { + list-style-image: url("chrome://browser/skin/new_circuit.svg"); +} + #privatebrowsing-button { list-style-image: url("chrome://browser/skin/privateBrowsing.svg"); }

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 31607: App menu items stop working on macOS
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 152168c686ab401cdf6480b90cc9f1bbb1f69ba0 Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Thu Oct 3 10:53:43 2019 -0400 Bug 31607: App menu items stop working on macOS Avoid re-creating the hidden window, since this causes the nsMenuBarX object that is associated with the app menu to be freed (which in turn causes all of the app menu items to stop working). More detail: There should only be one hidden window. XREMain::XRE_mainRun() contains an explicit call to create the hidden window and that is the normal path by which it is created. However, when Tor Launcher's wizard/progress window is opened during startup, a hidden window is created earlier as a side effect of calls to nsAppShellService::GetHiddenWindow(). Then, when XREMain::XRE_mainRun() creates its hidden window, the original one is freed which also causes the app menu's nsMenuBarX object which is associated with that window to be destroyed. When that happens, the menuGroupOwner property within each Cocoa menu items's MenuItemInfo object is cleared. This breaks the link that is necessary for NativeMenuItemTarget's menuItemHit method to dispatch a menu item event. --- xpfe/appshell/nsAppShellService.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/xpfe/appshell/nsAppShellService.cpp b/xpfe/appshell/nsAppShellService.cpp index c7c3da49d86e..1cb1c6f5a7f9 100644 --- a/xpfe/appshell/nsAppShellService.cpp +++ b/xpfe/appshell/nsAppShellService.cpp @@ -93,6 +93,10 @@ void nsAppShellService::EnsureHiddenWindow() { NS_IMETHODIMP nsAppShellService::CreateHiddenWindow() { + if (mHiddenWindow) { + return NS_OK; + } + if (!XRE_IsParentProcess()) { return NS_ERROR_NOT_IMPLEMENTED; }

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 32220: Improve the letterboxing experience
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 97d0916230edecf78fc7db0a025542d01201d708 Author: Richard Pospesel <richard(a)torproject.org> Date: Mon Oct 28 17:42:17 2019 -0700 Bug 32220: Improve the letterboxing experience CSS and JS changes to alter the UX surrounding letterboxing. The browser element containing page content is now anchored to the bottom of the toolbar, and the remaining letterbox margin is the same color as the firefox chrome. The letterbox margin and border are tied to the currently selected theme. Also adds a 'needsLetterbox' property to tabbrowser.xml to fix a race condition present when using the 'isEmpty' property. Using 'isEmpty' as a proxy for 'needsLetterbox' resulted in over-zealous/unnecessary letterboxing of about:blank tabs. --- browser/base/content/browser.css | 8 ++ browser/base/content/tabbrowser-tab.js | 9 +++ browser/themes/shared/tabs.inc.css | 6 ++ .../components/resistfingerprinting/RFPHelper.jsm | 94 +++++++++++++++++++--- 4 files changed, 105 insertions(+), 12 deletions(-) diff --git a/browser/base/content/browser.css b/browser/base/content/browser.css index 8ac29cad6c38..a003a134237d 100644 --- a/browser/base/content/browser.css +++ b/browser/base/content/browser.css @@ -85,6 +85,14 @@ body { display: none; } + +.browserStack > browser.letterboxing { + border-color: var(--chrome-content-separator-color); + border-style: solid; + border-width : 1px; + border-top: none; +} + %ifdef MENUBAR_CAN_AUTOHIDE #toolbar-menubar[autohide="true"] { overflow: hidden; diff --git a/browser/base/content/tabbrowser-tab.js b/browser/base/content/tabbrowser-tab.js index 8668a24611c8..53ac60fa9be8 100644 --- a/browser/base/content/tabbrowser-tab.js +++ b/browser/base/content/tabbrowser-tab.js @@ -242,6 +242,15 @@ return true; } + get needsLetterbox() { + let browser = this.linkedBrowser; + if (isBlankPageURL(browser.currentURI.spec)) { + return false; + } + + return true; + } + get lastAccessed() { return this._lastAccessed == Infinity ? Date.now() : this._lastAccessed; } diff --git a/browser/themes/shared/tabs.inc.css b/browser/themes/shared/tabs.inc.css index b707ab86835f..5ff99944bc1c 100644 --- a/browser/themes/shared/tabs.inc.css +++ b/browser/themes/shared/tabs.inc.css @@ -42,6 +42,12 @@ background-color: #f9f9fa; } +/* extend down the toolbar's colors when letterboxing is enabled*/ +#tabbrowser-tabpanels.letterboxing { + background-color: var(--toolbar-bgcolor); + background-image: var(--toolbar-bgimage); +} + :root[privatebrowsingmode=temporary] #tabbrowser-tabpanels { /* Value for --in-content-page-background in aboutPrivateBrowsing.css */ background-color: #25003e; diff --git a/toolkit/components/resistfingerprinting/RFPHelper.jsm b/toolkit/components/resistfingerprinting/RFPHelper.jsm index 166ad21e9013..9520d8720631 100644 --- a/toolkit/components/resistfingerprinting/RFPHelper.jsm +++ b/toolkit/components/resistfingerprinting/RFPHelper.jsm @@ -40,6 +40,7 @@ class _RFPHelper { // ============================================================================ constructor() { this._initialized = false; + this._borderDimensions = null; } init() { @@ -361,6 +362,24 @@ class _RFPHelper { }); } + getBorderDimensions(aBrowser) { + if (this._borderDimensions) { + return this._borderDimensions; + } + + const win = aBrowser.ownerGlobal; + const browserStyle = win.getComputedStyle(aBrowser); + + this._borderDimensions = { + top : parseInt(browserStyle.borderTopWidth), + right: parseInt(browserStyle.borderRightWidth), + bottom : parseInt(browserStyle.borderBottomWidth), + left : parseInt(browserStyle.borderLeftWidth), + }; + + return this._borderDimensions; + } + _addOrClearContentMargin(aBrowser) { let tab = aBrowser.getTabBrowser().getTabForBrowser(aBrowser); @@ -369,9 +388,13 @@ class _RFPHelper { return; } + // we add the letterboxing class even if the content does not need letterboxing + // in which case margins are set such that the borders are hidden + aBrowser.classList.add("letterboxing"); + // We should apply no margin around an empty tab or a tab with system // principal. - if (tab.isEmpty || aBrowser.contentPrincipal.isSystemPrincipal) { + if (!tab.needsLetterbox || aBrowser.contentPrincipal.isSystemPrincipal) { this._clearContentViewMargin(aBrowser); } else { this._roundContentView(aBrowser); @@ -539,10 +562,29 @@ class _RFPHelper { // Calculating the margins around the browser element in order to round the // content viewport. We will use a 200x100 stepping if the dimension set // is not given. - let margins = calcMargins(containerWidth, containerHeight); + + const borderDimensions = this.getBorderDimensions(aBrowser); + const marginDims = calcMargins(containerWidth, containerHeight - borderDimensions.top); + + let margins = { + top : 0, + right : 0, + bottom : 0, + left : 0, + }; + + // snap browser element to top + margins.top = 0; + // and leave 'double' margin at the bottom + margins.bottom = 2 * marginDims.height - borderDimensions.bottom; + // identical margins left and right + margins.right = marginDims.width - borderDimensions.right; + margins.left = marginDims.width - borderDimensions.left; + + const marginStyleString = `${margins.top}px ${margins.right}px ${margins.bottom}px ${margins.left}px`; // If the size of the content is already quantized, we do nothing. - if (aBrowser.style.margin == `${margins.height}px ${margins.width}px`) { + if (aBrowser.style.margin === marginStyleString) { log("_roundContentView[" + logId + "] is_rounded == true"); if (this._isLetterboxingTesting) { log( @@ -563,19 +605,35 @@ class _RFPHelper { "_roundContentView[" + logId + "] setting margins to " + - margins.width + - " x " + - margins.height + marginStyleString ); - // One cannot (easily) control the color of a margin unfortunately. - // An initial attempt to use a border instead of a margin resulted - // in offset event dispatching; so for now we use a colorless margin. - aBrowser.style.margin = `${margins.height}px ${margins.width}px`; + + // The margin background color is determined by the background color of the + // window's tabpanels#tabbrowser-tabpanels element + aBrowser.style.margin = marginStyleString; }); } _clearContentViewMargin(aBrowser) { + const borderDimensions = this.getBorderDimensions(aBrowser); + // set the margins such that the browser elements border is visible up top, but + // are rendered off-screen on the remaining sides + let margins = { + top : 0, + right : -borderDimensions.right, + bottom : -borderDimensions.bottom, + left : -borderDimensions.left, + }; + const marginStyleString = `${margins.top}px ${margins.right}px ${margins.bottom}px ${margins.left}px`; + + aBrowser.ownerGlobal.requestAnimationFrame(() => { + aBrowser.style.margin = marginStyleString; + }); + } + + _removeLetterboxing(aBrowser) { aBrowser.ownerGlobal.requestAnimationFrame(() => { + aBrowser.classList.remove("letterboxing"); aBrowser.style.margin = ""; }); } @@ -593,6 +651,11 @@ class _RFPHelper { aWindow.gBrowser.addTabsProgressListener(this); aWindow.addEventListener("TabOpen", this); + const tabPanel = aWindow.document.getElementById("tabbrowser-tabpanels"); + if (tabPanel) { + tabPanel.classList.add("letterboxing"); + } + // Rounding the content viewport. this._updateMarginsForTabsInWindow(aWindow); } @@ -616,10 +679,17 @@ class _RFPHelper { tabBrowser.removeTabsProgressListener(this); aWindow.removeEventListener("TabOpen", this); - // Clear all margins and tooltip for all browsers. + // revert tabpanel's background colors to default + const tabPanel = aWindow.document.getElementById("tabbrowser-tabpanels"); + if (tabPanel) { + tabPanel.classList.remove("letterboxing"); + } + + // and revert each browser element to default, + // restore default margins and remove letterboxing class for (let tab of tabBrowser.tabs) { let browser = tab.linkedBrowser; - this._clearContentViewMargin(browser); + this._removeLetterboxing(browser); } }

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 31740: Remove some unnecessary RemoteSettings instances
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 19a3e01355a314508afaebeda5ca444ae9d229d0 Author: Alex Catarineu <acat(a)torproject.org> Date: Wed Oct 16 23:01:12 2019 +0200 Bug 31740: Remove some unnecessary RemoteSettings instances More concretely, SearchService.jsm 'hijack-blocklists' and url-classifier-skip-urls. Avoid creating instance for 'anti-tracking-url-decoration'. If prefs are disabling their usage, avoid creating instances for 'cert-revocations' and 'intermediates'. Do not ship JSON dumps for collections we do not expect to need. For the ones in the 'main' bucket, this prevents them from being synced unnecessarily (the code in remote-settings does so for collections in the main bucket for which a dump or local data exists). For the collections in the other buckets, we just save some size by not shipping their dumps. We also clear the collections database on the v2 -> v3 migration. --- browser/app/profile/000-tor-browser.js | 3 +++ browser/components/search/SearchSERPTelemetry.jsm | 6 ------ .../url-classifier/UrlClassifierFeatureBase.cpp | 2 +- netwerk/url-classifier/components.conf | 6 ------ security/manager/ssl/RemoteSecuritySettings.jsm | 23 ++++++++++++++++++++++ services/settings/IDBHelpers.jsm | 4 ++++ services/settings/dumps/blocklists/moz.build | 1 - services/settings/dumps/main/moz.build | 7 ------- services/settings/dumps/security-state/moz.build | 1 - .../components/antitracking/antitracking.manifest | 2 +- toolkit/components/antitracking/components.conf | 7 ------- toolkit/components/search/SearchService.jsm | 2 -- 12 files changed, 32 insertions(+), 32 deletions(-) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index 241fb152b013..d7c7d366b24d 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -149,6 +149,9 @@ pref("extensions.fxmonitor.enabled", false); pref("signon.management.page.mobileAndroidURL", ""); pref("signon.management.page.mobileAppleURL", ""); +// Disable remote "password recipes" +pref("signon.recipes.remoteRecipesEnabled", false); + // Disable ServiceWorkers and push notifications by default pref("dom.serviceWorkers.enabled", false); pref("dom.push.enabled", false); diff --git a/browser/components/search/SearchSERPTelemetry.jsm b/browser/components/search/SearchSERPTelemetry.jsm index a11bfc7176c9..efb5f2318fe4 100644 --- a/browser/components/search/SearchSERPTelemetry.jsm +++ b/browser/components/search/SearchSERPTelemetry.jsm @@ -95,13 +95,7 @@ class TelemetryHandler { return; } - this._telemetrySettings = RemoteSettings(TELEMETRY_SETTINGS_KEY); let rawProviderInfo = []; - try { - rawProviderInfo = await this._telemetrySettings.get(); - } catch (ex) { - logConsole.error("Could not get settings:", ex); - } // Send the provider info to the child handler. this._contentHandler.init(rawProviderInfo); diff --git a/netwerk/url-classifier/UrlClassifierFeatureBase.cpp b/netwerk/url-classifier/UrlClassifierFeatureBase.cpp index 07da1fd07374..48bcc7d10af9 100644 --- a/netwerk/url-classifier/UrlClassifierFeatureBase.cpp +++ b/netwerk/url-classifier/UrlClassifierFeatureBase.cpp @@ -78,7 +78,7 @@ void UrlClassifierFeatureBase::InitializePreferences() { nsCOMPtr<nsIUrlClassifierExceptionListService> exceptionListService = do_GetService("@mozilla.org/url-classifier/exception-list-service;1"); - if (NS_WARN_IF(!exceptionListService)) { + if (!exceptionListService) { return; } diff --git a/netwerk/url-classifier/components.conf b/netwerk/url-classifier/components.conf index 03a02f0ebeab..b2e667247317 100644 --- a/netwerk/url-classifier/components.conf +++ b/netwerk/url-classifier/components.conf @@ -13,10 +13,4 @@ Classes = [ 'constructor': 'mozilla::net::ChannelClassifierService::GetSingleton', 'headers': ['mozilla/net/ChannelClassifierService.h'], }, - { - 'cid': '{b9f4fd03-9d87-4bfd-9958-85a821750ddc}', - 'contract_ids': ['@mozilla.org/url-classifier/exception-list-service;1'], - 'jsm': 'resource://gre/modules/UrlClassifierExceptionListService.jsm', - 'constructor': 'UrlClassifierExceptionListService', - }, ] diff --git a/security/manager/ssl/RemoteSecuritySettings.jsm b/security/manager/ssl/RemoteSecuritySettings.jsm index 0beca1424741..1cffbd907bae 100644 --- a/security/manager/ssl/RemoteSecuritySettings.jsm +++ b/security/manager/ssl/RemoteSecuritySettings.jsm @@ -336,6 +336,16 @@ var RemoteSecuritySettings = { class IntermediatePreloads { constructor() { + this.maybeInit(); + } + + maybeInit() { + if ( + this.client || + !Services.prefs.getBoolPref(INTERMEDIATES_ENABLED_PREF, true) + ) { + return; + } this.client = RemoteSettings( Services.prefs.getCharPref(INTERMEDIATES_COLLECTION_PREF), { @@ -365,6 +375,7 @@ class IntermediatePreloads { ); return; } + this.maybeInit(); // Download attachments that are awaiting download, up to a max. const maxDownloadsPerRun = Services.prefs.getIntPref( @@ -675,6 +686,16 @@ function compareFilters(filterA, filterB) { class CRLiteFilters { constructor() { + this.maybeInit(); + } + + maybeInit() { + if ( + this.client || + !Services.prefs.getBoolPref(CRLITE_FILTERS_ENABLED_PREF, true) + ) { + return; + } this.client = RemoteSettings( Services.prefs.getCharPref(CRLITE_FILTERS_COLLECTION_PREF), { @@ -702,6 +723,8 @@ class CRLiteFilters { return; } + this.maybeInit(); + let hasPriorFilter = await hasPriorData( Ci.nsICertStorage.DATA_TYPE_CRLITE_FILTER_FULL ); diff --git a/services/settings/IDBHelpers.jsm b/services/settings/IDBHelpers.jsm index 5dc59c3687ef..010a5ea82987 100644 --- a/services/settings/IDBHelpers.jsm +++ b/services/settings/IDBHelpers.jsm @@ -188,6 +188,10 @@ async function openIDB(allowUpgrades = true) { }); } if (event.oldVersion < 3) { + // Clear existing stores for a fresh start + transaction.objectStore("records").clear(); + transaction.objectStore("timestamps").clear(); + transaction.objectStore("collections").clear(); // Attachment store db.createObjectStore("attachments", { keyPath: ["cid", "attachmentId"], diff --git a/services/settings/dumps/blocklists/moz.build b/services/settings/dumps/blocklists/moz.build index cdeb7e180c38..4ca18acd4ff6 100644 --- a/services/settings/dumps/blocklists/moz.build +++ b/services/settings/dumps/blocklists/moz.build @@ -10,7 +10,6 @@ with Files("**"): # The addons blocklist is also in mobile/android/installer/package-manifest.in FINAL_TARGET_FILES.defaults.settings.blocklists += [ "addons-bloomfilters.json", - "addons.json", "gfx.json", "plugins.json", ] diff --git a/services/settings/dumps/main/moz.build b/services/settings/dumps/main/moz.build index d67162de87ac..c91b2b6f6264 100644 --- a/services/settings/dumps/main/moz.build +++ b/services/settings/dumps/main/moz.build @@ -3,17 +3,10 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. FINAL_TARGET_FILES.defaults.settings.main += [ - "anti-tracking-url-decoration.json", "example.json", "hijack-blocklists.json", "language-dictionaries.json", - "password-recipes.json", - "search-config.json", "search-default-override-allowlist.json", - "search-telemetry.json", - "sites-classification.json", - "top-sites.json", - "url-classifier-skip-urls.json", ] if CONFIG["MOZ_BUILD_APP"] == "browser": diff --git a/services/settings/dumps/security-state/moz.build b/services/settings/dumps/security-state/moz.build index 9133cd4e3ed6..0d250ecddbe8 100644 --- a/services/settings/dumps/security-state/moz.build +++ b/services/settings/dumps/security-state/moz.build @@ -3,7 +3,6 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/. FINAL_TARGET_FILES.defaults.settings["security-state"] += [ - "intermediates.json", "onecrl.json", ] diff --git a/toolkit/components/antitracking/antitracking.manifest b/toolkit/components/antitracking/antitracking.manifest index 5eb37f9a3f99..872e6af07575 100644 --- a/toolkit/components/antitracking/antitracking.manifest +++ b/toolkit/components/antitracking/antitracking.manifest @@ -1 +1 @@ -category profile-after-change URLDecorationAnnotationsService @mozilla.org/tracking-url-decoration-service;1 process=main +# category profile-after-change URLDecorationAnnotationsService @mozilla.org/tracking-url-decoration-service;1 process=main diff --git a/toolkit/components/antitracking/components.conf b/toolkit/components/antitracking/components.conf index c5e21b06156b..53db083e394c 100644 --- a/toolkit/components/antitracking/components.conf +++ b/toolkit/components/antitracking/components.conf @@ -11,13 +11,6 @@ Classes = [ 'jsm': 'resource://gre/modules/TrackingDBService.jsm', 'constructor': 'TrackingDBService', }, - { - 'cid': '{5874af6d-5719-4e1b-b155-ef4eae7fcb32}', - 'contract_ids': ['@mozilla.org/tracking-url-decoration-service;1'], - 'jsm': 'resource://gre/modules/URLDecorationAnnotationsService.jsm', - 'constructor': 'URLDecorationAnnotationsService', - 'processes': ProcessSelector.MAIN_PROCESS_ONLY, - }, { 'cid': '{90d1fd17-2018-4e16-b73c-a04a26fa6dd4}', 'contract_ids': ['@mozilla.org/purge-tracker-service;1'], diff --git a/toolkit/components/search/SearchService.jsm b/toolkit/components/search/SearchService.jsm index 9a6c4e64aad7..ad352333e187 100644 --- a/toolkit/components/search/SearchService.jsm +++ b/toolkit/components/search/SearchService.jsm @@ -251,8 +251,6 @@ SearchService.prototype = { // See if we have a settings file so we don't have to parse a bunch of XML. let settings = await this._settings.get(); - this._setupRemoteSettings().catch(Cu.reportError); - await this._loadEngines(settings); // If we've got this far, but the application is now shutting down,

1 0

[tor-browser/tor-browser-86.0b1-10.5-1] Bug 32092: Fix Tor Browser Support link in preferences
by gk＠torproject.org 30 Jan '21

30 Jan '21

commit 29ca0a9b87d12f7bc5de2645d6e964aba78a2dc0 Author: Alex Catarineu <acat(a)torproject.org> Date: Tue Oct 15 22:54:10 2019 +0200 Bug 32092: Fix Tor Browser Support link in preferences --- browser/components/preferences/preferences.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/browser/components/preferences/preferences.js b/browser/components/preferences/preferences.js index a89fddd0306d..ce338584142e 100644 --- a/browser/components/preferences/preferences.js +++ b/browser/components/preferences/preferences.js @@ -166,10 +166,7 @@ function init_all() { gotoPref().then(() => { let helpButton = document.getElementById("helpButton"); - let helpUrl = - Services.urlFormatter.formatURLPref("app.support.baseURL") + - "preferences"; - helpButton.setAttribute("href", helpUrl); + helpButton.setAttribute("href", "https://support.torproject.org/tbb"); document.getElementById("addonsButton").addEventListener("click", e => { if (e.button >= 2) {

1 0