- tbb-commits - lists.torproject.org

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-140.5.0esr-15.0-1-build2
by ma1 (＠ma1) 10 Nov '25

10 Nov '25

ma1 pushed new tag mullvad-browser-140.5.0esr-15.0-1-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.5.0esr-15.0-1] 2 commits: Bug 1880634 - Use chrome-only dispatch for the MozTogglePictureInPicture event. r=niklas
by ma1 (＠ma1) 10 Nov '25

10 Nov '25

ma1 pushed to branch mullvad-browser-140.5.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 35a291da by Mike Conley at 2025-11-10T11:48:22+01:00 Bug 1880634 - Use chrome-only dispatch for the MozTogglePictureInPicture event. r=niklas Differential Revision: https://phabricator.services.mozilla.com/D202063 - - - - - 629f8c06 by Nika Layzell at 2025-11-10T11:48:30+01:00 Bug 1987977 - Add extra fd validation to ChannelPosix, r=ipc-reviewers,jld Every attached FD has a guaranteed 4 bytes of payload, so this check should be redundant unless a message payload is manually constructed or corrupted. Differential Revision: https://phabricator.services.mozilla.com/D265038 - - - - - 5 changed files: - browser/actors/ContextMenuChild.sys.mjs - ipc/chromium/src/chrome/common/ipc_channel_posix.cc - toolkit/actors/PictureInPictureChild.sys.mjs - toolkit/components/pictureinpicture/tests/click-event-helper.js - toolkit/components/pictureinpicture/tests/head.js Changes: ===================================== browser/actors/ContextMenuChild.sys.mjs ===================================== @@ -121,7 +121,10 @@ export class ContextMenuChild extends JSWindowActorChild { }, this.contentWindow ); - media.dispatchEvent(event); + this.contentWindow.windowUtils.dispatchEventToChromeOnly( + media, + event + ); break; } } ===================================== ipc/chromium/src/chrome/common/ipc_channel_posix.cc ===================================== @@ -419,8 +419,9 @@ bool Channel::ChannelImpl::ProcessIncomingMessages() { error = "Message needs unreceived descriptors"; } - if (m.header()->num_handles > - IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE) { + size_t maxHandles = std::min<size_t>( + m.size(), IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE); + if (m.header()->num_handles > maxHandles) { // There are too many descriptors in this message error = "Message requires an excessive number of descriptors"; } @@ -536,8 +537,9 @@ bool Channel::ChannelImpl::ProcessOutgoingMessages() { } #endif - if (msg->attached_handles_.Length() > - IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE) { + size_t maxHandles = std::min<size_t>( + msg->size(), IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE); + if (msg->attached_handles_.Length() > maxHandles) { MOZ_DIAGNOSTIC_CRASH("Too many file descriptors!"); CHROMIUM_LOG(FATAL) << "Too many file descriptors!"; // This should not be reached. ===================================== toolkit/actors/PictureInPictureChild.sys.mjs ===================================== @@ -191,7 +191,10 @@ export class PictureInPictureLauncherChild extends JSWindowActorChild { detail: { reason }, } ); - video.dispatchEvent(stopPipEvent); + this.contentWindow.windowUtils.dispatchEventToChromeOnly( + video, + stopPipEvent + ); return; } @@ -703,7 +706,7 @@ export class PictureInPictureToggleChild extends JSWindowActorChild { detail: { reason: "UrlBar", eventExtraKeys }, } ); - video.dispatchEvent(pipEvent); + this.contentWindow.windowUtils.dispatchEventToChromeOnly(video, pipEvent); } } @@ -1092,7 +1095,7 @@ export class PictureInPictureToggleChild extends JSWindowActorChild { detail: { reason: "Toggle" }, } ); - video.dispatchEvent(pipEvent); + this.contentWindow.windowUtils.dispatchEventToChromeOnly(video, pipEvent); // Since we've initiated Picture-in-Picture, we can go ahead and // hide the toggle now. ===================================== toolkit/components/pictureinpicture/tests/click-event-helper.js ===================================== @@ -2,13 +2,20 @@ http://creativecommons.org/publicdomain/zero/1.0/ */ /** - * This helper script is used to record mouse button events for - * Picture-in-Picture toggle click tests. Anytime the toggle is - * clicked, we expect none of the events to be fired. Otherwise, - * all events should be fired when clicking. + * This helper script is used to record events for Picture-in-Picture toggle + * click tests. Anytime the toggle is clicked, we expect none of the events to + * be fired. Otherwise, all (except MozTogglePictureInPicture) events should be + * fired when clicking on web content. */ -let eventTypes = ["pointerdown", "mousedown", "pointerup", "mouseup", "click"]; +let eventTypes = [ + "MozTogglePictureInPicture", + "pointerdown", + "mousedown", + "pointerup", + "mouseup", + "click", +]; for (let event of eventTypes) { addEventListener(event, recordEvent, { capture: true }); ===================================== toolkit/components/pictureinpicture/tests/head.js ===================================== @@ -139,7 +139,7 @@ async function triggerPictureInPicture(browser, videoID, triggerFn) { let event = new content.CustomEvent("MozTogglePictureInPicture", { bubbles: true, }); - video.dispatchEvent(event); + content.windowUtils.dispatchEventToChromeOnly(video, event); await ContentTaskUtils.waitForCondition(() => { return video.isCloningElementVisually; }, "Video is being cloned visually."); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/0c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/0c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-140.5.0esr-15.0-1-build2
by ma1 (＠ma1) 10 Nov '25

10 Nov '25

ma1 pushed new tag base-browser-140.5.0esr-15.0-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-13.5.24-build1
by morgan (＠morgan) 10 Nov '25

10 Nov '25

morgan pushed new tag tbb-13.5.24-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.5.0esr-15.0-1] 2 commits: Bug 1880634 - Use chrome-only dispatch for the MozTogglePictureInPicture event. r=niklas
by ma1 (＠ma1) 10 Nov '25

10 Nov '25

ma1 pushed to branch base-browser-140.5.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: f1070f84 by Mike Conley at 2025-11-10T11:35:37+01:00 Bug 1880634 - Use chrome-only dispatch for the MozTogglePictureInPicture event. r=niklas Differential Revision: https://phabricator.services.mozilla.com/D202063 - - - - - 0dd46822 by Nika Layzell at 2025-11-10T11:36:52+01:00 Bug 1987977 - Add extra fd validation to ChannelPosix, r=ipc-reviewers,jld Every attached FD has a guaranteed 4 bytes of payload, so this check should be redundant unless a message payload is manually constructed or corrupted. Differential Revision: https://phabricator.services.mozilla.com/D265038 - - - - - 5 changed files: - browser/actors/ContextMenuChild.sys.mjs - ipc/chromium/src/chrome/common/ipc_channel_posix.cc - toolkit/actors/PictureInPictureChild.sys.mjs - toolkit/components/pictureinpicture/tests/click-event-helper.js - toolkit/components/pictureinpicture/tests/head.js Changes: ===================================== browser/actors/ContextMenuChild.sys.mjs ===================================== @@ -121,7 +121,10 @@ export class ContextMenuChild extends JSWindowActorChild { }, this.contentWindow ); - media.dispatchEvent(event); + this.contentWindow.windowUtils.dispatchEventToChromeOnly( + media, + event + ); break; } } ===================================== ipc/chromium/src/chrome/common/ipc_channel_posix.cc ===================================== @@ -419,8 +419,9 @@ bool Channel::ChannelImpl::ProcessIncomingMessages() { error = "Message needs unreceived descriptors"; } - if (m.header()->num_handles > - IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE) { + size_t maxHandles = std::min<size_t>( + m.size(), IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE); + if (m.header()->num_handles > maxHandles) { // There are too many descriptors in this message error = "Message requires an excessive number of descriptors"; } @@ -536,8 +537,9 @@ bool Channel::ChannelImpl::ProcessOutgoingMessages() { } #endif - if (msg->attached_handles_.Length() > - IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE) { + size_t maxHandles = std::min<size_t>( + msg->size(), IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE); + if (msg->attached_handles_.Length() > maxHandles) { MOZ_DIAGNOSTIC_CRASH("Too many file descriptors!"); CHROMIUM_LOG(FATAL) << "Too many file descriptors!"; // This should not be reached. ===================================== toolkit/actors/PictureInPictureChild.sys.mjs ===================================== @@ -191,7 +191,10 @@ export class PictureInPictureLauncherChild extends JSWindowActorChild { detail: { reason }, } ); - video.dispatchEvent(stopPipEvent); + this.contentWindow.windowUtils.dispatchEventToChromeOnly( + video, + stopPipEvent + ); return; } @@ -703,7 +706,7 @@ export class PictureInPictureToggleChild extends JSWindowActorChild { detail: { reason: "UrlBar", eventExtraKeys }, } ); - video.dispatchEvent(pipEvent); + this.contentWindow.windowUtils.dispatchEventToChromeOnly(video, pipEvent); } } @@ -1092,7 +1095,7 @@ export class PictureInPictureToggleChild extends JSWindowActorChild { detail: { reason: "Toggle" }, } ); - video.dispatchEvent(pipEvent); + this.contentWindow.windowUtils.dispatchEventToChromeOnly(video, pipEvent); // Since we've initiated Picture-in-Picture, we can go ahead and // hide the toggle now. ===================================== toolkit/components/pictureinpicture/tests/click-event-helper.js ===================================== @@ -2,13 +2,20 @@ http://creativecommons.org/publicdomain/zero/1.0/ */ /** - * This helper script is used to record mouse button events for - * Picture-in-Picture toggle click tests. Anytime the toggle is - * clicked, we expect none of the events to be fired. Otherwise, - * all events should be fired when clicking. + * This helper script is used to record events for Picture-in-Picture toggle + * click tests. Anytime the toggle is clicked, we expect none of the events to + * be fired. Otherwise, all (except MozTogglePictureInPicture) events should be + * fired when clicking on web content. */ -let eventTypes = ["pointerdown", "mousedown", "pointerup", "mouseup", "click"]; +let eventTypes = [ + "MozTogglePictureInPicture", + "pointerdown", + "mousedown", + "pointerup", + "mouseup", + "click", +]; for (let event of eventTypes) { addEventListener(event, recordEvent, { capture: true }); ===================================== toolkit/components/pictureinpicture/tests/head.js ===================================== @@ -139,7 +139,7 @@ async function triggerPictureInPicture(browser, videoID, triggerFn) { let event = new content.CustomEvent("MozTogglePictureInPicture", { bubbles: true, }); - video.dispatchEvent(event); + content.windowUtils.dispatchEventToChromeOnly(video, event); await ContentTaskUtils.waitForCondition(() => { return video.isCloningElementVisually; }, "Video is being cloned visually."); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/9ebdbd… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/9ebdbd… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-140.5.0esr-15.0-1-build2
by ma1 (＠ma1) 10 Nov '25

10 Nov '25

ma1 pushed new tag tor-browser-140.5.0esr-15.0-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.5.0esr-15.0-1] 2 commits: Bug 1880634 - Use chrome-only dispatch for the MozTogglePictureInPicture event. r=niklas
by ma1 (＠ma1) 10 Nov '25

10 Nov '25

ma1 pushed to branch tor-browser-140.5.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 3afcf901 by Mike Conley at 2025-11-10T11:30:33+01:00 Bug 1880634 - Use chrome-only dispatch for the MozTogglePictureInPicture event. r=niklas Differential Revision: https://phabricator.services.mozilla.com/D202063 - - - - - 271cd852 by Nika Layzell at 2025-11-10T11:30:47+01:00 Bug 1987977 - Add extra fd validation to ChannelPosix, r=ipc-reviewers,jld Every attached FD has a guaranteed 4 bytes of payload, so this check should be redundant unless a message payload is manually constructed or corrupted. Differential Revision: https://phabricator.services.mozilla.com/D265038 - - - - - 5 changed files: - browser/actors/ContextMenuChild.sys.mjs - ipc/chromium/src/chrome/common/ipc_channel_posix.cc - toolkit/actors/PictureInPictureChild.sys.mjs - toolkit/components/pictureinpicture/tests/click-event-helper.js - toolkit/components/pictureinpicture/tests/head.js Changes: ===================================== browser/actors/ContextMenuChild.sys.mjs ===================================== @@ -121,7 +121,10 @@ export class ContextMenuChild extends JSWindowActorChild { }, this.contentWindow ); - media.dispatchEvent(event); + this.contentWindow.windowUtils.dispatchEventToChromeOnly( + media, + event + ); break; } } ===================================== ipc/chromium/src/chrome/common/ipc_channel_posix.cc ===================================== @@ -419,8 +419,9 @@ bool Channel::ChannelImpl::ProcessIncomingMessages() { error = "Message needs unreceived descriptors"; } - if (m.header()->num_handles > - IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE) { + size_t maxHandles = std::min<size_t>( + m.size(), IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE); + if (m.header()->num_handles > maxHandles) { // There are too many descriptors in this message error = "Message requires an excessive number of descriptors"; } @@ -536,8 +537,9 @@ bool Channel::ChannelImpl::ProcessOutgoingMessages() { } #endif - if (msg->attached_handles_.Length() > - IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE) { + size_t maxHandles = std::min<size_t>( + msg->size(), IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE); + if (msg->attached_handles_.Length() > maxHandles) { MOZ_DIAGNOSTIC_CRASH("Too many file descriptors!"); CHROMIUM_LOG(FATAL) << "Too many file descriptors!"; // This should not be reached. ===================================== toolkit/actors/PictureInPictureChild.sys.mjs ===================================== @@ -191,7 +191,10 @@ export class PictureInPictureLauncherChild extends JSWindowActorChild { detail: { reason }, } ); - video.dispatchEvent(stopPipEvent); + this.contentWindow.windowUtils.dispatchEventToChromeOnly( + video, + stopPipEvent + ); return; } @@ -703,7 +706,7 @@ export class PictureInPictureToggleChild extends JSWindowActorChild { detail: { reason: "UrlBar", eventExtraKeys }, } ); - video.dispatchEvent(pipEvent); + this.contentWindow.windowUtils.dispatchEventToChromeOnly(video, pipEvent); } } @@ -1092,7 +1095,7 @@ export class PictureInPictureToggleChild extends JSWindowActorChild { detail: { reason: "Toggle" }, } ); - video.dispatchEvent(pipEvent); + this.contentWindow.windowUtils.dispatchEventToChromeOnly(video, pipEvent); // Since we've initiated Picture-in-Picture, we can go ahead and // hide the toggle now. ===================================== toolkit/components/pictureinpicture/tests/click-event-helper.js ===================================== @@ -2,13 +2,20 @@ http://creativecommons.org/publicdomain/zero/1.0/ */ /** - * This helper script is used to record mouse button events for - * Picture-in-Picture toggle click tests. Anytime the toggle is - * clicked, we expect none of the events to be fired. Otherwise, - * all events should be fired when clicking. + * This helper script is used to record events for Picture-in-Picture toggle + * click tests. Anytime the toggle is clicked, we expect none of the events to + * be fired. Otherwise, all (except MozTogglePictureInPicture) events should be + * fired when clicking on web content. */ -let eventTypes = ["pointerdown", "mousedown", "pointerup", "mouseup", "click"]; +let eventTypes = [ + "MozTogglePictureInPicture", + "pointerdown", + "mousedown", + "pointerup", + "mouseup", + "click", +]; for (let event of eventTypes) { addEventListener(event, recordEvent, { capture: true }); ===================================== toolkit/components/pictureinpicture/tests/head.js ===================================== @@ -139,7 +139,7 @@ async function triggerPictureInPicture(browser, videoID, triggerFn) { let event = new content.CustomEvent("MozTogglePictureInPicture", { bubbles: true, }); - video.dispatchEvent(event); + content.windowUtils.dispatchEventToChromeOnly(video, event); await ContentTaskUtils.waitForCondition(() => { return video.isCloningElementVisually; }, "Video is being cloned visually."); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/5be0cd… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/5be0cd… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] Bug 41612: Prepare Tor Browser 13.5.24
by morgan (＠morgan) 10 Nov '25

10 Nov '25

morgan pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: f7df634b by Morgan at 2025-11-10T10:27:46+00:00 Bug 41612: Prepare Tor Browser 13.5.24 - - - - - 5 changed files: - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/config - projects/firefox/config - projects/translation/config - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,14 @@ +Tor Browser 13.5.24 - November 11 2025 + * All Platforms + * Updated NoScript to 13.4 + * Bug 44270: Re-enable SHA1 for signing to match Firefox's TLS fingerprint [tor-browser] + * Bug 44320: Rebase Tor Browser legacy onto 115.30.0esr [tor-browser] + * Bug 44325: Backport Security Fixes from Firefox 145 [tor-browser] + * Bug 41609: Move back to CDN77 for default snowflake bridge [tor-browser-build] + * Build System + * All Platforms + * Bug 41603: Automate stand-alone legacy release deployment [tor-browser-build] + Tor Browser 13.5.23 - October 14 2025 * All Platforms * Updated Firefox to 115.29.0esr ===================================== projects/browser/config ===================================== @@ -103,9 +103,9 @@ input_files: enable: '[% ! c("var/android") %]' - filename: Bundle-Data enable: '[% ! c("var/android") %]' - - URL: https://addons.mozilla.org/firefox/downloads/file/4593796/noscript-13.2.1.x… + - URL: https://addons.mozilla.org/firefox/downloads/file/4609561/noscript-13.4.xpi name: noscript - sha256sum: 190297f3d1e55db0c65f9bc00460bea9b753939d428ea593d6cef27fde1ce69a + sha256sum: 9496d2bc785f2b6dff36a3d6f60fa1a70d7b9a1895bc738c30387c94cd945168 - URL: https://addons.mozilla.org/firefox/downloads/file/4359936/ublock_origin-1.6… name: ublock-origin sha256sum: e2cda9b2a1b0a7f6e5ef0da9f87f28df52f8560587ba2e51a3003121cfb81600 ===================================== projects/firefox/config ===================================== @@ -16,12 +16,12 @@ container: use_container: 1 var: - firefox_platform_version: 115.29.0 + firefox_platform_version: 115.30.0 firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '13.5' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 1 + browser_build: 2 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: 98613b882f468da022301d164e619c6083fd0055 + git_hash: df313475cfd9eba31009edca530803dd991264d7 targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: 29ad882c77961640cfe47caa172f544ce3b8bb1d + git_hash: 4fcb19da2c6b62bdd96828172162bea89ee3231e targets: nightly: git_hash: 'tor-browser' ===================================== rbm.conf ===================================== @@ -73,11 +73,11 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '13.5.23' + torbrowser_version: '13.5.24' torbrowser_build: 'build1' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. - browser_release_date: '2025/10/13 14:15:00' + browser_release_date: '2025/11/10 09:45:05' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' browser_platforms: # is_android_release and is_desktop_release are used to quickly @@ -115,9 +115,9 @@ var: updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: + - 13.5.23 - 13.5.22 - 13.5.21 - - 13.5.20 mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' # By default, we sort the list of installed packages. This allows sharing View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.30.0esr-13.5-1-build2
by ma1 (＠ma1) 10 Nov '25

10 Nov '25

ma1 pushed new tag tor-browser-115.30.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.30.0esr-13.5-1] 2 commits: Bug 1880634 - Use chrome-only dispatch for the MozTogglePictureInPicture event. r=niklas
by ma1 (＠ma1) 10 Nov '25

10 Nov '25

ma1 pushed to branch tor-browser-115.30.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 03212ecd by Mike Conley at 2025-11-10T09:19:58+01:00 Bug 1880634 - Use chrome-only dispatch for the MozTogglePictureInPicture event. r=niklas Differential Revision: https://phabricator.services.mozilla.com/D202063 - - - - - 0784b098 by Nika Layzell at 2025-11-10T11:13:28+01:00 Bug 1987977 - Add extra fd validation to ChannelPosix, r=ipc-reviewers,jld Every attached FD has a guaranteed 4 bytes of payload, so this check should be redundant unless a message payload is manually constructed or corrupted. Differential Revision: https://phabricator.services.mozilla.com/D265038 - - - - - 5 changed files: - browser/actors/ContextMenuChild.sys.mjs - ipc/chromium/src/chrome/common/ipc_channel_posix.cc - toolkit/actors/PictureInPictureChild.sys.mjs - toolkit/components/pictureinpicture/tests/click-event-helper.js - toolkit/components/pictureinpicture/tests/head.js Changes: ===================================== browser/actors/ContextMenuChild.sys.mjs ===================================== @@ -128,7 +128,10 @@ export class ContextMenuChild extends JSWindowActorChild { }, this.contentWindow ); - media.dispatchEvent(event); + this.contentWindow.windowUtils.dispatchEventToChromeOnly( + media, + event + ); break; } } ===================================== ipc/chromium/src/chrome/common/ipc_channel_posix.cc ===================================== @@ -479,8 +479,9 @@ bool Channel::ChannelImpl::ProcessIncomingMessages() { error = "Message needs unreceived descriptors"; } - if (m.header()->num_handles > - IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE) { + size_t maxHandles = std::min<size_t>( + m.size(), IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE); + if (m.header()->num_handles > maxHandles) { // There are too many descriptors in this message error = "Message requires an excessive number of descriptors"; } @@ -596,8 +597,9 @@ bool Channel::ChannelImpl::ProcessOutgoingMessages() { } #endif - if (msg->attached_handles_.Length() > - IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE) { + size_t maxHandles = std::min<size_t>( + msg->size(), IPC::Message::MAX_DESCRIPTORS_PER_MESSAGE); + if (msg->attached_handles_.Length() > maxHandles) { MOZ_DIAGNOSTIC_ASSERT(false, "Too many file descriptors!"); CHROMIUM_LOG(FATAL) << "Too many file descriptors!"; // This should not be reached. ===================================== toolkit/actors/PictureInPictureChild.sys.mjs ===================================== @@ -182,7 +182,10 @@ export class PictureInPictureLauncherChild extends JSWindowActorChild { detail: { reason }, } ); - video.dispatchEvent(stopPipEvent); + this.contentWindow.windowUtils.dispatchEventToChromeOnly( + video, + stopPipEvent + ); return; } @@ -673,7 +676,7 @@ export class PictureInPictureToggleChild extends JSWindowActorChild { detail: { reason: "urlBar" }, } ); - video.dispatchEvent(pipEvent); + this.contentWindow.windowUtils.dispatchEventToChromeOnly(video, pipEvent); } } @@ -1066,7 +1069,7 @@ export class PictureInPictureToggleChild extends JSWindowActorChild { detail: { reason: "toggle" }, } ); - video.dispatchEvent(pipEvent); + this.contentWindow.windowUtils.dispatchEventToChromeOnly(video, pipEvent); // Since we've initiated Picture-in-Picture, we can go ahead and // hide the toggle now. ===================================== toolkit/components/pictureinpicture/tests/click-event-helper.js ===================================== @@ -2,13 +2,20 @@ http://creativecommons.org/publicdomain/zero/1.0/ */ /** - * This helper script is used to record mouse button events for - * Picture-in-Picture toggle click tests. Anytime the toggle is - * clicked, we expect none of the events to be fired. Otherwise, - * all events should be fired when clicking. + * This helper script is used to record events for Picture-in-Picture toggle + * click tests. Anytime the toggle is clicked, we expect none of the events to + * be fired. Otherwise, all (except MozTogglePictureInPicture) events should be + * fired when clicking on web content. */ -let eventTypes = ["pointerdown", "mousedown", "pointerup", "mouseup", "click"]; +let eventTypes = [ + "MozTogglePictureInPicture", + "pointerdown", + "mousedown", + "pointerup", + "mouseup", + "click", +]; for (let event of eventTypes) { addEventListener(event, recordEvent, { capture: true }); ===================================== toolkit/components/pictureinpicture/tests/head.js ===================================== @@ -139,7 +139,7 @@ async function triggerPictureInPicture(browser, videoID, triggerFn) { let event = new content.CustomEvent("MozTogglePictureInPicture", { bubbles: true, }); - video.dispatchEvent(event); + content.windowUtils.dispatchEventToChromeOnly(video, event); await ContentTaskUtils.waitForCondition(() => { return video.isCloningElementVisually; }, "Video is being cloned visually."); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/9a75d0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/9a75d0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.30.0esr-13.5-1-build1
by Pier Angelo Vendrame (＠pierov) 10 Nov '25

10 Nov '25

Pier Angelo Vendrame pushed new tag tor-browser-115.30.0esr-13.5-1-build1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.5.0esr-15.0-1] Bug 1998435 - Do not reset the default zoom when clearing the FFP state. r=manuel
by Pier Angelo Vendrame (＠pierov) 10 Nov '25

10 Nov '25

Pier Angelo Vendrame pushed to branch mullvad-browser-140.5.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 0ce96cef by Pier Angelo Vendrame at 2025-11-10T10:49:23+01:00 Bug 1998435 - Do not reset the default zoom when clearing the FFP state. r=manuel Differential Revision: https://phabricator.services.mozilla.com/D271446 - - - - - 2 changed files: - browser/components/resistfingerprinting/test/browser/browser_bug1975753_site_specific_zoom_level.js - toolkit/components/cleardata/ClearDataService.sys.mjs Changes: ===================================== browser/components/resistfingerprinting/test/browser/browser_bug1975753_site_specific_zoom_level.js ===================================== @@ -3,10 +3,14 @@ const PATH_NET = TEST_PATH + "file_dummy.html"; const PATH_ORG = PATH_NET.replace("example.net", "example.org"); -add_task(async function () { +async function runTest(defaultZoom) { let tab1, tab1Zoom; tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, PATH_NET); + + tab1Zoom = ZoomManager.getZoomForBrowser(tab1.linkedBrowser); + is(tab1Zoom, defaultZoom, "We are starting with the default zoom."); + await FullZoom.setZoom(1.25, tab1.linkedBrowser); tab1Zoom = ZoomManager.getZoomForBrowser(tab1.linkedBrowser); @@ -46,7 +50,7 @@ add_task(async function () { is( tab1Zoom, - 1.0, + defaultZoom, "privacy.resistFingerprinting is true, site-specific zoom should be reset when clearing FPP state for tab1" ); @@ -55,4 +59,29 @@ add_task(async function () { BrowserTestUtils.removeTab(tab1); await SpecialPowers.popPrefEnv(); +} + +add_task(async function () { + await runTest(1.0); + + let defaultZoom = 1.5; + let context = Cu.createLoadContext(); + let cps2 = Cc["@mozilla.org/content-pref/service;1"].getService( + Ci.nsIContentPrefService2 + ); + let { promise, resolve, reject } = Promise.withResolvers(); + cps2.setGlobal(FullZoom.name, defaultZoom, context, { + handleError(error) { + reject(error); + }, + handleCompletion() { + resolve(); + }, + }); + await promise; + try { + await runTest(defaultZoom); + } finally { + cps2.removeGlobal(FullZoom.name, context); + } }); ===================================== toolkit/components/cleardata/ClearDataService.sys.mjs ===================================== @@ -415,11 +415,7 @@ const CookieBannerExecutedRecordCleaner = { // A cleaner for cleaning fingerprinting protection states. const FingerprintingProtectionStateCleaner = { - async _maybeClearSiteSpecificZoom( - deleteAll, - aSchemelessSite, - aOriginAttributes = {} - ) { + async _maybeClearSiteSpecificZoom(aSchemelessSite, aOriginAttributes = {}) { if ( !ChromeUtils.shouldResistFingerprinting("SiteSpecificZoom", null, true) ) { @@ -432,8 +428,24 @@ const FingerprintingProtectionStateCleaner = { const ZOOM_PREF_NAME = "browser.content.full-zoom"; await new Promise((aResolve, aReject) => { - if (deleteAll) { - cps2.removeByName(ZOOM_PREF_NAME, null, { + aOriginAttributes = + ChromeUtils.fillNonDefaultOriginAttributes(aOriginAttributes); + + let loadContext; + if ( + aOriginAttributes.privateBrowsingId == + Services.scriptSecurityManager.DEFAULT_PRIVATE_BROWSING_ID + ) { + loadContext = Cu.createLoadContext(); + } else { + loadContext = Cu.createPrivateLoadContext(); + } + + cps2.removeBySubdomainAndName( + aSchemelessSite, + ZOOM_PREF_NAME, + loadContext, + { handleCompletion: aReason => { if (aReason === cps2.COMPLETE_ERROR) { aReject(); @@ -441,50 +453,19 @@ const FingerprintingProtectionStateCleaner = { aResolve(); } }, - }); - } else { - aOriginAttributes = - ChromeUtils.fillNonDefaultOriginAttributes(aOriginAttributes); - - let loadContext; - if ( - aOriginAttributes.privateBrowsingId == - Services.scriptSecurityManager.DEFAULT_PRIVATE_BROWSING_ID - ) { - loadContext = Cu.createLoadContext(); - } else { - loadContext = Cu.createPrivateLoadContext(); } - - cps2.removeBySubdomainAndName( - aSchemelessSite, - ZOOM_PREF_NAME, - loadContext, - { - handleCompletion: aReason => { - if (aReason === cps2.COMPLETE_ERROR) { - aReject(); - } else { - aResolve(); - } - }, - } - ); - } + ); }); }, async deleteAll() { Services.rfp.cleanAllRandomKeys(); - - await this._maybeClearSiteSpecificZoom(true); }, async deleteByPrincipal(aPrincipal) { Services.rfp.cleanRandomKeyByPrincipal(aPrincipal); await this._maybeClearSiteSpecificZoom( - false, aPrincipal.host, aPrincipal.originAttributes ); @@ -497,7 +478,6 @@ const FingerprintingProtectionStateCleaner = { ); await this._maybeClearSiteSpecificZoom( - false, aSchemelessSite, aOriginAttributesPattern ); @@ -509,11 +489,7 @@ const FingerprintingProtectionStateCleaner = { JSON.stringify(aOriginAttributesPattern) ); - await this._maybeClearSiteSpecificZoom( - false, - aHost, - aOriginAttributesPattern - ); + await this._maybeClearSiteSpecificZoom(aHost, aOriginAttributesPattern); }, async deleteByOriginAttributes(aOriginAttributesString) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/0ce… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/0ce… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.5.0esr-15.0-1] Bug 1998435 - Do not reset the default zoom when clearing the FFP state. r=manuel
by Pier Angelo Vendrame (＠pierov) 10 Nov '25

10 Nov '25

Pier Angelo Vendrame pushed to branch base-browser-140.5.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 9ebdbd14 by Pier Angelo Vendrame at 2025-11-10T10:43:44+01:00 Bug 1998435 - Do not reset the default zoom when clearing the FFP state. r=manuel Differential Revision: https://phabricator.services.mozilla.com/D271446 - - - - - 2 changed files: - browser/components/resistfingerprinting/test/browser/browser_bug1975753_site_specific_zoom_level.js - toolkit/components/cleardata/ClearDataService.sys.mjs Changes: ===================================== browser/components/resistfingerprinting/test/browser/browser_bug1975753_site_specific_zoom_level.js ===================================== @@ -3,10 +3,14 @@ const PATH_NET = TEST_PATH + "file_dummy.html"; const PATH_ORG = PATH_NET.replace("example.net", "example.org"); -add_task(async function () { +async function runTest(defaultZoom) { let tab1, tab1Zoom; tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, PATH_NET); + + tab1Zoom = ZoomManager.getZoomForBrowser(tab1.linkedBrowser); + is(tab1Zoom, defaultZoom, "We are starting with the default zoom."); + await FullZoom.setZoom(1.25, tab1.linkedBrowser); tab1Zoom = ZoomManager.getZoomForBrowser(tab1.linkedBrowser); @@ -46,7 +50,7 @@ add_task(async function () { is( tab1Zoom, - 1.0, + defaultZoom, "privacy.resistFingerprinting is true, site-specific zoom should be reset when clearing FPP state for tab1" ); @@ -55,4 +59,29 @@ add_task(async function () { BrowserTestUtils.removeTab(tab1); await SpecialPowers.popPrefEnv(); +} + +add_task(async function () { + await runTest(1.0); + + let defaultZoom = 1.5; + let context = Cu.createLoadContext(); + let cps2 = Cc["@mozilla.org/content-pref/service;1"].getService( + Ci.nsIContentPrefService2 + ); + let { promise, resolve, reject } = Promise.withResolvers(); + cps2.setGlobal(FullZoom.name, defaultZoom, context, { + handleError(error) { + reject(error); + }, + handleCompletion() { + resolve(); + }, + }); + await promise; + try { + await runTest(defaultZoom); + } finally { + cps2.removeGlobal(FullZoom.name, context); + } }); ===================================== toolkit/components/cleardata/ClearDataService.sys.mjs ===================================== @@ -415,11 +415,7 @@ const CookieBannerExecutedRecordCleaner = { // A cleaner for cleaning fingerprinting protection states. const FingerprintingProtectionStateCleaner = { - async _maybeClearSiteSpecificZoom( - deleteAll, - aSchemelessSite, - aOriginAttributes = {} - ) { + async _maybeClearSiteSpecificZoom(aSchemelessSite, aOriginAttributes = {}) { if ( !ChromeUtils.shouldResistFingerprinting("SiteSpecificZoom", null, true) ) { @@ -432,8 +428,24 @@ const FingerprintingProtectionStateCleaner = { const ZOOM_PREF_NAME = "browser.content.full-zoom"; await new Promise((aResolve, aReject) => { - if (deleteAll) { - cps2.removeByName(ZOOM_PREF_NAME, null, { + aOriginAttributes = + ChromeUtils.fillNonDefaultOriginAttributes(aOriginAttributes); + + let loadContext; + if ( + aOriginAttributes.privateBrowsingId == + Services.scriptSecurityManager.DEFAULT_PRIVATE_BROWSING_ID + ) { + loadContext = Cu.createLoadContext(); + } else { + loadContext = Cu.createPrivateLoadContext(); + } + + cps2.removeBySubdomainAndName( + aSchemelessSite, + ZOOM_PREF_NAME, + loadContext, + { handleCompletion: aReason => { if (aReason === cps2.COMPLETE_ERROR) { aReject(); @@ -441,50 +453,19 @@ const FingerprintingProtectionStateCleaner = { aResolve(); } }, - }); - } else { - aOriginAttributes = - ChromeUtils.fillNonDefaultOriginAttributes(aOriginAttributes); - - let loadContext; - if ( - aOriginAttributes.privateBrowsingId == - Services.scriptSecurityManager.DEFAULT_PRIVATE_BROWSING_ID - ) { - loadContext = Cu.createLoadContext(); - } else { - loadContext = Cu.createPrivateLoadContext(); } - - cps2.removeBySubdomainAndName( - aSchemelessSite, - ZOOM_PREF_NAME, - loadContext, - { - handleCompletion: aReason => { - if (aReason === cps2.COMPLETE_ERROR) { - aReject(); - } else { - aResolve(); - } - }, - } - ); - } + ); }); }, async deleteAll() { Services.rfp.cleanAllRandomKeys(); - - await this._maybeClearSiteSpecificZoom(true); }, async deleteByPrincipal(aPrincipal) { Services.rfp.cleanRandomKeyByPrincipal(aPrincipal); await this._maybeClearSiteSpecificZoom( - false, aPrincipal.host, aPrincipal.originAttributes ); @@ -497,7 +478,6 @@ const FingerprintingProtectionStateCleaner = { ); await this._maybeClearSiteSpecificZoom( - false, aSchemelessSite, aOriginAttributesPattern ); @@ -509,11 +489,7 @@ const FingerprintingProtectionStateCleaner = { JSON.stringify(aOriginAttributesPattern) ); - await this._maybeClearSiteSpecificZoom( - false, - aHost, - aOriginAttributesPattern - ); + await this._maybeClearSiteSpecificZoom(aHost, aOriginAttributesPattern); }, async deleteByOriginAttributes(aOriginAttributesString) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9ebdbd1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9ebdbd1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.5.0esr-15.0-1] Bug 1998435 - Do not reset the default zoom when clearing the FFP state. r=manuel
by Pier Angelo Vendrame (＠pierov) 10 Nov '25

10 Nov '25

Pier Angelo Vendrame pushed to branch tor-browser-140.5.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 5be0cde4 by Pier Angelo Vendrame at 2025-11-08T15:01:19+01:00 Bug 1998435 - Do not reset the default zoom when clearing the FFP state. r=manuel Differential Revision: https://phabricator.services.mozilla.com/D271446 - - - - - 2 changed files: - browser/components/resistfingerprinting/test/browser/browser_bug1975753_site_specific_zoom_level.js - toolkit/components/cleardata/ClearDataService.sys.mjs Changes: ===================================== browser/components/resistfingerprinting/test/browser/browser_bug1975753_site_specific_zoom_level.js ===================================== @@ -3,10 +3,14 @@ const PATH_NET = TEST_PATH + "file_dummy.html"; const PATH_ORG = PATH_NET.replace("example.net", "example.org"); -add_task(async function () { +async function runTest(defaultZoom) { let tab1, tab1Zoom; tab1 = await BrowserTestUtils.openNewForegroundTab(gBrowser, PATH_NET); + + tab1Zoom = ZoomManager.getZoomForBrowser(tab1.linkedBrowser); + is(tab1Zoom, defaultZoom, "We are starting with the default zoom."); + await FullZoom.setZoom(1.25, tab1.linkedBrowser); tab1Zoom = ZoomManager.getZoomForBrowser(tab1.linkedBrowser); @@ -46,7 +50,7 @@ add_task(async function () { is( tab1Zoom, - 1.0, + defaultZoom, "privacy.resistFingerprinting is true, site-specific zoom should be reset when clearing FPP state for tab1" ); @@ -55,4 +59,29 @@ add_task(async function () { BrowserTestUtils.removeTab(tab1); await SpecialPowers.popPrefEnv(); +} + +add_task(async function () { + await runTest(1.0); + + let defaultZoom = 1.5; + let context = Cu.createLoadContext(); + let cps2 = Cc["@mozilla.org/content-pref/service;1"].getService( + Ci.nsIContentPrefService2 + ); + let { promise, resolve, reject } = Promise.withResolvers(); + cps2.setGlobal(FullZoom.name, defaultZoom, context, { + handleError(error) { + reject(error); + }, + handleCompletion() { + resolve(); + }, + }); + await promise; + try { + await runTest(defaultZoom); + } finally { + cps2.removeGlobal(FullZoom.name, context); + } }); ===================================== toolkit/components/cleardata/ClearDataService.sys.mjs ===================================== @@ -415,11 +415,7 @@ const CookieBannerExecutedRecordCleaner = { // A cleaner for cleaning fingerprinting protection states. const FingerprintingProtectionStateCleaner = { - async _maybeClearSiteSpecificZoom( - deleteAll, - aSchemelessSite, - aOriginAttributes = {} - ) { + async _maybeClearSiteSpecificZoom(aSchemelessSite, aOriginAttributes = {}) { if ( !ChromeUtils.shouldResistFingerprinting("SiteSpecificZoom", null, true) ) { @@ -432,8 +428,24 @@ const FingerprintingProtectionStateCleaner = { const ZOOM_PREF_NAME = "browser.content.full-zoom"; await new Promise((aResolve, aReject) => { - if (deleteAll) { - cps2.removeByName(ZOOM_PREF_NAME, null, { + aOriginAttributes = + ChromeUtils.fillNonDefaultOriginAttributes(aOriginAttributes); + + let loadContext; + if ( + aOriginAttributes.privateBrowsingId == + Services.scriptSecurityManager.DEFAULT_PRIVATE_BROWSING_ID + ) { + loadContext = Cu.createLoadContext(); + } else { + loadContext = Cu.createPrivateLoadContext(); + } + + cps2.removeBySubdomainAndName( + aSchemelessSite, + ZOOM_PREF_NAME, + loadContext, + { handleCompletion: aReason => { if (aReason === cps2.COMPLETE_ERROR) { aReject(); @@ -441,50 +453,19 @@ const FingerprintingProtectionStateCleaner = { aResolve(); } }, - }); - } else { - aOriginAttributes = - ChromeUtils.fillNonDefaultOriginAttributes(aOriginAttributes); - - let loadContext; - if ( - aOriginAttributes.privateBrowsingId == - Services.scriptSecurityManager.DEFAULT_PRIVATE_BROWSING_ID - ) { - loadContext = Cu.createLoadContext(); - } else { - loadContext = Cu.createPrivateLoadContext(); } - - cps2.removeBySubdomainAndName( - aSchemelessSite, - ZOOM_PREF_NAME, - loadContext, - { - handleCompletion: aReason => { - if (aReason === cps2.COMPLETE_ERROR) { - aReject(); - } else { - aResolve(); - } - }, - } - ); - } + ); }); }, async deleteAll() { Services.rfp.cleanAllRandomKeys(); - - await this._maybeClearSiteSpecificZoom(true); }, async deleteByPrincipal(aPrincipal) { Services.rfp.cleanRandomKeyByPrincipal(aPrincipal); await this._maybeClearSiteSpecificZoom( - false, aPrincipal.host, aPrincipal.originAttributes ); @@ -497,7 +478,6 @@ const FingerprintingProtectionStateCleaner = { ); await this._maybeClearSiteSpecificZoom( - false, aSchemelessSite, aOriginAttributesPattern ); @@ -509,11 +489,7 @@ const FingerprintingProtectionStateCleaner = { JSON.stringify(aOriginAttributesPattern) ); - await this._maybeClearSiteSpecificZoom( - false, - aHost, - aOriginAttributesPattern - ); + await this._maybeClearSiteSpecificZoom(aHost, aOriginAttributesPattern); }, async deleteByOriginAttributes(aOriginAttributesString) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5be0cde… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5be0cde… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 41628: Make NDK terminology consistent with source.properties.
by Pier Angelo Vendrame (＠pierov) 06 Nov '25

06 Nov '25

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 5833d59b by Pier Angelo Vendrame at 2025-11-06T10:07:42+01:00 Bug 41628: Make NDK terminology consistent with source.properties. Group NDK version and revision under release_name, and use revision for the actual revision, which we used to call version_build. This improves consistency and will help with future automation. - - - - - 3 changed files: - projects/android-toolchain/build - projects/android-toolchain/config - projects/geckoview/list_toolchain_updates_checks Changes: ===================================== projects/android-toolchain/build ===================================== @@ -15,7 +15,7 @@ mv cmdline-tools/cmdline-tools cmdline-tools/[% c("var/commandlinetools_version_ # NDK mkdir ndk unzip -qq $rootdir/[% c("input_files_by_name/android_ndk_compiler")%] -d ndk -ln -s android-ndk-r[% c("var/android_ndk_version") %][% c("var/android_ndk_revision") %] ndk/[% c("var/android_ndk_version_build") %] +ln -s android-ndk-r[% c("var/android_ndk_release_name") %] ndk/[% c("var/android_ndk_revision") %] # Build tools mkdir build-tools ===================================== projects/android-toolchain/config ===================================== @@ -14,10 +14,10 @@ var: # But an NDK is more than 1.5GB, so it does not make sense to copy one that # is not even used in all containers. Instead, we download the additional # NDK only in application-services, and adjust the other variables here. - [% IF c("ndk_version") -%] - export ANDROID_NDK_HOME=$ANDROID_HOME/ndk/android-ndk-r[% c("ndk_version") %] + [% IF c("ndk_release") -%] + export ANDROID_NDK_HOME=$ANDROID_HOME/ndk/android-ndk-r[% c("ndk_release") %] [% ELSE -%] - export ANDROID_NDK_HOME=$ANDROID_HOME/ndk/android-ndk-r[% c("var/android_ndk_version") %][% c('var/android_ndk_revision') %] + export ANDROID_NDK_HOME=$ANDROID_HOME/ndk/android-ndk-r[% c("var/android_ndk_release_name") %] [% END -%] export ANDROID_NDK_ROOT=$ANDROID_NDK_HOME export NDK_HOST_TAG=linux-x86_64 @@ -32,9 +32,8 @@ var: android_api_level: 36 android_release_dir: android-16 android_platform_revision: '01' - android_ndk_version: 28 - android_ndk_revision: b - android_ndk_version_build: 28.1.13356709 + android_ndk_release_name: 28b + android_ndk_revision: 28.1.13356709 # We need the following two variables for get_build_tools, used by signing # scripts. build_tools_version: 36 @@ -47,7 +46,7 @@ input_files: - URL: '[% c("var/google_repo") %]/commandlinetools-linux-[% c("var/commandlinetools_version") %]_latest.zip' name: android_commandlinetools sha256sum: 7ec965280a073311c339e571cd5de778b9975026cfcbe79f2b1cdcb1e15317ee - - URL: '[% c("var/google_repo") %]/android-ndk-r[% c("var/android_ndk_version") %][% c("var/android_ndk_revision") %]-linux.zip' + - URL: '[% c("var/google_repo") %]/android-ndk-r[% c("var/android_ndk_release_name") %]-linux.zip' name: android_ndk_compiler sha256sum: e9f2759862cecfd48c20bbb7d8cfedbb020f4d91b5f78d9a2fc106f7db3c27ed - URL: '[% c("var/google_repo") %]/[% c("var/build_tools_filename") %]' ===================================== projects/geckoview/list_toolchain_updates_checks ===================================== @@ -10,8 +10,8 @@ if (m/^\\s*NDK_VERSION\\s*=\\s*"(.+)"/) { } EOF needed=$(cat python/mozboot/mozboot/android.py | perl -ne "$p") -current='r[% pc("android-toolchain", "var/android_ndk_version") %][% pc("android-toolchain", "var/android_ndk_revision") %]' -check_update_needed ndk_version "$needed" "$current" +current='r[% pc("android-toolchain", "var/android_ndk_release_name") %] +check_update_needed ndk_release_name "$needed" "$current" # build_tools View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.5.0esr-15.0-1] fixup! [android] Disable features and functionality
by Dan Ballard (＠dan) 05 Nov '25

05 Nov '25

Dan Ballard pushed to branch tor-browser-140.5.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 111978d4 by clairehurst at 2025-11-05T13:43:13-07:00 fixup! [android] Disable features and functionality - - - - - 1 changed file: - mobile/android/fenix/app/src/main/java/org/mozilla/fenix/components/toolbar/DefaultToolbarMenu.kt Changes: ===================================== mobile/android/fenix/app/src/main/java/org/mozilla/fenix/components/toolbar/DefaultToolbarMenu.kt ===================================== @@ -201,11 +201,9 @@ open class DefaultToolbarMenu( */ @VisibleForTesting(otherwise = PRIVATE) fun shouldShowTranslations(): Boolean { - val isEngineSupported = store.state.translationEngine.isEngineSupported - return selectedSession?.let { - isEngineSupported == true && - FxNimbus.features.translations.value().mainFlowBrowserMenuEnabled - } ?: false + // We need this because in FxNimbus.kt, mainFlowToolbarEnabled defaults to true + // ```mainFlowToolbarEnabled: Boolean = true``` + return false // bug_44304 Hide broken translat page action. } /** View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/111978d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/111978d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.5.0esr-15.0-1] 2 commits: fixup! BB 43525: Skip Remote Settings for search engine customization.
by Pier Angelo Vendrame (＠pierov) 05 Nov '25

05 Nov '25

Pier Angelo Vendrame pushed to branch mullvad-browser-140.5.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 6f34e2ae by Pier Angelo Vendrame at 2025-11-05T17:53:58+01:00 fixup! BB 43525: Skip Remote Settings for search engine customization. MB 483: Ship DDG without AI as a bundled search engine. MB 487: Use custom order for search engines. - - - - - 7b854cf2 by Pier Angelo Vendrame at 2025-11-05T17:53:59+01:00 fixup! MB 213: Customize the search engines list. MB 487: Use custom order for search engines. - - - - - 3 changed files: - toolkit/components/search/content/base-browser-search-engine-icons.json - toolkit/components/search/content/base-browser-search-engines.json - toolkit/components/search/tests/xpcshell/test_base_browser.js Changes: ===================================== toolkit/components/search/content/base-browser-search-engine-icons.json ===================================== @@ -1,15 +1,18 @@ { + "mullvad-leta": [ + { + "url": "chrome://global/content/search/mullvad-leta.svg", + "imageSize": 16 + } + ], "ddg": [ { "url": "chrome://global/content/search/duckduckgo.ico", "imageSize": 32 } ], "ddg-html": [ { "url": "chrome://global/content/search/duckduckgo.ico", "imageSize": 32 } ], - "mullvad-leta": [ - { - "url": "chrome://global/content/search/mullvad-leta.svg", - "imageSize": 16 - } + "ddg-noai": [ + { "url": "chrome://global/content/search/duckduckgo.ico", "imageSize": 32 } ], "mojeek": [ { "url": "chrome://global/content/search/mojeek.ico", "imageSize": 32 } ===================================== toolkit/components/search/content/base-browser-search-engines.json ===================================== @@ -53,6 +53,24 @@ "recordType": "engine", "variants": [{ "environment": { "allRegionsAndLocales": true } }] }, + { + "base": { + "aliases": ["ddgnoai"], + "classification": "general", + "name": "DuckDuckGo (no AI)", + "urls": { + "search": { + "base": "https://noai.duckduckgo.com/", + "params": [], + "searchTermParamName": "q" + } + } + }, + "id": "91687f02-56dd-4fef-ba26-bf139dff3166", + "identifier": "ddg-noai", + "recordType": "engine", + "variants": [{ "environment": { "allRegionsAndLocales": true } }] + }, { "base": { "aliases": ["mojeek", "mj"], @@ -111,5 +129,22 @@ "recordType": "defaultEngines", "globalDefault": "mullvad-leta", "globalDefaultPrivate": "mullvad-leta" + }, + { + "recordType": "engineOrders", + "orders": [ + { + "environment": { "allRegionsAndLocales": true }, + "order": [ + "mullvad-leta", + "ddg", + "ddg-html", + "ddg-noai", + "mojeek", + "brave", + "startpage" + ] + } + ] } ] ===================================== toolkit/components/search/tests/xpcshell/test_base_browser.js ===================================== @@ -4,19 +4,22 @@ /** * This tests the SearchService to check our override of the remote settings is * working as expected. + * + * When adding new engines, it should be enough to change expectedURLs below. */ "use strict"; const expectedURLs = { - leta: "https://leta.mullvad.net/?q=test", - ddg: "https://duckduckgo.com/html/?q=test", - "ddg-html": "https://html.duckduckgo.com/html?q=test", + "mullvad-leta": "https://leta.mullvad.net/?q=test", + ddg: "https://duckduckgo.com/?q=test", + "ddg-html": "https://html.duckduckgo.com/html/?q=test", + "ddg-noai": "https://noai.duckduckgo.com/?q=test", mojeek: "https://www.mojeek.com/search?q=test", brave: "https://search.brave.com/search?q=test", startpage: "https://www.startpage.com/sp/search?q=test", }; -const defaultEngine = "leta"; +const defaultEngine = "mullvad-leta"; add_setup(async function setup() { await Services.search.init(); @@ -49,3 +52,11 @@ add_task(function test_checkSearchURLs() { Assert.equal(foundUrl, url, `The URL of ${engine.name} is not altered.`); } }); + +add_task(async function test_iconsDoesNotFail() { + for (const id of Object.keys(expectedURLs)) { + const engine = Services.search.getEngineById(id); + // No need to assert anything, as in case of error this method should throw. + await engine.getIconURL(); + } +}); View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/95… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/95… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.5.0esr-15.0-1] fixup! Tweaks to the build system
by brizental (＠brizental) 05 Nov '25

05 Nov '25

brizental pushed to branch mullvad-browser-140.5.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 9506df04 by Beatriz Rizental at 2025-11-05T17:10:43+01:00 fixup! Tweaks to the build system Skip downloading WPT artifacts when generating test artifacts. - - - - - 1 changed file: - testing/testsuite-targets.mk Changes: ===================================== testing/testsuite-targets.mk ===================================== @@ -154,7 +154,7 @@ download-wpt-manifest: $(call py_action,download_wpt_manifest) define package_archive -package-tests-$(1): stage-all package-tests-prepare-dest download-wpt-manifest +package-tests-$(1): stage-all package-tests-prepare-dest $$(call py_action,test_archive, \ $(1) \ '$$(abspath $$(test_archive_dir))/$$(PKG_BASENAME).$(1).tests.$(2)') View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/950… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/950… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.5.0esr-15.0-1] fixup! Tweaks to the build system
by brizental (＠brizental) 05 Nov '25

05 Nov '25

brizental pushed to branch base-browser-140.5.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: e4b2f98a by Beatriz Rizental at 2025-11-05T17:09:42+01:00 fixup! Tweaks to the build system Skip downloading WPT artifacts when generating test artifacts. - - - - - 1 changed file: - testing/testsuite-targets.mk Changes: ===================================== testing/testsuite-targets.mk ===================================== @@ -154,7 +154,7 @@ download-wpt-manifest: $(call py_action,download_wpt_manifest) define package_archive -package-tests-$(1): stage-all package-tests-prepare-dest download-wpt-manifest +package-tests-$(1): stage-all package-tests-prepare-dest $$(call py_action,test_archive, \ $(1) \ '$$(abspath $$(test_archive_dir))/$$(PKG_BASENAME).$(1).tests.$(2)') View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e4b2f98… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e4b2f98… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.5.0esr-15.0-1] fixup! Tweaks to the build system
by brizental (＠brizental) 05 Nov '25

05 Nov '25

brizental pushed to branch tor-browser-140.5.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 16950ee0 by Beatriz Rizental at 2025-11-05T17:01:10+01:00 fixup! Tweaks to the build system Skip downloading WPT artifacts when generating test artifacts. - - - - - 1 changed file: - testing/testsuite-targets.mk Changes: ===================================== testing/testsuite-targets.mk ===================================== @@ -154,7 +154,7 @@ download-wpt-manifest: $(call py_action,download_wpt_manifest) define package_archive -package-tests-$(1): stage-all package-tests-prepare-dest download-wpt-manifest +package-tests-$(1): stage-all package-tests-prepare-dest $$(call py_action,test_archive, \ $(1) \ '$$(abspath $$(test_archive_dir))/$$(PKG_BASENAME).$(1).tests.$(2)') View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/16950ee… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/16950ee… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.5.0esr-15.0-1] fixup! BB 43525: Skip Remote Settings for search engine customization.
by Pier Angelo Vendrame (＠pierov) 05 Nov '25

05 Nov '25

Pier Angelo Vendrame pushed to branch base-browser-140.5.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 31d6da1b by Pier Angelo Vendrame at 2025-11-05T16:45:30+01:00 fixup! BB 43525: Skip Remote Settings for search engine customization. MB 483: Ship DDG without AI as a bundled search engine. MB 487: Use custom order for search engines. - - - - - 3 changed files: - toolkit/components/search/content/base-browser-search-engine-icons.json - toolkit/components/search/content/base-browser-search-engines.json - toolkit/components/search/tests/xpcshell/test_base_browser.js Changes: ===================================== toolkit/components/search/content/base-browser-search-engine-icons.json ===================================== @@ -2,6 +2,9 @@ "ddg": [ { "url": "chrome://global/content/search/duckduckgo.ico", "imageSize": 32 } ], + "ddg-noai": [ + { "url": "chrome://global/content/search/duckduckgo.ico", "imageSize": 32 } + ], "startpage": [ { "url": "chrome://global/content/search/startpage-16.png", ===================================== toolkit/components/search/content/base-browser-search-engines.json ===================================== @@ -17,6 +17,24 @@ "recordType": "engine", "variants": [{ "environment": { "allRegionsAndLocales": true } }] }, + { + "base": { + "aliases": ["ddgnoai"], + "classification": "general", + "name": "DuckDuckGo (no AI)", + "urls": { + "search": { + "base": "https://noai.duckduckgo.com/", + "params": [], + "searchTermParamName": "q" + } + } + }, + "id": "91687f02-56dd-4fef-ba26-bf139dff3166", + "identifier": "ddg-noai", + "recordType": "engine", + "variants": [{ "environment": { "allRegionsAndLocales": true } }] + }, { "base": { "aliases": ["startpage", "sp"], @@ -39,5 +57,18 @@ "recordType": "defaultEngines", "globalDefault": "ddg", "globalDefaultPrivate": "ddg" + }, + { + "recordType": "engineOrders", + "orders": [ + { + "environment": { "allRegionsAndLocales": true }, + "order": [ + "ddg", + "ddg-noai", + "startpage" + ] + } + ] } ] ===================================== toolkit/components/search/tests/xpcshell/test_base_browser.js ===================================== @@ -4,12 +4,15 @@ /** * This tests the SearchService to check our override of the remote settings is * working as expected. + * + * When adding new engines, it should be enough to change expectedURLs below. */ "use strict"; const expectedURLs = { ddg: "https://duckduckgo.com/?q=test", + "ddg-noai": "https://noai.duckduckgo.com/?q=test", startpage: "https://www.startpage.com/sp/search?q=test", }; const defaultEngine = "ddg"; @@ -45,3 +48,11 @@ add_task(function test_checkSearchURLs() { Assert.equal(foundUrl, url, `The URL of ${engine.name} is not altered.`); } }); + +add_task(async function test_iconsDoesNotFail() { + for (const id of Object.keys(expectedURLs)) { + const engine = Services.search.getEngineById(id); + // No need to assert anything, as in case of error this method should throw. + await engine.getIconURL(); + } +}); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/31d6da1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/31d6da1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bump Firefox version to 140.5.0esr for nightly builds
by Pier Angelo Vendrame (＠pierov) 05 Nov '25

05 Nov '25

Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 62d27a19 by Pier Angelo Vendrame at 2025-11-05T16:41:41+01:00 Bump Firefox version to 140.5.0esr for nightly builds - - - - - 2 changed files: - projects/firefox/config - projects/geckoview/config Changes: ===================================== projects/firefox/config ===================================== @@ -16,12 +16,12 @@ container: use_container: 1 var: - firefox_platform_version: '140.4.0' + firefox_platform_version: '140.5.0' firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '15.0' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 2 + browser_build: 1 copyright_year: '[% exec("git show -s --format=%ci " _ c("git_hash") _ "^{commit}", { exec_noco => 1 }).remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser ===================================== projects/geckoview/config ===================================== @@ -18,12 +18,12 @@ container: build_apk: 1 var: - firefox_platform_version: '140.4.0' + firefox_platform_version: '140.5.0' geckoview_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '15.0' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 2 + browser_build: 1 gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse " _ c("git_hash") _ "^{commit}", { exec_noco => 1 }) %]' deps: View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.5.0esr-15.0-1] 2 commits: fixup! BB 43525: Skip Remote Settings for search engine customization.
by Pier Angelo Vendrame (＠pierov) 05 Nov '25

05 Nov '25

Pier Angelo Vendrame pushed to branch tor-browser-140.5.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 30a4fd84 by Pier Angelo Vendrame at 2025-11-05T16:17:44+01:00 fixup! BB 43525: Skip Remote Settings for search engine customization. MB 483: Ship DDG without AI as a bundled search engine. MB 487: Use custom order for search engines. - - - - - eabb9ec1 by Pier Angelo Vendrame at 2025-11-05T16:17:45+01:00 fixup! TB 42891: Set the bundled search engine for Tor Browser. MB 487: Use custom order for search engines. - - - - - 3 changed files: - toolkit/components/search/content/base-browser-search-engine-icons.json - toolkit/components/search/content/base-browser-search-engines.json - toolkit/components/search/tests/xpcshell/test_base_browser.js Changes: ===================================== toolkit/components/search/content/base-browser-search-engine-icons.json ===================================== @@ -2,6 +2,9 @@ "ddg": [ { "url": "chrome://global/content/search/duckduckgo.ico", "imageSize": 32 } ], + "ddg-noai": [ + { "url": "chrome://global/content/search/duckduckgo.ico", "imageSize": 32 } + ], "ddg-onion": [ { "url": "chrome://global/content/search/duckduckgo.ico", "imageSize": 32 } ], ===================================== toolkit/components/search/content/base-browser-search-engines.json ===================================== @@ -17,6 +17,24 @@ "recordType": "engine", "variants": [{ "environment": { "allRegionsAndLocales": true } }] }, + { + "base": { + "aliases": ["ddgnoai"], + "classification": "general", + "name": "DuckDuckGo (no AI)", + "urls": { + "search": { + "base": "https://noai.duckduckgo.com/", + "params": [], + "searchTermParamName": "q" + } + } + }, + "id": "91687f02-56dd-4fef-ba26-bf139dff3166", + "identifier": "ddg-noai", + "recordType": "engine", + "variants": [{ "environment": { "allRegionsAndLocales": true } }] + }, { "base": { "aliases": ["ddgonion"], @@ -93,5 +111,21 @@ "recordType": "defaultEngines", "globalDefault": "ddg", "globalDefaultPrivate": "ddg" + }, + { + "recordType": "engineOrders", + "orders": [ + { + "environment": { "allRegionsAndLocales": true }, + "order": [ + "ddg", + "ddg-noai", + "ddg-onion", + "startpage", + "startpage-onion", + "wikipedia" + ] + } + ] } ] ===================================== toolkit/components/search/tests/xpcshell/test_base_browser.js ===================================== @@ -4,12 +4,15 @@ /** * This tests the SearchService to check our override of the remote settings is * working as expected. + * + * When adding new engines, it should be enough to change expectedURLs below. */ "use strict"; const expectedURLs = { ddg: "https://duckduckgo.com/?q=test", + "ddg-noai": "https://noai.duckduckgo.com/?q=test", "ddg-onion": "https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/?q=t…", startpage: "https://www.startpage.com/sp/search?q=test", @@ -50,3 +53,11 @@ add_task(function test_checkSearchURLs() { Assert.equal(foundUrl, url, `The URL of ${engine.name} is not altered.`); } }); + +add_task(async function test_iconsDoesNotFail() { + for (const id of Object.keys(expectedURLs)) { + const engine = Services.search.getEngineById(id); + // No need to assert anything, as in case of error this method should throw. + await engine.getIconURL(); + } +}); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/4edeee… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/4edeee… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-140.5.0esr-15.0-1-build1
by Pier Angelo Vendrame (＠pierov) 05 Nov '25

05 Nov '25

Pier Angelo Vendrame pushed new tag mullvad-browser-140.5.0esr-15.0-1-build1 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.5.0esr-15.0-1] 23 commits: Add CI for Mullvad Browser
by Pier Angelo Vendrame (＠pierov) 05 Nov '25

05 Nov '25

Pier Angelo Vendrame pushed to branch mullvad-browser-140.5.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: b8682af8 by Henry Wilkes at 2025-11-05T15:56:52+01:00 Add CI for Mullvad Browser - - - - - cce20cfe by Pier Angelo Vendrame at 2025-11-05T15:56:52+01:00 MB 38: Mullvad Browser configuration - - - - - a8c21922 by Pier Angelo Vendrame at 2025-11-05T15:56:53+01:00 MB 1: Mullvad Browser branding See also: mullvad-browser#5: Product name and directory customization mullvad-browser#12: Create new branding directories and integrate Mullvad icons+branding mullvad-browser#14: Remove Default Built-in bookmarks mullvad-browser#35: Add custom PDF icons for Windows builds mullvad-browser#48: Replace Mozilla copyright and legal trademarks in mullvadbrowser.exe metadata mullvad-browser#51: Update trademark string mullvad-browser#104: Update shipped dll metadata copyright/licensing info mullvad-browser#107: Add alpha and nightly icons - - - - - cfc56e35 by Henry Wilkes at 2025-11-05T15:56:54+01:00 Mullvad Browser strings This commit adds strings needed by the following Mullvad Browser patches. - - - - - 583018f5 by Pier Angelo Vendrame at 2025-11-05T15:56:54+01:00 MB 20: Allow packaged-addons in PBM. We install a few addons from the distribution directory, but they are not automatically enabled for PBM mode. This commit modifies the code that installs them to also add the PBM permission to the known ones. - - - - - e8312050 by Pier Angelo Vendrame at 2025-11-05T15:56:55+01:00 MB 63: Customize some about pages for Mullvad Browser Also: mullvad-browser#57: Purge unneeded about: pages - - - - - c988f395 by Pier Angelo Vendrame at 2025-11-05T15:56:55+01:00 MB 37: Customization for the about dialog - - - - - 097949e0 by Henry Wilkes at 2025-11-05T15:56:56+01:00 MB 39: Add home page about:mullvad-browser - - - - - 2ac45c22 by hackademix at 2025-11-05T15:56:57+01:00 MB 97: Remove UI cues to install new extensions. - - - - - 126ea103 by hackademix at 2025-11-05T15:56:57+01:00 MB 47: uBlock Origin customization - - - - - 0e056a98 by Pier Angelo Vendrame at 2025-11-05T15:56:58+01:00 MB 21: Disable the password manager This commit disables the about:login page and removes the "Login and Password" section of about:preferences. We do not do anything to the real password manager of Firefox, that is in toolkit: it contains C++ parts that make it difficult to actually prevent it from being built.. Finally, we modify the the function that opens about:login to report an error in the console so that we can quickly get a backtrace to the code that tries to use it. - - - - - fd1c08f8 by Pier Angelo Vendrame at 2025-11-05T15:56:58+01:00 MB 112: Updater customization for Mullvad Browser MB 71: Set the updater base URL to Mullvad domain - - - - - 62f08fc8 by Nicolas Vigier at 2025-11-05T15:56:59+01:00 MB 79: Add Mullvad Browser MAR signing keys MB 256: Add mullvad-browser nightly mar signing key - - - - - 4bc3f00f by Pier Angelo Vendrame at 2025-11-05T15:56:59+01:00 MB 34: Hide unsafe and unwanted preferences UI about:preferences allow to override some of our defaults, that could be fingeprintable or have some other unwanted consequences. - - - - - 810e0223 by Pier Angelo Vendrame at 2025-11-05T15:57:00+01:00 MB 160: Disable the cookie exceptions button Besides disabling the "Delete on close checkbox", disable also the "Manage Exceptions" button when always using PBM. - - - - - abf26960 by hackademix at 2025-11-05T15:57:00+01:00 MB 163: prevent uBlock Origin from being uninstalled/disabled - - - - - 05f0276e by Richard Pospesel at 2025-11-05T15:57:00+01:00 MB 188: Customize Gitlab Issue and Merge templates - - - - - fd14692d by rui hildt at 2025-11-05T15:57:01+01:00 MB 213: Customize the search engines list. - - - - - ff634f28 by hackademix at 2025-11-05T15:57:01+01:00 MB 214: Enable cross-tab identity leak protection in "quiet" mode - - - - - 8f4b7bb5 by Pier Angelo Vendrame at 2025-11-05T15:57:01+01:00 MB 80: Enable Mullvad Browser as a default browser - - - - - 4d04d13a by Pier Angelo Vendrame at 2025-11-05T15:57:02+01:00 MB 320: Temporarily disable WebRTC and WDBA on Windows. WebRTC should be re-enabled when tor-browser#42758 is resolved, and and the default browser agent when in general we make this feature work again. - - - - - 8a63f06f by Henry Wilkes at 2025-11-05T15:57:02+01:00 MB 329: Customize toolbar for mullvad-browser. - - - - - 61f616f3 by Henry Wilkes at 2025-11-05T15:57:03+01:00 MB 419: Mullvad Browser migration procedures. This commit implements the the Mullvad Browser's version of _migrateUI. - - - - - 251 changed files: - .gitlab/ci/jobs/update-translations.yml - .gitlab/issue_templates/000 Bug Report.md - .gitlab/issue_templates/010 Proposal.md - .gitlab/issue_templates/020 Web Compatibility.md - .gitlab/issue_templates/030 Test.md - .gitlab/issue_templates/040 Feature.md - .gitlab/issue_templates/060 Rebase - Alpha.md - .gitlab/issue_templates/061 Rebase - Stable.md - .gitlab/issue_templates/063 Rebase - Rapid.md - .gitlab/issue_templates/090 Emergency Security Issue.md - .gitlab/merge_request_templates/Default.md - + .gitlab/merge_request_templates/Rebase.md - browser/app/Makefile.in - browser/app/macbuild/Contents/Info.plist.in - browser/app/module.ver - browser/app/firefox.exe.manifest → browser/app/mullvadbrowser.exe.manifest - + browser/app/profile/000-mullvad-browser.js - browser/app/profile/001-base-profile.js - browser/base/content/aboutDialog.xhtml - browser/base/content/appmenu-viewcache.inc.xhtml - browser/base/content/browser-menubar.inc - browser/base/content/browser-places.js - browser/base/content/browser.js - browser/base/content/default-bookmarks.html - browser/base/content/nsContextMenu.sys.mjs - browser/base/content/overrides/app-license.html - browser/base/content/pageinfo/pageInfo.xhtml - browser/base/content/utilityOverlay.js - browser/branding/branding-common.mozbuild - + browser/branding/mb-alpha/VisualElements_150.png - + browser/branding/mb-alpha/VisualElements_70.png - + browser/branding/mb-alpha/configure.sh - + browser/branding/mb-alpha/content/about-logo.png - + browser/branding/mb-alpha/content/about-logo.svg - + browser/branding/mb-alpha/content/about-logo(a)2x.png - + browser/branding/mb-alpha/content/about-wordmark.svg - + browser/branding/mb-alpha/content/about.png - + browser/branding/mb-alpha/content/aboutDialog.css - + browser/branding/mb-alpha/content/document_pdf.svg - + browser/branding/mb-alpha/content/firefox-wordmark.svg - + browser/branding/mb-alpha/content/icon128.png - + browser/branding/mb-alpha/content/icon16.png - + browser/branding/mb-alpha/content/icon256.png - + browser/branding/mb-alpha/content/icon32.png - + browser/branding/mb-alpha/content/icon48.png - + browser/branding/mb-alpha/content/icon64.png - + browser/branding/mb-alpha/content/jar.mn - + browser/branding/mb-alpha/content/moz.build - + browser/branding/mb-alpha/content/mullvad-branding.css - + browser/branding/mb-alpha/default128.png - + browser/branding/mb-alpha/default16.png - + browser/branding/mb-alpha/default22.png - + browser/branding/mb-alpha/default24.png - + browser/branding/mb-alpha/default256.png - + browser/branding/mb-alpha/default32.png - + browser/branding/mb-alpha/default48.png - + browser/branding/mb-alpha/default64.png - + browser/branding/mb-alpha/document.icns - + browser/branding/mb-alpha/document.ico - + browser/branding/mb-alpha/document_pdf.ico - + browser/branding/mb-alpha/firefox.icns - + browser/branding/mb-alpha/firefox.ico - + browser/branding/mb-alpha/firefox.svg - + browser/branding/mb-alpha/locales/en-US/brand.ftl - + browser/branding/mb-alpha/locales/en-US/brand.properties - + browser/branding/mb-alpha/locales/jar.mn - + browser/branding/mb-alpha/locales/moz.build - + browser/branding/mb-alpha/locales/mullvad-about-wordmark-en.ftl - + browser/branding/mb-alpha/moz.build - + browser/branding/mb-alpha/mullvadbrowser.VisualElementsManifest.xml - + browser/branding/mb-alpha/newtab.ico - + browser/branding/mb-alpha/newwindow.ico - + browser/branding/mb-alpha/pbmode.ico - + browser/branding/mb-alpha/pref/firefox-branding.js - + browser/branding/mb-nightly/VisualElements_150.png - + browser/branding/mb-nightly/VisualElements_70.png - + browser/branding/mb-nightly/configure.sh - + browser/branding/mb-nightly/content/about-logo.png - + browser/branding/mb-nightly/content/about-logo.svg - + browser/branding/mb-nightly/content/about-logo(a)2x.png - + browser/branding/mb-nightly/content/about-wordmark.svg - + browser/branding/mb-nightly/content/about.png - + browser/branding/mb-nightly/content/aboutDialog.css - + browser/branding/mb-nightly/content/document_pdf.svg - + browser/branding/mb-nightly/content/firefox-wordmark.svg - + browser/branding/mb-nightly/content/icon128.png - + browser/branding/mb-nightly/content/icon16.png - + browser/branding/mb-nightly/content/icon256.png - + browser/branding/mb-nightly/content/icon32.png - + browser/branding/mb-nightly/content/icon48.png - + browser/branding/mb-nightly/content/icon64.png - + browser/branding/mb-nightly/content/jar.mn - + browser/branding/mb-nightly/content/moz.build - + browser/branding/mb-nightly/content/mullvad-branding.css - + browser/branding/mb-nightly/default128.png - + browser/branding/mb-nightly/default16.png - + browser/branding/mb-nightly/default22.png - + browser/branding/mb-nightly/default24.png - + browser/branding/mb-nightly/default256.png - + browser/branding/mb-nightly/default32.png - + browser/branding/mb-nightly/default48.png - + browser/branding/mb-nightly/default64.png - + browser/branding/mb-nightly/document.icns - + browser/branding/mb-nightly/document.ico - + browser/branding/mb-nightly/document_pdf.ico - + browser/branding/mb-nightly/firefox.icns - + browser/branding/mb-nightly/firefox.ico - + browser/branding/mb-nightly/firefox.svg - + browser/branding/mb-nightly/locales/en-US/brand.ftl - + browser/branding/mb-nightly/locales/en-US/brand.properties - + browser/branding/mb-nightly/locales/jar.mn - + browser/branding/mb-nightly/locales/moz.build - + browser/branding/mb-nightly/locales/mullvad-about-wordmark-en.ftl - + browser/branding/mb-nightly/moz.build - + browser/branding/mb-nightly/mullvadbrowser.VisualElementsManifest.xml - + browser/branding/mb-nightly/newtab.ico - + browser/branding/mb-nightly/newwindow.ico - + browser/branding/mb-nightly/pbmode.ico - + browser/branding/mb-nightly/pref/firefox-branding.js - + browser/branding/mb-release/VisualElements_150.png - + browser/branding/mb-release/VisualElements_70.png - + browser/branding/mb-release/configure.sh - + browser/branding/mb-release/content/about-logo.png - + browser/branding/mb-release/content/about-logo.svg - + browser/branding/mb-release/content/about-logo(a)2x.png - + browser/branding/mb-release/content/about-wordmark.svg - + browser/branding/mb-release/content/about.png - + browser/branding/mb-release/content/aboutDialog.css - + browser/branding/mb-release/content/document_pdf.svg - + browser/branding/mb-release/content/firefox-wordmark.svg - + browser/branding/mb-release/content/icon128.png - + browser/branding/mb-release/content/icon16.png - + browser/branding/mb-release/content/icon256.png - + browser/branding/mb-release/content/icon32.png - + browser/branding/mb-release/content/icon48.png - + browser/branding/mb-release/content/icon64.png - + browser/branding/mb-release/content/jar.mn - + browser/branding/mb-release/content/moz.build - + browser/branding/mb-release/content/mullvad-branding.css - + browser/branding/mb-release/default128.png - + browser/branding/mb-release/default16.png - + browser/branding/mb-release/default22.png - + browser/branding/mb-release/default24.png - + browser/branding/mb-release/default256.png - + browser/branding/mb-release/default32.png - + browser/branding/mb-release/default48.png - + browser/branding/mb-release/default64.png - + browser/branding/mb-release/document.icns - + browser/branding/mb-release/document.ico - + browser/branding/mb-release/document_pdf.ico - + browser/branding/mb-release/firefox.icns - + browser/branding/mb-release/firefox.ico - + browser/branding/mb-release/firefox.svg - + browser/branding/mb-release/locales/en-US/brand.ftl - + browser/branding/mb-release/locales/en-US/brand.properties - + browser/branding/mb-release/locales/jar.mn - + browser/branding/mb-release/locales/moz.build - + browser/branding/mb-release/locales/mullvad-about-wordmark-en.ftl - + browser/branding/mb-release/moz.build - + browser/branding/mb-release/mullvadbrowser.VisualElementsManifest.xml - + browser/branding/mb-release/newtab.ico - + browser/branding/mb-release/newwindow.ico - + browser/branding/mb-release/pbmode.ico - + browser/branding/mb-release/pref/firefox-branding.js - browser/components/BrowserContentHandler.sys.mjs - browser/components/BrowserGlue.sys.mjs - browser/components/DesktopActorRegistry.sys.mjs - browser/components/ProfileDataUpgrader.sys.mjs - browser/components/about/AboutRedirector.cpp - browser/components/about/components.conf - browser/components/customizableui/CustomizableUI.sys.mjs - browser/components/moz.build - + browser/components/mullvad-browser/AboutMullvadBrowserChild.sys.mjs - + browser/components/mullvad-browser/AboutMullvadBrowserParent.sys.mjs - + browser/components/mullvad-browser/content/2728-sparkles.svg - + browser/components/mullvad-browser/content/aboutMullvadBrowser.css - + browser/components/mullvad-browser/content/aboutMullvadBrowser.html - + browser/components/mullvad-browser/content/aboutMullvadBrowser.js - + browser/components/mullvad-browser/jar.mn - + browser/components/mullvad-browser/moz.build - browser/components/preferences/home.inc.xhtml - browser/components/preferences/main.js - browser/components/preferences/preferences.xhtml - browser/components/preferences/privacy.inc.xhtml - browser/components/preferences/privacy.js - browser/components/preferences/search.inc.xhtml - browser/components/shell/ShellService.sys.mjs - browser/components/shell/WindowsDefaultBrowser.cpp - browser/components/shell/nsWindowsShellService.cpp - browser/config/mozconfigs/base-browser - + browser/config/mozconfigs/mullvad-browser - browser/installer/package-manifest.in - browser/installer/windows/nsis/updater_append.ini - browser/locales/l10n.toml - browser/modules/HomePage.sys.mjs - browser/moz.build - browser/moz.configure - config/create_rc.py - devtools/client/aboutdebugging/src/actions/runtimes.js - devtools/client/aboutdebugging/src/components/sidebar/Sidebar.js - devtools/client/jar.mn - devtools/client/themes/images/aboutdebugging-firefox-aurora.svg - devtools/client/themes/images/aboutdebugging-firefox-beta.svg - devtools/client/themes/images/aboutdebugging-firefox-logo.svg - devtools/client/themes/images/aboutdebugging-firefox-nightly.svg - devtools/client/themes/images/aboutdebugging-firefox-release.svg - + devtools/client/themes/images/aboutdebugging-mullvadbrowser-logo.svg - docshell/base/nsAboutRedirector.cpp - docshell/build/components.conf - moz.configure - mozconfig-linux-aarch64 - mozconfig-linux-aarch64-dev - mozconfig-linux-x86_64 - mozconfig-linux-x86_64-asan - mozconfig-linux-x86_64-dev - mozconfig-macos - mozconfig-macos-dev - mozconfig-windows-x86_64 - + other-licenses/nsis/Contrib/ApplicationID/Makefile - other-licenses/nsis/Contrib/ApplicationID/Set.cpp - + other-licenses/nsis/Contrib/CityHash/Makefile - toolkit/components/extensions/child/ext-storage.js - toolkit/components/extensions/parent/ext-storage.js - toolkit/components/passwordmgr/LoginHelper.sys.mjs - toolkit/components/search/content/base-browser-search-engine-icons.json - toolkit/components/search/content/base-browser-search-engines.json - + toolkit/components/search/content/brave.svg - + toolkit/components/search/content/mojeek.ico - + toolkit/components/search/content/mullvad-leta.svg - toolkit/components/search/tests/xpcshell/test_base_browser.js - toolkit/components/securitylevel/SecurityLevel.sys.mjs - + toolkit/content/aboutRightsMullvad.xhtml - + toolkit/content/aboutTelemetryMullvad.xhtml - toolkit/content/jar.mn - + toolkit/locales/en-US/toolkit/global/mullvad-browser.ftl - toolkit/mozapps/defaultagent/EventLog.h - toolkit/mozapps/defaultagent/SetDefaultBrowser.cpp - toolkit/mozapps/extensions/AddonManager.sys.mjs - toolkit/mozapps/extensions/content/aboutaddons.css - toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs - toolkit/mozapps/extensions/internal/XPIProvider.sys.mjs - toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der - toolkit/mozapps/update/updater/nightly_aurora_level3_secondary.der - toolkit/mozapps/update/updater/release_primary.der - toolkit/mozapps/update/updater/release_secondary.der - + toolkit/themes/shared/icons/mullvadbrowser.png - toolkit/themes/shared/minimal-toolkit.jar.inc.mn - toolkit/xre/nsAppRunner.cpp - tools/lint/fluent-lint/exclusions.yml - widget/windows/WinTaskbar.cpp - widget/windows/moz.build The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/d4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/d4… You're receiving this email because of your account on gitlab.torproject.org.

1 0