- tbb-commits - lists.torproject.org

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] fixup! Bug 40925: Implemented the Security Level component
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: e155be94 by Pier Angelo Vendrame at 2024-09-03T19:16:01+00:00 fixup! Bug 40925: Implemented the Security Level component Bug 42617: Use DDG's plain HTML variant on Safest. Between 115 and 128 we lost the engine parameter, so we are not given the search engine's ID anymore. So, switch to comparing the hostname instead. - - - - - 1 changed file: - toolkit/components/search/SearchEngine.sys.mjs Changes: ===================================== toolkit/components/search/SearchEngine.sys.mjs ===================================== @@ -12,6 +12,7 @@ ChromeUtils.defineESModuleGetters(lazy, { NimbusFeatures: "resource://nimbus/ExperimentAPI.sys.mjs", SearchSettings: "resource://gre/modules/SearchSettings.sys.mjs", SearchUtils: "resource://gre/modules/SearchUtils.sys.mjs", + SecurityLevelPrefs: "resource://gre/modules/SecurityLevel.sys.mjs", OpenSearchEngine: "resource://gre/modules/OpenSearchEngine.sys.mjs", }); @@ -439,6 +440,26 @@ export class EngineURL { */ getSubmission(searchTerms, queryCharset, purpose) { var url = ParamSubstitution(this.template, searchTerms, queryCharset); + + if ( + lazy.SecurityLevelPrefs?.securityLevel === "safest" && + this.type === lazy.SearchUtils.URL_TYPE.SEARCH + ) { + let host = this.templateHost; + try { + host = Services.eTLD.getBaseDomainFromHost(host); + } catch (ex) { + lazy.logConsole.warn("Failed to get a FPD", ex, host); + } + if ( + host === "duckduckgo.com" || + host === + "duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion" + ) { + url += "html"; + } + } + // Default to searchbar if the purpose is not provided var requestPurpose = purpose || "searchbar"; View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/e15… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/e15… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] fixup! Bug 40925: Implemented the Security Level component
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: f6fce359 by Pier Angelo Vendrame at 2024-09-03T19:15:29+00:00 fixup! Bug 40925: Implemented the Security Level component Bug 42617: Use DDG's plain HTML variant on Safest. Between 115 and 128 we lost the engine parameter, so we are not given the search engine's ID anymore. So, switch to comparing the hostname instead. - - - - - 1 changed file: - toolkit/components/search/SearchEngine.sys.mjs Changes: ===================================== toolkit/components/search/SearchEngine.sys.mjs ===================================== @@ -12,6 +12,7 @@ ChromeUtils.defineESModuleGetters(lazy, { NimbusFeatures: "resource://nimbus/ExperimentAPI.sys.mjs", SearchSettings: "resource://gre/modules/SearchSettings.sys.mjs", SearchUtils: "resource://gre/modules/SearchUtils.sys.mjs", + SecurityLevelPrefs: "resource://gre/modules/SecurityLevel.sys.mjs", OpenSearchEngine: "resource://gre/modules/OpenSearchEngine.sys.mjs", }); @@ -439,6 +440,26 @@ export class EngineURL { */ getSubmission(searchTerms, queryCharset, purpose) { var url = ParamSubstitution(this.template, searchTerms, queryCharset); + + if ( + lazy.SecurityLevelPrefs?.securityLevel === "safest" && + this.type === lazy.SearchUtils.URL_TYPE.SEARCH + ) { + let host = this.templateHost; + try { + host = Services.eTLD.getBaseDomainFromHost(host); + } catch (ex) { + lazy.logConsole.warn("Failed to get a FPD", ex, host); + } + if ( + host === "duckduckgo.com" || + host === + "duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion" + ) { + url += "html"; + } + } + // Default to searchbar if the purpose is not provided var requestPurpose = purpose || "searchbar"; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/f6fce35… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/f6fce35… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] fixup! Bug 40925: Implemented the Security Level component
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: cf748728 by Pier Angelo Vendrame at 2024-09-03T19:12:17+00:00 fixup! Bug 40925: Implemented the Security Level component Bug 42617: Use DDG's plain HTML variant on Safest. Between 115 and 128 we lost the engine parameter, so we are not given the search engine's ID anymore. So, switch to comparing the hostname instead. - - - - - 1 changed file: - toolkit/components/search/SearchEngine.sys.mjs Changes: ===================================== toolkit/components/search/SearchEngine.sys.mjs ===================================== @@ -12,6 +12,7 @@ ChromeUtils.defineESModuleGetters(lazy, { NimbusFeatures: "resource://nimbus/ExperimentAPI.sys.mjs", SearchSettings: "resource://gre/modules/SearchSettings.sys.mjs", SearchUtils: "resource://gre/modules/SearchUtils.sys.mjs", + SecurityLevelPrefs: "resource://gre/modules/SecurityLevel.sys.mjs", OpenSearchEngine: "resource://gre/modules/OpenSearchEngine.sys.mjs", }); @@ -439,6 +440,26 @@ export class EngineURL { */ getSubmission(searchTerms, queryCharset, purpose) { var url = ParamSubstitution(this.template, searchTerms, queryCharset); + + if ( + lazy.SecurityLevelPrefs?.securityLevel === "safest" && + this.type === lazy.SearchUtils.URL_TYPE.SEARCH + ) { + let host = this.templateHost; + try { + host = Services.eTLD.getBaseDomainFromHost(host); + } catch (ex) { + lazy.logConsole.warn("Failed to get a FPD", ex, host); + } + if ( + host === "duckduckgo.com" || + host === + "duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion" + ) { + url += "html"; + } + } + // Default to searchbar if the purpose is not provided var requestPurpose = purpose || "searchbar"; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/cf74872… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/cf74872… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 52751687 by Morgan at 2024-09-03T18:51:16+00:00 fixup! Firefox preference overrides. added comment about disabling webcompat reporter - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -292,6 +292,8 @@ pref("browser.preferences.moreFromMozilla", false); // Disable the screenshot menu when right-clicking (Bug #40912 and #40007) pref("extensions.screenshots.disabled", true); + +// Disable webcompat reporter pref("extensions.webcompat-reporter.enabled", false); // Disable contentRelevancy component (which itself is gated on Nimbus) (tor-browser#42867) View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/527… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/527… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 7af0953f by Morgan at 2024-09-03T18:50:32+00:00 fixup! Firefox preference overrides. added comment about disabling webcompat reporter - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -292,6 +292,8 @@ pref("browser.preferences.moreFromMozilla", false); // Disable the screenshot menu when right-clicking (Bug #40912 and #40007) pref("extensions.screenshots.disabled", true); + +// Disable webcompat reporter pref("extensions.webcompat-reporter.enabled", false); // Disable contentRelevancy component (which itself is gated on Nimbus) (tor-browser#42867) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7af0953… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7af0953… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 9f472cf0 by Morgan at 2024-09-03T18:49:42+00:00 fixup! Firefox preference overrides. added comment about disabling webcompat reporter - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -292,6 +292,8 @@ pref("browser.preferences.moreFromMozilla", false); // Disable the screenshot menu when right-clicking (Bug #40912 and #40007) pref("extensions.screenshots.disabled", true); + +// Disable webcompat reporter pref("extensions.webcompat-reporter.enabled", false); // Disable contentRelevancy component (which itself is gated on Nimbus) (tor-browser#42867) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9f472cf… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9f472cf… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] 3 commits: fixup! MB 234: Disable OS spoofing in HTTP User-Agent.
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 0fb56325 by Morgan at 2024-09-03T18:31:58+00:00 fixup! MB 234: Disable OS spoofing in HTTP User-Agent. - - - - - f05617a0 by Pier Angelo Vendrame at 2024-09-03T18:32:13+00:00 Bug 42647: Make OS HTTP User-Agent OS spoofing configurable by pref This commits makes it possible to disable OS spoofing in the HTTP User-Agent header, to see if matching header and JS property improve usability. - - - - - ff3f38f0 by Morgan at 2024-09-03T18:34:37+00:00 fixup! MB 38: Mullvad Browser configuration - - - - - 0 changed files: Changes: View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/45… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/45… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] Bug 42647: Make OS HTTP User-Agent OS spoofing configurable by pref
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: fbb66fd9 by Pier Angelo Vendrame at 2024-09-03T18:29:34+00:00 Bug 42647: Make OS HTTP User-Agent OS spoofing configurable by pref This commits makes it possible to disable OS spoofing in the HTTP User-Agent header, to see if matching header and JS property improve usability. - - - - - 2 changed files: - netwerk/protocol/http/nsHttpHandler.cpp - toolkit/components/resistfingerprinting/nsRFPService.cpp Changes: ===================================== netwerk/protocol/http/nsHttpHandler.cpp ===================================== @@ -482,6 +482,9 @@ nsresult nsHttpHandler::Init() { // obsService->AddObserver(this, "net:failed-to-process-uri-content", true); } + Preferences::AddWeakObserver( + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns); + MakeNewRequestTokenBucket(); mWifiTickler = new Tickler(); if (NS_FAILED(mWifiTickler->Init())) mWifiTickler = nullptr; @@ -2105,6 +2108,9 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, // Inform nsIOService that network is tearing down. gIOService->SetHttpHandlerAlreadyShutingDown(); + Preferences::RemoveObserver( + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns); + ShutdownConnectionManager(); // need to reset the session start time since cache validation may @@ -2227,6 +2233,11 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, ShutdownConnectionManager(); mConnMgr = nullptr; Unused << InitConnectionMgr(); + } else if (!strcmp(topic, "nsPref:changed") && + !NS_strcmp( + data, + u"privacy.resistFingerprinting.spoofOsInUserAgentHeader")) { + nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent, true); } return NS_OK; ===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -904,12 +904,17 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, // https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent + const bool spoofOs = + isForHTTPHeader && + Preferences::GetBool( + "privacy.resistFingerprinting.spoofOsInUserAgentHeader", true); + // These magic numbers are the lengths of the UA string literals below. // Assume three-digit Firefox version numbers so we have room to grow. size_t preallocatedLength = 13 + - (isForHTTPHeader ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS) - : mozilla::ArrayLength(SPOOFED_UA_OS)) - + (spoofOs ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS) + : mozilla::ArrayLength(SPOOFED_UA_OS)) - 1 + 5 + 3 + 10 + mozilla::ArrayLength(LEGACY_UA_GECKO_TRAIL) - 1 + 9 + 3 + 2; userAgent.SetCapacity(preallocatedLength); @@ -917,7 +922,7 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, // "Mozilla/5.0 (%s; rv:%d.0) Gecko/%d Firefox/%d.0" userAgent.AssignLiteral("Mozilla/5.0 ("); - if (isForHTTPHeader) { + if (spoofOs) { userAgent.AppendLiteral(SPOOFED_HTTP_UA_OS); } else { userAgent.AppendLiteral(SPOOFED_UA_OS); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fbb66fd… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/fbb66fd… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] 2 commits: Bug 42647: Make OS HTTP User-Agent OS spoofing configurable by pref
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 7212e70e by Pier Angelo Vendrame at 2024-09-03T17:37:00+00:00 Bug 42647: Make OS HTTP User-Agent OS spoofing configurable by pref This commits makes it possible to disable OS spoofing in the HTTP User-Agent header, to see if matching header and JS property improve usability. - - - - - fd5b26f4 by Morgan at 2024-09-03T17:38:32+00:00 fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js set privacy.resistFingerprinting.spoofOsInUserAgentHeader to true for now - - - - - 3 changed files: - browser/app/profile/000-tor-browser.js - netwerk/protocol/http/nsHttpHandler.cpp - toolkit/components/resistfingerprinting/nsRFPService.cpp Changes: ===================================== browser/app/profile/000-tor-browser.js ===================================== @@ -52,6 +52,10 @@ pref("network.http.connection-retry-timeout", 0); // be reduced to the strictly required time). pref("extensions.torbutton.use_nontor_proxy", false); +// tor-browser#42647: Make OS HTTP User-Agent OS spoofing configurable by pref +// TODO: flip to false when we're happy this is not a privacy issue +pref("privacy.resistFingerprinting.spoofOsInUserAgentHeader", true); + // Browser home page: pref("browser.startup.homepage", "about:tor"); ===================================== netwerk/protocol/http/nsHttpHandler.cpp ===================================== @@ -482,6 +482,9 @@ nsresult nsHttpHandler::Init() { // obsService->AddObserver(this, "net:failed-to-process-uri-content", true); } + Preferences::AddWeakObserver( + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns); + MakeNewRequestTokenBucket(); mWifiTickler = new Tickler(); if (NS_FAILED(mWifiTickler->Init())) mWifiTickler = nullptr; @@ -2105,6 +2108,9 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, // Inform nsIOService that network is tearing down. gIOService->SetHttpHandlerAlreadyShutingDown(); + Preferences::RemoveObserver( + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns); + ShutdownConnectionManager(); // need to reset the session start time since cache validation may @@ -2227,6 +2233,11 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, ShutdownConnectionManager(); mConnMgr = nullptr; Unused << InitConnectionMgr(); + } else if (!strcmp(topic, "nsPref:changed") && + !NS_strcmp( + data, + u"privacy.resistFingerprinting.spoofOsInUserAgentHeader")) { + nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent, true); } return NS_OK; ===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -904,12 +904,17 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, // https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent + const bool spoofOs = + isForHTTPHeader && + Preferences::GetBool( + "privacy.resistFingerprinting.spoofOsInUserAgentHeader", true); + // These magic numbers are the lengths of the UA string literals below. // Assume three-digit Firefox version numbers so we have room to grow. size_t preallocatedLength = 13 + - (isForHTTPHeader ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS) - : mozilla::ArrayLength(SPOOFED_UA_OS)) - + (spoofOs ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS) + : mozilla::ArrayLength(SPOOFED_UA_OS)) - 1 + 5 + 3 + 10 + mozilla::ArrayLength(LEGACY_UA_GECKO_TRAIL) - 1 + 9 + 3 + 2; userAgent.SetCapacity(preallocatedLength); @@ -917,7 +922,7 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, // "Mozilla/5.0 (%s; rv:%d.0) Gecko/%d Firefox/%d.0" userAgent.AssignLiteral("Mozilla/5.0 ("); - if (isForHTTPHeader) { + if (spoofOs) { userAgent.AppendLiteral(SPOOFED_HTTP_UA_OS); } else { userAgent.AppendLiteral(SPOOFED_UA_OS); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/7ec83a… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/7ec83a… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-bundle-testsuite][main] Update nightly build email list:
by boklm (＠boklm) 03 Sep '24

03 Sep '24

boklm pushed to branch main at The Tor Project / Applications / tor-browser-bundle-testsuite Commits: d52e9273 by Morgan at 2024-08-24T22:00:00+00:00 Update nightly build email list: - removed richard - added bea, clairehurst, jwilde, and morgan - - - - - 1 changed file: - config/tb-build-06.torproject.org Changes: ===================================== config/tb-build-06.torproject.org ===================================== @@ -49,12 +49,15 @@ my %res = ( 'email-subject' => '[build result: [% success ? "ok" : "failed" %]] [% options.name %]', 'email-report' => 1, 'email-to' => [ + 'bea(a)torproject.org', 'boklm(a)torproject.org', + 'clairehurst(a)torproject.org', 'dan(a)torproject.org', 'henry(a)torproject.org', + 'jwilde(a)torproject.org', 'ma1(a)torproject.org', + 'morgan(a)torproject.org', 'pierov(a)torproject.org', - 'richard(a)torproject.org', ], 'email-from' => 'Tor Browser Nightly Builds <tb-builder(a)tb-build-06.torproject.org>', 'test_post' => $run_rsync, View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-bundle-testsuite… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-bundle-testsuite… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.15.0esr-13.5-1] Revert "Add CI for Base Browser"
by Pier Angelo Vendrame (＠pierov) 03 Sep '24

03 Sep '24

Pier Angelo Vendrame pushed to branch mullvad-browser-115.15.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 78df92f5 by Beatriz Rizental at 2024-09-03T16:03:17+02:00 Revert "Add CI for Base Browser" This reverts commit 8a16305a6f2ee34e9e7fe7c0ce3f7edf407ebcc6. - - - - - 3 changed files: - − .gitlab-ci.yml - − .gitlab/ci/lint.yml - − .gitlab/ci/scripts/run_linters.py Changes: ===================================== .gitlab-ci.yml deleted ===================================== @@ -1,5 +0,0 @@ -stages: - - lint - -include: - - local: '.gitlab/ci/lint.yml' ===================================== .gitlab/ci/lint.yml deleted ===================================== @@ -1,319 +0,0 @@ -variables: - # This needs to be kept in sync with the max Python version accepted by ./mach - PYTHON_VERSION: "3.11.7" - -.base: - stage: lint - interruptible: true - variables: - PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip" - cache: - paths: - - node_modules - - .cache/pip - -eslint: - extends: .base - image: cimg/python:$PYTHON_VERSION-node - script: - - .gitlab/ci/scripts/run_linters.py eslint - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - # Files that are likely audited. - - '**/*.js' - - '**/*.jsm' - - '**/*.json' - - '**/*.jsx' - - '**/*.mjs' - - '**/*.sjs' - - '**/*.html' - - '**/*.xhtml' - - '**/*.xml' - - 'tools/lint/eslint.yml' - # Run when eslint policies change. - - '**/.eslintignore' - - '**/*eslintrc*' - # The plugin implementing custom checks. - - 'tools/lint/eslint/eslint-plugin-mozilla/**' - - 'tools/lint/eslint/eslint-plugin-spidermonkey-js/**' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -stylelint: - extends: .base - image: cimg/python:$PYTHON_VERSION-node - script: - - .gitlab/ci/scripts/run_linters.py stylelint - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - # Files that are likely audited. - - '**/*.css' - - 'tools/lint/styleint.yml' - # Run when stylelint policies change. - - '**/.stylelintignore' - - '**/*stylelintrc*' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -py-black: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py black - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - # The list of extensions should match tools/lint/black.yml - - '**/*.py' - - '**/moz.build' - - '**/*.configure' - - '**/*.mozbuild' - - 'pyproject.toml' - - 'tools/lint/black.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -py-ruff: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py ruff - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.py' - - '**/*.configure' - - '**/.ruff.toml' - - 'pyproject.toml' - - 'tools/lint/ruff.yml' - - 'tools/lint/python/ruff.py' - - 'tools/lint/python/ruff_requirements.txt' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -yaml: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py yaml - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.yml' - - '**/*.yaml' - - '**/.ymllint' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -shellcheck: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py shellcheck - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.sh' - - 'tools/lint/shellcheck.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -clang-format: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py clang-format - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.cpp' - - '**/*.c' - - '**/*.cc' - - '**/*.h' - - '**/*.m' - - '**/*.mm' - - 'tools/lint/clang-format.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -rustfmt: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py rustfmt - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.rs' - - 'tools/lint/rustfmt.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -fluent-lint: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py fluent-lint - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.ftl' - - 'tools/lint/fluent-lint.yml' - - 'tools/lint/fluent-lint/exclusions.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -localization: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py l10n - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/locales/en-US/**' - - '**/l10n.toml' - - 'third_party/python/compare-locales/**' - - 'third_party/python/fluent/**' - - 'tools/lint/l10n.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -mingw-capitalization: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py mingw-capitalization - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.cpp' - - '**/*.cc' - - '**/*.c' - - '**/*.h' - - 'tools/lint/mingw-capitalization.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -mscom-init: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py mscom-init - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.cpp' - - '**/*.cc' - - '**/*.c' - - '**/*.h' - - 'tools/lint/mscom-init.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -file-whitespace: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py file-whitespace - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.c' - - '**/*.cc' - - '**/*.cpp' - - '**/*.css' - - '**/*.dtd' - - '**/*.idl' - - '**/*.ftl' - - '**/*.h' - - '**/*.html' - - '**/*.md' - - '**/*.properties' - - '**/*.py' - - '**/*.rs' - - '**/*.rst' - - '**/*.webidl' - - '**/*.xhtml' - - 'tools/lint/file-whitespace.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -test-manifest: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py test-manifest-alpha test-manifest-disable test-manifest-skip-if - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.ini' - - 'python/mozlint/**' - - 'tools/lint/**' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -trojan-source: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py trojan-source - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.c' - - '**/*.cc' - - '**/*.cpp' - - '**/*.h' - - '**/*.py' - - '**/*.rs' - - 'tools/lint/trojan-source.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' ===================================== .gitlab/ci/scripts/run_linters.py deleted ===================================== @@ -1,110 +0,0 @@ -#!/usr/bin/env python3 - -import argparse -import os -import re -import shlex -import subprocess -import sys - - -def git(command): - result = subprocess.run( - ["git"] + shlex.split(command), check=True, capture_output=True, text=True - ) - return result.stdout.strip() - - -def get_firefox_tag_from_branch_name(branch_name): - """Extracts the Firefox tag associated with a branch name. - - The "firefox tag" is the tag that marks - the end of the Mozilla commits and the start of the Tor Project commits. - - Know issue: If ever there is more than one tag per Firefox ESR version, - this function may return the incorrect reference number. - - Args: - branch_name: The branch name to extract the tag from. - Expected format is tor-browser-91.2.0esr-11.0-1, - where 91.2.0esr is the Firefox version. - - Returns: - The reference specifier of the matching Firefox tag. - An exception wil be raised if anything goes wrong. - """ - - # Extracts the version number from a branch name. - firefox_version = "" - match = re.search(r"(?<=browser-)([^-]+)", branch_name) - if match: - # TODO: Validate that what we got is actually a valid semver string? - firefox_version = match.group(1) - else: - raise ValueError(f"Failed to extract version from branch name '{branch_name}'.") - - tag = f"FIREFOX_{firefox_version.replace('.', '_')}_" - remote_tags = git("ls-remote --tags") - - # Each line looks like: - # 9edd658bfd03a6b4743ecb75fd4a9ad968603715 refs/tags/FIREFOX_91_9_0esr_BUILD1 - pattern = rf"(.*){re.escape(tag)}(.*)$" - match = re.search(pattern, remote_tags, flags=re.MULTILINE) - if match: - return match.group(0).split()[0] - else: - raise ValueError( - f"Failed to find reference specifier for Firefox tag in branch '{branch_name}'." - ) - - -def get_list_of_changed_files(): - """Gets a list of files changed in the working directory. - - This function is meant to be run inside the Gitlab CI environment. - - When running in a default branch, get the list of changed files since the last Firefox tag. - When running for a new MR commit, get a list of changed files in the current MR. - - Returns: - A list of filenames of changed files (excluding deleted files). - An exception wil be raised if anything goes wrong. - """ - - base_reference = "" - - if os.getenv("CI_PIPELINE_SOURCE") == "merge_request_event": - # For merge requests, the base_reference is the common ancestor between the MR and the target branch. - base_reference = os.getenv("CI_MERGE_REQUEST_DIFF_BASE_SHA") - else: - # When not in merge requests, the base reference is the Firefox tag - base_reference = get_firefox_tag_from_branch_name(os.getenv("CI_COMMIT_BRANCH")) - - if not base_reference: - raise RuntimeError("No base reference found. There might be more errors above.") - - # Fetch the tag reference - git(f"fetch origin {base_reference} --depth=1 --filter=blob:none") - # Return the list of changed files - return git(f"diff --diff-filter=d --name-only {base_reference} HEAD").split("\n") - - -if __name__ == "__main__": - parser = argparse.ArgumentParser( - description="Run ./mach linters in CI. Warning: if you run this in your local environment it might mess up your git history." - ) - parser.add_argument( - "linters", metavar="L", type=str, nargs="+", help="A list of linters to run." - ) - args = parser.parse_args() - - command = [ - "./mach", - "lint", - "-v", - *(s for l in args.linters for s in ("-l", l)), - *get_list_of_changed_files(), - ] - result = subprocess.run(command, text=True) - - sys.exit(result.returncode) View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/78d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/78d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.15.0esr-13.5-1] Revert "Add CI for Base Browser"
by Pier Angelo Vendrame (＠pierov) 03 Sep '24

03 Sep '24

Pier Angelo Vendrame pushed to branch base-browser-115.15.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: d76fda41 by Beatriz Rizental at 2024-09-03T16:02:38+02:00 Revert "Add CI for Base Browser" This reverts commit 8a16305a6f2ee34e9e7fe7c0ce3f7edf407ebcc6. - - - - - 3 changed files: - − .gitlab-ci.yml - − .gitlab/ci/lint.yml - − .gitlab/ci/scripts/run_linters.py Changes: ===================================== .gitlab-ci.yml deleted ===================================== @@ -1,5 +0,0 @@ -stages: - - lint - -include: - - local: '.gitlab/ci/lint.yml' ===================================== .gitlab/ci/lint.yml deleted ===================================== @@ -1,319 +0,0 @@ -variables: - # This needs to be kept in sync with the max Python version accepted by ./mach - PYTHON_VERSION: "3.11.7" - -.base: - stage: lint - interruptible: true - variables: - PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip" - cache: - paths: - - node_modules - - .cache/pip - -eslint: - extends: .base - image: cimg/python:$PYTHON_VERSION-node - script: - - .gitlab/ci/scripts/run_linters.py eslint - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - # Files that are likely audited. - - '**/*.js' - - '**/*.jsm' - - '**/*.json' - - '**/*.jsx' - - '**/*.mjs' - - '**/*.sjs' - - '**/*.html' - - '**/*.xhtml' - - '**/*.xml' - - 'tools/lint/eslint.yml' - # Run when eslint policies change. - - '**/.eslintignore' - - '**/*eslintrc*' - # The plugin implementing custom checks. - - 'tools/lint/eslint/eslint-plugin-mozilla/**' - - 'tools/lint/eslint/eslint-plugin-spidermonkey-js/**' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -stylelint: - extends: .base - image: cimg/python:$PYTHON_VERSION-node - script: - - .gitlab/ci/scripts/run_linters.py stylelint - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - # Files that are likely audited. - - '**/*.css' - - 'tools/lint/styleint.yml' - # Run when stylelint policies change. - - '**/.stylelintignore' - - '**/*stylelintrc*' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -py-black: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py black - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - # The list of extensions should match tools/lint/black.yml - - '**/*.py' - - '**/moz.build' - - '**/*.configure' - - '**/*.mozbuild' - - 'pyproject.toml' - - 'tools/lint/black.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -py-ruff: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py ruff - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.py' - - '**/*.configure' - - '**/.ruff.toml' - - 'pyproject.toml' - - 'tools/lint/ruff.yml' - - 'tools/lint/python/ruff.py' - - 'tools/lint/python/ruff_requirements.txt' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -yaml: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py yaml - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.yml' - - '**/*.yaml' - - '**/.ymllint' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -shellcheck: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py shellcheck - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.sh' - - 'tools/lint/shellcheck.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -clang-format: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py clang-format - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.cpp' - - '**/*.c' - - '**/*.cc' - - '**/*.h' - - '**/*.m' - - '**/*.mm' - - 'tools/lint/clang-format.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -rustfmt: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py rustfmt - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.rs' - - 'tools/lint/rustfmt.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -fluent-lint: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py fluent-lint - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.ftl' - - 'tools/lint/fluent-lint.yml' - - 'tools/lint/fluent-lint/exclusions.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -localization: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py l10n - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/locales/en-US/**' - - '**/l10n.toml' - - 'third_party/python/compare-locales/**' - - 'third_party/python/fluent/**' - - 'tools/lint/l10n.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -mingw-capitalization: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py mingw-capitalization - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.cpp' - - '**/*.cc' - - '**/*.c' - - '**/*.h' - - 'tools/lint/mingw-capitalization.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -mscom-init: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py mscom-init - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.cpp' - - '**/*.cc' - - '**/*.c' - - '**/*.h' - - 'tools/lint/mscom-init.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -file-whitespace: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py file-whitespace - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.c' - - '**/*.cc' - - '**/*.cpp' - - '**/*.css' - - '**/*.dtd' - - '**/*.idl' - - '**/*.ftl' - - '**/*.h' - - '**/*.html' - - '**/*.md' - - '**/*.properties' - - '**/*.py' - - '**/*.rs' - - '**/*.rst' - - '**/*.webidl' - - '**/*.xhtml' - - 'tools/lint/file-whitespace.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -test-manifest: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py test-manifest-alpha test-manifest-disable test-manifest-skip-if - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.ini' - - 'python/mozlint/**' - - 'tools/lint/**' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -trojan-source: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py trojan-source - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.c' - - '**/*.cc' - - '**/*.cpp' - - '**/*.h' - - '**/*.py' - - '**/*.rs' - - 'tools/lint/trojan-source.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' ===================================== .gitlab/ci/scripts/run_linters.py deleted ===================================== @@ -1,110 +0,0 @@ -#!/usr/bin/env python3 - -import argparse -import os -import re -import shlex -import subprocess -import sys - - -def git(command): - result = subprocess.run( - ["git"] + shlex.split(command), check=True, capture_output=True, text=True - ) - return result.stdout.strip() - - -def get_firefox_tag_from_branch_name(branch_name): - """Extracts the Firefox tag associated with a branch name. - - The "firefox tag" is the tag that marks - the end of the Mozilla commits and the start of the Tor Project commits. - - Know issue: If ever there is more than one tag per Firefox ESR version, - this function may return the incorrect reference number. - - Args: - branch_name: The branch name to extract the tag from. - Expected format is tor-browser-91.2.0esr-11.0-1, - where 91.2.0esr is the Firefox version. - - Returns: - The reference specifier of the matching Firefox tag. - An exception wil be raised if anything goes wrong. - """ - - # Extracts the version number from a branch name. - firefox_version = "" - match = re.search(r"(?<=browser-)([^-]+)", branch_name) - if match: - # TODO: Validate that what we got is actually a valid semver string? - firefox_version = match.group(1) - else: - raise ValueError(f"Failed to extract version from branch name '{branch_name}'.") - - tag = f"FIREFOX_{firefox_version.replace('.', '_')}_" - remote_tags = git("ls-remote --tags") - - # Each line looks like: - # 9edd658bfd03a6b4743ecb75fd4a9ad968603715 refs/tags/FIREFOX_91_9_0esr_BUILD1 - pattern = rf"(.*){re.escape(tag)}(.*)$" - match = re.search(pattern, remote_tags, flags=re.MULTILINE) - if match: - return match.group(0).split()[0] - else: - raise ValueError( - f"Failed to find reference specifier for Firefox tag in branch '{branch_name}'." - ) - - -def get_list_of_changed_files(): - """Gets a list of files changed in the working directory. - - This function is meant to be run inside the Gitlab CI environment. - - When running in a default branch, get the list of changed files since the last Firefox tag. - When running for a new MR commit, get a list of changed files in the current MR. - - Returns: - A list of filenames of changed files (excluding deleted files). - An exception wil be raised if anything goes wrong. - """ - - base_reference = "" - - if os.getenv("CI_PIPELINE_SOURCE") == "merge_request_event": - # For merge requests, the base_reference is the common ancestor between the MR and the target branch. - base_reference = os.getenv("CI_MERGE_REQUEST_DIFF_BASE_SHA") - else: - # When not in merge requests, the base reference is the Firefox tag - base_reference = get_firefox_tag_from_branch_name(os.getenv("CI_COMMIT_BRANCH")) - - if not base_reference: - raise RuntimeError("No base reference found. There might be more errors above.") - - # Fetch the tag reference - git(f"fetch origin {base_reference} --depth=1 --filter=blob:none") - # Return the list of changed files - return git(f"diff --diff-filter=d --name-only {base_reference} HEAD").split("\n") - - -if __name__ == "__main__": - parser = argparse.ArgumentParser( - description="Run ./mach linters in CI. Warning: if you run this in your local environment it might mess up your git history." - ) - parser.add_argument( - "linters", metavar="L", type=str, nargs="+", help="A list of linters to run." - ) - args = parser.parse_args() - - command = [ - "./mach", - "lint", - "-v", - *(s for l in args.linters for s in ("-l", l)), - *get_list_of_changed_files(), - ] - result = subprocess.run(command, text=True) - - sys.exit(result.returncode) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d76fda4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d76fda4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.15.0esr-13.5-2] 3 commits: Revert "Add CI for Tor Browser"
by Pier Angelo Vendrame (＠pierov) 03 Sep '24

03 Sep '24

Pier Angelo Vendrame pushed to branch tor-browser-115.15.0esr-13.5-2 at The Tor Project / Applications / Tor Browser Commits: be3d1926 by Beatriz Rizental at 2024-09-03T15:57:55+02:00 Revert "Add CI for Tor Browser" This reverts commit da96aaddf555f72ecf3c5c50c7c563f943c78af4. - - - - - 7dc3fa8c by Beatriz Rizental at 2024-09-03T15:58:11+02:00 Revert "Add CI for Base Browser" This reverts commit 8a16305a6f2ee34e9e7fe7c0ce3f7edf407ebcc6. - - - - - 29336f2e by Beatriz Rizental at 2024-09-03T16:00:30+02:00 Add CI for Tor Browser - - - - - 3 changed files: - .gitlab-ci.yml - − .gitlab/ci/lint.yml - − .gitlab/ci/scripts/run_linters.py Changes: ===================================== .gitlab-ci.yml ===================================== @@ -1,7 +1,5 @@ stages: - - lint - update-translations include: - - local: '.gitlab/ci/lint.yml' - local: '.gitlab/ci/update-translations.yml' ===================================== .gitlab/ci/lint.yml deleted ===================================== @@ -1,319 +0,0 @@ -variables: - # This needs to be kept in sync with the max Python version accepted by ./mach - PYTHON_VERSION: "3.11.7" - -.base: - stage: lint - interruptible: true - variables: - PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip" - cache: - paths: - - node_modules - - .cache/pip - -eslint: - extends: .base - image: cimg/python:$PYTHON_VERSION-node - script: - - .gitlab/ci/scripts/run_linters.py eslint - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - # Files that are likely audited. - - '**/*.js' - - '**/*.jsm' - - '**/*.json' - - '**/*.jsx' - - '**/*.mjs' - - '**/*.sjs' - - '**/*.html' - - '**/*.xhtml' - - '**/*.xml' - - 'tools/lint/eslint.yml' - # Run when eslint policies change. - - '**/.eslintignore' - - '**/*eslintrc*' - # The plugin implementing custom checks. - - 'tools/lint/eslint/eslint-plugin-mozilla/**' - - 'tools/lint/eslint/eslint-plugin-spidermonkey-js/**' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -stylelint: - extends: .base - image: cimg/python:$PYTHON_VERSION-node - script: - - .gitlab/ci/scripts/run_linters.py stylelint - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - # Files that are likely audited. - - '**/*.css' - - 'tools/lint/styleint.yml' - # Run when stylelint policies change. - - '**/.stylelintignore' - - '**/*stylelintrc*' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -py-black: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py black - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - # The list of extensions should match tools/lint/black.yml - - '**/*.py' - - '**/moz.build' - - '**/*.configure' - - '**/*.mozbuild' - - 'pyproject.toml' - - 'tools/lint/black.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -py-ruff: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py ruff - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.py' - - '**/*.configure' - - '**/.ruff.toml' - - 'pyproject.toml' - - 'tools/lint/ruff.yml' - - 'tools/lint/python/ruff.py' - - 'tools/lint/python/ruff_requirements.txt' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -yaml: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py yaml - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.yml' - - '**/*.yaml' - - '**/.ymllint' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -shellcheck: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py shellcheck - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.sh' - - 'tools/lint/shellcheck.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -clang-format: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py clang-format - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.cpp' - - '**/*.c' - - '**/*.cc' - - '**/*.h' - - '**/*.m' - - '**/*.mm' - - 'tools/lint/clang-format.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -rustfmt: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py rustfmt - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.rs' - - 'tools/lint/rustfmt.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -fluent-lint: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py fluent-lint - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.ftl' - - 'tools/lint/fluent-lint.yml' - - 'tools/lint/fluent-lint/exclusions.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -localization: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py l10n - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/locales/en-US/**' - - '**/l10n.toml' - - 'third_party/python/compare-locales/**' - - 'third_party/python/fluent/**' - - 'tools/lint/l10n.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -mingw-capitalization: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py mingw-capitalization - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.cpp' - - '**/*.cc' - - '**/*.c' - - '**/*.h' - - 'tools/lint/mingw-capitalization.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -mscom-init: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py mscom-init - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.cpp' - - '**/*.cc' - - '**/*.c' - - '**/*.h' - - 'tools/lint/mscom-init.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -file-whitespace: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py file-whitespace - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.c' - - '**/*.cc' - - '**/*.cpp' - - '**/*.css' - - '**/*.dtd' - - '**/*.idl' - - '**/*.ftl' - - '**/*.h' - - '**/*.html' - - '**/*.md' - - '**/*.properties' - - '**/*.py' - - '**/*.rs' - - '**/*.rst' - - '**/*.webidl' - - '**/*.xhtml' - - 'tools/lint/file-whitespace.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -test-manifest: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py test-manifest-alpha test-manifest-disable test-manifest-skip-if - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.ini' - - 'python/mozlint/**' - - 'tools/lint/**' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' - -trojan-source: - extends: .base - image: cimg/python:$PYTHON_VERSION - script: - - .gitlab/ci/scripts/run_linters.py trojan-source - rules: - - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - changes: - # List copied from: taskcluster/ci/source-test/mozlint.yml - # - - '**/*.c' - - '**/*.cc' - - '**/*.cpp' - - '**/*.h' - - '**/*.py' - - '**/*.rs' - - 'tools/lint/trojan-source.yml' - # Run job whenever a new tag is created - # or whenever a commit is merged to a protected branch - - if: $CI_COMMIT_TAG || $CI_COMMIT_REF_PROTECTED == 'true' ===================================== .gitlab/ci/scripts/run_linters.py deleted ===================================== @@ -1,110 +0,0 @@ -#!/usr/bin/env python3 - -import argparse -import os -import re -import shlex -import subprocess -import sys - - -def git(command): - result = subprocess.run( - ["git"] + shlex.split(command), check=True, capture_output=True, text=True - ) - return result.stdout.strip() - - -def get_firefox_tag_from_branch_name(branch_name): - """Extracts the Firefox tag associated with a branch name. - - The "firefox tag" is the tag that marks - the end of the Mozilla commits and the start of the Tor Project commits. - - Know issue: If ever there is more than one tag per Firefox ESR version, - this function may return the incorrect reference number. - - Args: - branch_name: The branch name to extract the tag from. - Expected format is tor-browser-91.2.0esr-11.0-1, - where 91.2.0esr is the Firefox version. - - Returns: - The reference specifier of the matching Firefox tag. - An exception wil be raised if anything goes wrong. - """ - - # Extracts the version number from a branch name. - firefox_version = "" - match = re.search(r"(?<=browser-)([^-]+)", branch_name) - if match: - # TODO: Validate that what we got is actually a valid semver string? - firefox_version = match.group(1) - else: - raise ValueError(f"Failed to extract version from branch name '{branch_name}'.") - - tag = f"FIREFOX_{firefox_version.replace('.', '_')}_" - remote_tags = git("ls-remote --tags") - - # Each line looks like: - # 9edd658bfd03a6b4743ecb75fd4a9ad968603715 refs/tags/FIREFOX_91_9_0esr_BUILD1 - pattern = rf"(.*){re.escape(tag)}(.*)$" - match = re.search(pattern, remote_tags, flags=re.MULTILINE) - if match: - return match.group(0).split()[0] - else: - raise ValueError( - f"Failed to find reference specifier for Firefox tag in branch '{branch_name}'." - ) - - -def get_list_of_changed_files(): - """Gets a list of files changed in the working directory. - - This function is meant to be run inside the Gitlab CI environment. - - When running in a default branch, get the list of changed files since the last Firefox tag. - When running for a new MR commit, get a list of changed files in the current MR. - - Returns: - A list of filenames of changed files (excluding deleted files). - An exception wil be raised if anything goes wrong. - """ - - base_reference = "" - - if os.getenv("CI_PIPELINE_SOURCE") == "merge_request_event": - # For merge requests, the base_reference is the common ancestor between the MR and the target branch. - base_reference = os.getenv("CI_MERGE_REQUEST_DIFF_BASE_SHA") - else: - # When not in merge requests, the base reference is the Firefox tag - base_reference = get_firefox_tag_from_branch_name(os.getenv("CI_COMMIT_BRANCH")) - - if not base_reference: - raise RuntimeError("No base reference found. There might be more errors above.") - - # Fetch the tag reference - git(f"fetch origin {base_reference} --depth=1 --filter=blob:none") - # Return the list of changed files - return git(f"diff --diff-filter=d --name-only {base_reference} HEAD").split("\n") - - -if __name__ == "__main__": - parser = argparse.ArgumentParser( - description="Run ./mach linters in CI. Warning: if you run this in your local environment it might mess up your git history." - ) - parser.add_argument( - "linters", metavar="L", type=str, nargs="+", help="A list of linters to run." - ) - args = parser.parse_args() - - command = [ - "./mach", - "lint", - "-v", - *(s for l in args.linters for s in ("-l", l)), - *get_list_of_changed_files(), - ] - result = subprocess.run(command, text=True) - - sys.exit(result.returncode) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ff2ba9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/ff2ba9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag mb-13.5.3-build1
by Pier Angelo Vendrame (＠pierov) 03 Sep '24

03 Sep '24

Pier Angelo Vendrame pushed new tag mb-13.5.3-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/mb-… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-13.5.3-build1
by Pier Angelo Vendrame (＠pierov) 03 Sep '24

03 Sep '24

Pier Angelo Vendrame pushed new tag tbb-13.5.3-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] 2 commits: Bug 41213: Update the update_manual.py script to notify when no changes needed
by Pier Angelo Vendrame (＠pierov) 03 Sep '24

03 Sep '24

Pier Angelo Vendrame pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: b81bc934 by Morgan at 2024-09-03T10:06:30+02:00 Bug 41213: Update the update_manual.py script to notify when no changes needed - - - - - 00df8db4 by Pier Angelo Vendrame at 2024-09-03T10:06:32+02:00 Bug 41208, 41209: Tor, Mullvad Browser 13.5.3 release preparation. Also, disable the check for Go updates in our release preparation script, as the Go version we use is EOL. - - - - - 12 changed files: - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/allowed_addons.json - projects/browser/config - projects/firefox/config - projects/geckoview/config - projects/go/config - projects/manual/config - projects/translation/config - rbm.conf - tools/relprep.py - tools/update_manual.py Changes: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -1,3 +1,81 @@ +Mullvad Browser 13.5.3 - September 03 2024 + * All Platforms + * Updated Firefox to 115.15.0esr + * Updated NoScript to 11.4.35 + * Bug 332: Rebase Mullvad Browser Stable onto 115.15.0esr [mullvad-browser] + * Bug 40056: Ensure that the lazy loading attribute is ignored on script-disabled documents [tor-browser] + * Bug 42686: Backport Mozilla 1885101 [tor-browser] + * Bug 42829: Prevent CSS-based scriptless interaction tracking [tor-browser] + * Bug 43100: Backport security fixes from Firefox 130 [tor-browser] + * Linux + * Bug 43064: Make copy/paste and drag/drop file filtering more specific [tor-browser] + * Build System + * All Platforms + * Bug 41218: Use new Tor Browser gpg subkey for signing stable releases [tor-browser-build] + * Bug 41222: link_old_mar_filenames still referenced in torbrowser-incrementals-{release,alpha}-unsigned [tor-browser-build] + +Mullvad Browser 14.0a3 - August 26 2024 + * All Platforms + * Updated Firefox to 128.2.0esr + * Bug 333: Rebase Mullvad Browser Alpha onto 128.2.0esr [mullvad-browser] + * Bug 40056: Ensure that the lazy loading attribute is ignored on script-disabled documents [tor-browser] + * Bug 41817: Add more color aliases that take dark mode into account [tor-browser] + * Bug 42603: Remove safebrowsing URLs [tor-browser] + * Bug 42611: Set clipboard.imageAsFile.enabled to false [tor-browser] + * Bug 42646: Drop patch for tor-browser#40166 [tor-browser] + * Bug 42665: Drop "Learn More" spacing [tor-browser] + * Linux + * Bug 43064: Make copy/paste and drag/drop file filtering more specific [tor-browser] + * Build System + * All Platforms + * Bug 41013: Add a README to each project [tor-browser-build] + * Bug 41222: link_old_mar_filenames still referenced in torbrowser-incrementals-{release,alpha}-unsigned [tor-browser-build] + +Mullvad Browser 14.0a2 - August 16 2024 + * All Platforms + * Updated Firefox to 128.1.0esr + * Updated NoScript to 11.4.34 + * Updated uBlock Origin to 1.59.0 + * Bug 326: Rebase Mullvad Browser Alpha onto 128.1.0esr [mullvad-browser] + * Bug 42596: Several console errors: Console.maxLogLevelPref used with a non-existing pref: [tor-browser] + * Bug 42641: Move from panel-footer class to moz-button-group [tor-browser] + * Bug 42644: toolbar rules in panelUI-shared.css are unneccessary [tor-browser] + * Bug 42667: Add description-deemphasized class to our additions to about:preferences [tor-browser] + * Bug 42679: Use a more robust approach to hide the "tracking protection" urlbar button [tor-browser] + * Bug 42699: Drop level="top" attribute from panels [tor-browser] + * Bug 42704: Drop the badged="true" attribute from security level button [tor-browser] + * Bug 42705: Update our preferences to account for new line height [tor-browser] + * Bug 42762: Review Mozilla 1498512: Enable by default setSinkId pref [tor-browser] + * Bug 42788: Review Mozilla 1828606: Add Recently Closed tabs to its own page [tor-browser] + * Bug 42789: Review Mozilla 1830157: Add new telemetry probe to determine how often an extension process had to be... [tor-browser] + * Bug 42792: Review Mozilla 1837097: Implement "Show less frequently" behavior for Pocket suggestions [tor-browser] + * Bug 42810: Review Mozilla 1840584: Support autofilling `first name` and `last name` field in a credit card form [tor-browser] + * Bug 42814: Opt out from Firefox relay by default. [tor-browser] + * Bug 42818: Review Mozilla 1841295: Update PocketSuggestions for the final suggestions schema [tor-browser] + * Bug 42835: Filter data transfers containing files [tor-browser] + * Bug 42846: Review Mozilla 1841995: Enable Credit Card Autofill in ES and IT in nightly [tor-browser] + * Bug 42847: Review Mozilla 1841996: Enable Credit Card Autofill in AT, BE, and PL in nightly [tor-browser] + * Bug 42848: Review Mozilla 1841998: Enable Credit Card Autofill for ES,IT,AT,BE and PL locales in release. r=dimi... [tor-browser] + * Bug 42855: Review Mozilla 1843130: Pocket newtab use new recs api for locale list config if new api pref is set [tor-browser] + * Bug 42862: Review Mozilla 1845428: Instrument Translations Panel With Telemetry [tor-browser] + * Bug 42863: Review Mozilla 1847150: Add more TranslationsTelemetry event keys for panel open r=gregtatum, a=dsmith [tor-browser] + * Bug 42864: Review Mozilla 1848845: Pocket newtab migrate existing markets to new API. r=gvn a=RyanVM [tor-browser] + * Bug 42872: Disable translations until audited and solved the UX problems [tor-browser] + * Bug 42886: Review Mozilla 1848048: Add a result menu to disable trending results. r=dao,fluent-reviewers,setting... [tor-browser] + * Bug 42996: Review Mozilla 1517786: Implement and ship CanvasRenderingContext2D.getContextAttributes() [tor-browser] + * Windows + macOS + * Bug 42774: Review Mozilla 1848815: Add a user-facing setting to enable enterprise roots import, and enable it by default [tor-browser] + * Bug 43021: Revert the OS deprecation notification introduced in #42347 [tor-browser] + * Windows + * Bug 43051: windows: remove UI for "open Tor Browser automatically when computer starts" [tor-browser] + * Build System + * All Platforms + * Bug 42799: Do not run lint pipelines on new tag [tor-browser] + * Bug 41204: NoScript isn't added automatically to Mullvad Browser changelogs [tor-browser-build] + * Windows + * Bug 41185: Drop Windows 7 support for 14.0 from build tools [tor-browser-build] + * Bug 41201: Bump the Windows version checked by the installer [tor-browser-build] + Mullvad Browser 13.5.2 - August 06 2024 * All Platforms * Updated Firefox to 115.14.0esr ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,163 @@ +Tor Browser 13.5.3 - September 03 2024 + * All Platforms + * Updated NoScript to 11.4.35 + * Bug 40056: Ensure that the lazy loading attribute is ignored on script-disabled documents [tor-browser] + * Bug 42686: Backport Mozilla 1885101 [tor-browser] + * Bug 42829: Prevent CSS-based scriptless interaction tracking [tor-browser] + * Bug 43084: Rebase Tor Browser Stable onto 115.15.0esr [tor-browser] + * Bug 43100: Backport security fixes from Firefox 130 [tor-browser] + * Bug 41207: Upgrade lyrebird to 0.3.0 [tor-browser-build] + * Windows + macOS + Linux + * Updated Firefox to 115.15.0esr + * Bug 42596: Several console errors: Console.maxLogLevelPref used with a non-existing pref: [tor-browser] + * Bug 42622: Offline state is unreachable in about:torconnect (first bootstrap attempt) [tor-browser] + * Bug 42642: Downloads button warning no longer announced on Orca [tor-browser] + * Bug 42661: Re-run update_emojis.py and update locales [tor-browser] + * Bug 42691: Simplified bridge cards prevent censored users from modifying built-in bridges [tor-browser] + * Bug 42696: Update `mail` icon used in "Find more bridges" [tor-browser] + * Bug 42697: Remove padding to left of `tor-bridges-provider-list` under "Find more bridges" [tor-browser] + * Bug 43059: Drag and Drop issue in new update 13.5.2 [tor-browser] + * Bug 43066: about:torconnect no longer changes the title icon on errors [tor-browser] + * Linux + * Bug 43064: Make copy/paste and drag/drop file filtering more specific [tor-browser] + * Android + * Updated GeckoView to 115.15.0esr + * Build System + * All Platforms + * Updated Go to 1.21.13 + * Bug 41213: Update the update_manual.py script to notify when no changes needed [tor-browser-build] + * Bug 41218: Use new Tor Browser gpg subkey for signing stable releases [tor-browser-build] + * Bug 41222: link_old_mar_filenames still referenced in torbrowser-incrementals-{release,alpha}-unsigned [tor-browser-build] + * Android + * Bug 41206: GeckoView ignores the number of processors [tor-browser-build] + +Tor Browser 14.0a3 - August 26 2024 + * All Platforms + * Bug 40056: Ensure that the lazy loading attribute is ignored on script-disabled documents [tor-browser] + * Bug 42611: Set clipboard.imageAsFile.enabled to false [tor-browser] + * Bug 42646: Drop patch for tor-browser#40166 [tor-browser] + * Bug 42830: Enable WebAudio APIs [tor-browser] + * Bug 43012: Mixed content: browser requests HTTPS images from onion domain accessed via HTTP [tor-browser] + * Bug 43013: security.mixed_content.upgrade_display_content.image is true by default [tor-browser] + * Bug 43074: Pass the browser to TorDomainIsolator.newCircuitForBrowser [tor-browser] + * Bug 43085: Rebase Tor Browser Alpha onto 128.2.0esr [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 128.2.0esr + * Bug 41811: Primary buttons that result in a connection attempt should be purple [tor-browser] + * Bug 41817: Add more color aliases that take dark mode into account [tor-browser] + * Bug 41820: Downloads warning styling improvements (use moz-message-bar) [tor-browser] + * Bug 42212: Fluent migration: onion services [tor-browser] + * Bug 42603: Remove safebrowsing URLs [tor-browser] + * Bug 42665: Drop "Learn More" spacing [tor-browser] + * Bug 43059: Drag and Drop issue in new update 13.5.2 [tor-browser] + * Bug 43066: about:torconnect no longer changes the title icon on errors [tor-browser] + * Bug 43067: Use html:link rather than xml-stylesheet in our dialogs [tor-browser] + * Bug 43071: Make sure "tor-button" elements that are also "primary" still use the tor colors [tor-browser] + * Bug 43081: Remove hard-coded CSS `line-height` [tor-browser] + * Linux + * Bug 43064: Make copy/paste and drag/drop file filtering more specific [tor-browser] + * Android + * Updated GeckoView to 128.2.0esr + * Bug 42386: Remove unused assets to reduce APK size [tor-browser] + * Bug 42590: “Tor browser” text in top left of home fragment/new tab view gets cut off with larger text sizes [tor-browser] + * Bug 43078: Disable Sharing Links to TBA [tor-browser] + * Bug 41223: Tor Browser Alpha version not displayed correctly [tor-browser-build] + * Build System + * All Platforms + * Bug 41013: Add a README to each project [tor-browser-build] + * Bug 41198: Update release-prep issue template to include notifiying anti-censorship team of package name changes for GetTor distributor [tor-browser-build] + * Bug 41222: link_old_mar_filenames still referenced in torbrowser-incrementals-{release,alpha}-unsigned [tor-browser-build] + * Android + * Bug 42480: Use translation CI in android [tor-browser] + +Tor Browser 14.0a2 - August 19 2024 + * All Platforms + * Updated NoScript to 11.4.34 + * Bug 42759: CI: remove localization file names that are in neither 14.0 nor 13.5 branches [tor-browser] + * Bug 42762: Review Mozilla 1498512: Enable by default setSinkId pref [tor-browser] + * Bug 42788: Review Mozilla 1828606: Add Recently Closed tabs to its own page [tor-browser] + * Bug 42789: Review Mozilla 1830157: Add new telemetry probe to determine how often an extension process had to be... [tor-browser] + * Bug 42792: Review Mozilla 1837097: Implement "Show less frequently" behavior for Pocket suggestions [tor-browser] + * Bug 42810: Review Mozilla 1840584: Support autofilling `first name` and `last name` field in a credit card form [tor-browser] + * Bug 42814: Opt out from Firefox relay by default. [tor-browser] + * Bug 42818: Review Mozilla 1841295: Update PocketSuggestions for the final suggestions schema [tor-browser] + * Bug 42835: Filter data transfers containing files [tor-browser] + * Bug 42846: Review Mozilla 1841995: Enable Credit Card Autofill in ES and IT in nightly [tor-browser] + * Bug 42847: Review Mozilla 1841996: Enable Credit Card Autofill in AT, BE, and PL in nightly [tor-browser] + * Bug 42848: Review Mozilla 1841998: Enable Credit Card Autofill for ES,IT,AT,BE and PL locales in release. r=dimi... [tor-browser] + * Bug 42886: Review Mozilla 1848048: Add a result menu to disable trending results. r=dao,fluent-reviewers,setting... [tor-browser] + * Bug 42996: Review Mozilla 1517786: Implement and ship CanvasRenderingContext2D.getContextAttributes() [tor-browser] + * Bug 42999: Rebase Tor Browser Alpha onto 128.1.0esr [tor-browser] + * Bug 43011: Ship only one copy of the MIT license, like upstream. [tor-browser] + * Bug 41207: Upgrade lyrebird to 0.3.0 [tor-browser-build] + * Windows + macOS + Linux + * Updated Firefox to 128.1.0esr + * Bug 42488: ESR 128: Remove role="code" from tor circuit panel [tor-browser] + * Bug 42596: Several console errors: Console.maxLogLevelPref used with a non-existing pref: [tor-browser] + * Bug 42612: Re-implement moz-toggle customizations for ESR 128 [tor-browser] + * Bug 42622: Offline state is unreachable in about:torconnect (first bootstrap attempt) [tor-browser] + * Bug 42629: Tweak `isOnNewTabPage` patch [tor-browser] + * Bug 42641: Move from panel-footer class to moz-button-group [tor-browser] + * Bug 42642: Downloads button warning no longer announced on Orca [tor-browser] + * Bug 42643: downloads panel separator has mismatched margin [tor-browser] + * Bug 42644: toolbar rules in panelUI-shared.css are unneccessary [tor-browser] + * Bug 42661: Re-run update_emojis.py and update locales [tor-browser] + * Bug 42662: Use data-hidden-from-search for hiding the firefox connection settings [tor-browser] + * Bug 42663: Tor Browser "Connection" settings missing a tooltip [tor-browser] + * Bug 42667: Add description-deemphasized class to our additions to about:preferences [tor-browser] + * Bug 42679: Use a more robust approach to hide the "tracking protection" urlbar button [tor-browser] + * Bug 42691: Simplified bridge cards prevent censored users from modifying built-in bridges [tor-browser] + * Bug 42695: Use `--arrowpanel-` variables for tor circuit panel spacing [tor-browser] + * Bug 42696: Update `mail` icon used in "Find more bridges" [tor-browser] + * Bug 42697: Remove padding to left of `tor-bridges-provider-list` under "Find more bridges" [tor-browser] + * Bug 42699: Drop level="top" attribute from panels [tor-browser] + * Bug 42700: Remove !nodes condition from gTorCircuitPanel._updateCurrentBrowser [tor-browser] + * Bug 42704: Drop the badged="true" attribute from security level button [tor-browser] + * Bug 42705: Update our preferences to account for new line height [tor-browser] + * Bug 42713: Some --in-content CSS variables were renamed/removed [tor-browser] + * Bug 42806: Use the `lh` CSS unit [tor-browser] + * Bug 42855: Review Mozilla 1843130: Pocket newtab use new recs api for locale list config if new api pref is set [tor-browser] + * Bug 42862: Review Mozilla 1845428: Instrument Translations Panel With Telemetry [tor-browser] + * Bug 42863: Review Mozilla 1847150: Add more TranslationsTelemetry event keys for panel open r=gregtatum, a=dsmith [tor-browser] + * Bug 42864: Review Mozilla 1848845: Pocket newtab migrate existing markets to new API. r=gvn a=RyanVM [tor-browser] + * Bug 42872: Disable translations until audited and solved the UX problems [tor-browser] + * Windows + macOS + * Bug 42774: Review Mozilla 1848815: Add a user-facing setting to enable enterprise roots import, and enable it by default [tor-browser] + * Bug 43021: Revert the OS deprecation notification introduced in #42347 [tor-browser] + * Windows + * Bug 43051: windows: remove UI for "open Tor Browser automatically when computer starts" [tor-browser] + * Android + * Updated GeckoView to 128.1.0esr + * Bug 43048: Firefox logo on splash [tor-browser] + * Bug 43050: Center text in connect buttons [tor-browser] + * Bug 43057: fenix/.../search/list.json failing linting [tor-browser] + * Build System + * All Platforms + * Updated Go to 1.23.0 + * Bug 42799: Do not run lint pipelines on new tag [tor-browser] + * Bug 43014: Add purgecaches to the dev build [tor-browser] + * Bug 41203: Tor Blog generation script uses the wrong url scheme for alpha releases [tor-browser-build] + * Bug 41213: Update the update_manual.py script to notify when no changes needed [tor-browser-build] + * Windows + macOS + Linux + * Bug 42668: Drop torconnect rule in eslint-plugin-mozilla [tor-browser] + * Windows + * Bug 41185: Drop Windows 7 support for 14.0 from build tools [tor-browser-build] + * Bug 41201: Bump the Windows version checked by the installer [tor-browser-build] + * macOS + * Bug 41202: 14.0a1 fails to run on macOS because of invalid signature [tor-browser-build] + * Android + * Bug 40544: Bump Java 8 version to something more recent [tor-browser-build] + * Bug 41123: Drop the firefox-android project [tor-browser-build] + * Bug 41171: Switch Android containers to Debian bookworm [tor-browser-build] + * Bug 41172: Refactor the android-toolchain project [tor-browser-build] + * Bug 41178: Force IPv4 when downloading in fix_gradle_deps.py [tor-browser-build] + * Bug 41200: Remove allowed_addons.json and the related tools [tor-browser-build] + * Bug 41206: GeckoView ignores the number of processors [tor-browser-build] + * Bug 41210: Use tor-expert-bundle-aar in geckoview/build_apk [tor-browser-build] + * Bug 41211: The Android license file is not deterministic anymore [tor-browser-build] + * Bug 41214: Update geckoview/config to be more like firefox/config [tor-browser-build] + * Bug 41217: Update realprep.py script to handle Firefox 128-based Tor Browser Android [tor-browser-build] + Tor Browser 13.5.2 - August 06 2024 * All Platforms * Updated NoScript to 11.4.31 ===================================== projects/browser/allowed_addons.json ===================================== @@ -17,7 +17,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/34/9734/13299734/13299734.pn…" } ], - "average_daily_users": 1062942, + "average_daily_users": 1140698, "categories": { "firefox": [ "web-development", @@ -28,7 +28,7 @@ "contributions_url": "https://opencollective.com/darkreader?utm_content=product-page-contribute&u…", "created": "2017-09-19T07:03:00Z", "current_version": { - "id": 5773678, + "id": 5796944, "compatibility": { "firefox": { "min": "78.0", @@ -39,7 +39,7 @@ "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/darkreader/versions/57736…", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/darkreader/versions/57969…", "is_strict_compatibility_enabled": false, "license": { "id": 22, @@ -50,22 +50,22 @@ "url": "http://www.opensource.org/license/mit" }, "release_notes": { - "en-US": "- Fixed breaking browser panels.\n- Users' fixes for websites." + "en-US": "- Removed www part from website URLs.\n- Fixed colors for static site fixes.\n- Apply ignored image selectors for gradients.\n- Users' fixes for websites." }, - "reviewed": "2024-07-16T11:27:36Z", - "version": "4.9.88", + "reviewed": "2024-08-27T12:16:01Z", + "version": "4.9.89", "files": [ { - "id": 4317971, - "created": "2024-07-11T15:11:33Z", - "hash": "sha256:7a965d5880be9fbf8be81a106acd1968263b1acc2db0add580b30f2dd71954b3", + "id": 4341235, + "created": "2024-08-23T02:07:01Z", + "hash": "sha256:f4a5b4d5966d99cc68b31a9d2072cdb6388efefa9d45746f03d76e3c897c49be", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 760271, + "size": 764773, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4317971/darkreader-4.9.88…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4341235/darkreader-4.9.89…", "permissions": [ "alarms", "contextMenus", @@ -143,7 +143,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2024-07-16T11:27:36Z", + "last_updated": "2024-08-27T12:16:01Z", "name": { "ar": "Dark Reader", "bn": "Dark Reader", @@ -218,10 +218,10 @@ "category": "recommended" }, "ratings": { - "average": 4.5269, - "bayesian_average": 4.525815223921681, - "count": 5739, - "text_count": 1804 + "average": 4.5268, + "bayesian_average": 4.5257181938569415, + "count": 5794, + "text_count": 1817 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/reviews/", "requires_payment": false, @@ -318,7 +318,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/versions/", - "weekly_downloads": 25548 + "weekly_downloads": 28794 }, "notes": null }, @@ -334,7 +334,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/56/7656/6937656/6937656.png?…" } ], - "average_daily_users": 230082, + "average_daily_users": 244616, "categories": { "firefox": [ "privacy-security" @@ -547,10 +547,10 @@ "category": "recommended" }, "ratings": { - "average": 4.7949, - "bayesian_average": 4.790282607671637, - "count": 1443, - "text_count": 261 + "average": 4.7952, + "bayesian_average": 4.790572428009504, + "count": 1450, + "text_count": 262 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/reviews/", "requires_payment": false, @@ -635,7 +635,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/versions/", - "weekly_downloads": 2877 + "weekly_downloads": 3185 }, "notes": null }, @@ -651,7 +651,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/73/4073/5474073/5474073.png?…" } ], - "average_daily_users": 1136011, + "average_daily_users": 1207093, "categories": { "firefox": [ "privacy-security" @@ -1170,10 +1170,10 @@ "category": "recommended" }, "ratings": { - "average": 4.802, - "bayesian_average": 4.799309951845924, - "count": 2485, - "text_count": 468 + "average": 4.803, + "bayesian_average": 4.800307318873676, + "count": 2498, + "text_count": 472 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/reviews/", "requires_payment": false, @@ -1197,7 +1197,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/versions/", - "weekly_downloads": 24264 + "weekly_downloads": 25580 }, "notes": null }, @@ -1213,7 +1213,7 @@ "picture_url": null } ], - "average_daily_users": 7289146, + "average_daily_users": 7837121, "categories": { "firefox": [ "privacy-security" @@ -1378,7 +1378,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2024-08-04T00:20:19Z", + "last_updated": "2024-09-02T23:55:23Z", "name": { "ar": "uBlock Origin", "bg": "uBlock Origin", @@ -1523,10 +1523,10 @@ "category": "recommended" }, "ratings": { - "average": 4.7899, - "bayesian_average": 4.789532490230483, - "count": 18145, - "text_count": 4731 + "average": 4.7904, + "bayesian_average": 4.7900338967513205, + "count": 18333, + "text_count": 4783 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/reviews/", "requires_payment": false, @@ -1589,7 +1589,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/versions/", - "weekly_downloads": 181340 + "weekly_downloads": 193211 }, "notes": null }, @@ -1605,7 +1605,7 @@ "picture_url": null } ], - "average_daily_users": 139258, + "average_daily_users": 167408, "categories": { "firefox": [ "photos-music-videos", @@ -1701,9 +1701,9 @@ "category": "recommended" }, "ratings": { - "average": 4.4534, - "bayesian_average": 4.448586650864945, - "count": 1266, + "average": 4.4543, + "bayesian_average": 4.449467320720743, + "count": 1270, "text_count": 492 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/re…", @@ -1726,7 +1726,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/ve…", - "weekly_downloads": 298 + "weekly_downloads": 384 }, "notes": null }, @@ -1742,7 +1742,7 @@ "picture_url": null } ], - "average_daily_users": 59459, + "average_daily_users": 61260, "categories": { "firefox": [ "privacy-security", @@ -1852,9 +1852,9 @@ ], "promoted": null, "ratings": { - "average": 4.3842, - "bayesian_average": 4.369517578761636, - "count": 406, + "average": 4.3857, + "bayesian_average": 4.370975076736403, + "count": 407, "text_count": 115 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/reviews/", @@ -1877,7 +1877,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/versions/", - "weekly_downloads": 753 + "weekly_downloads": 347 }, "notes": null }, @@ -1893,7 +1893,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/64/9064/12929064/12929064.pn…" } ], - "average_daily_users": 326393, + "average_daily_users": 347042, "categories": { "firefox": [ "search-tools", @@ -2110,10 +2110,10 @@ "category": "recommended" }, "ratings": { - "average": 4.6219, - "bayesian_average": 4.6176979770105095, - "count": 1518, - "text_count": 304 + "average": 4.6212, + "bayesian_average": 4.617005841441428, + "count": 1531, + "text_count": 306 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/reviews/", "requires_payment": false, @@ -2136,7 +2136,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/versions/", - "weekly_downloads": 5989 + "weekly_downloads": 6345 }, "notes": null }, @@ -2159,7 +2159,7 @@ "picture_url": null } ], - "average_daily_users": 96492, + "average_daily_users": 112925, "categories": { "firefox": [ "search-tools", @@ -2440,10 +2440,10 @@ "category": "recommended" }, "ratings": { - "average": 4.3832, - "bayesian_average": 4.378875614124495, - "count": 1383, - "text_count": 388 + "average": 4.3856, + "bayesian_average": 4.381265145234359, + "count": 1390, + "text_count": 391 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/reviews/", "requires_payment": false, @@ -2463,7 +2463,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/versions/", - "weekly_downloads": 20 + "weekly_downloads": 28 }, "notes": null }, @@ -2479,7 +2479,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/43/0143/143/143.png?modified…" } ], - "average_daily_users": 267004, + "average_daily_users": 278811, "categories": { "firefox": [ "privacy-security", @@ -2489,7 +2489,7 @@ "contributions_url": "https://www.paypal.com/donate/?hosted_button_id=9ERKTU5MBH4EW&utm_content=p…", "created": "2005-05-13T10:51:32Z", "current_version": { - "id": 5776342, + "id": 5799020, "compatibility": { "firefox": { "min": "59.0", @@ -2500,7 +2500,7 @@ "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/noscript/versions/5776342", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/noscript/versions/5799020", "is_strict_compatibility_enabled": false, "license": { "id": 13, @@ -2511,22 +2511,22 @@ "url": "http://www.gnu.org/licenses/gpl-2.0.html" }, "release_notes": { - "en-US": "v 11.4.31\n============================================================\nx [L10n] Updated fr, is, ru, zh_CN\nx Improved release tooling\nx [nscl] Updated to latest NoScript Commons Library\nx NoScript Options/Appearance/Show synthetic placeholders\n for invisible capability probes (issue #369)\nx [nscl] Make placeholders easier to style per type\nx Prevent duplicate synthetic placeholders for invisible\n capability probes (issue #369)" + "en-US": "v 11.4.35\n============================================================\nx Improved lazy_load capability (optimization and\n notification)\nx [nscl] Slight optimization of NOSCRIPT element emulation\n loop\nx Automatically add extra capabilities to policyTypesMap\nx Gracefully handle new capabilities still unknown to the\n settings host (e.g. Tor/Mullvad browser), if any\nx Configurable \"lazy_load\" capability (see\n <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/b3e6aa3e27d1f746591f0a…" rel=\"nofollow\">https://github.com/whatwg/html/issues/5250</a>)\nx Prefetch all CSS subresources (1st party included) in\n private contexts where both unchecked_css and scripting\n capabilities are disabled\nx Forcibly neutralize lazy loading attributes when scripting\n is disabled\nx [nscl] Restored SyncMessage compatibility with Firefox 78\n and below\nx Lock nscl version on stable releases\nx [L10n] Updated de, fr, tr, ru, uk, zh_CN" }, - "reviewed": "2024-07-18T11:49:53Z", - "version": "11.4.31", + "reviewed": "2024-08-28T15:03:34Z", + "version": "11.4.35", "files": [ { - "id": 4320635, - "created": "2024-07-16T10:04:58Z", - "hash": "sha256:b22c007534471a8fb74378e970ba79a536a44f88d81ad3852273b82a466d10c7", + "id": 4343311, + "created": "2024-08-26T22:32:41Z", + "hash": "sha256:a448e4c2e0eb7ca5fb1b6d3189bc586b91a7ee6facecdd0424f1bfbf2b3016fb", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 954922, + "size": 956549, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4320635/noscript-11.4.31.…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4343311/noscript-11.4.35.…", "permissions": [ "contextMenus", "storage", @@ -2593,7 +2593,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2024-08-03T21:50:17Z", + "last_updated": "2024-08-28T15:03:34Z", "name": { "de": "NoScript", "el": "NoScript", @@ -2665,10 +2665,10 @@ "category": "recommended" }, "ratings": { - "average": 4.3984, - "bayesian_average": 4.39573419526929, - "count": 2254, - "text_count": 864 + "average": 4.4063, + "bayesian_average": 4.4036255442284284, + "count": 2267, + "text_count": 865 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/reviews/", "requires_payment": false, @@ -2712,7 +2712,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/", - "weekly_downloads": 7147 + "weekly_downloads": 8229 }, "notes": null }, @@ -2728,7 +2728,7 @@ "picture_url": null } ], - "average_daily_users": 133156, + "average_daily_users": 151659, "categories": { "firefox": [ "photos-music-videos", @@ -2739,7 +2739,7 @@ "contributions_url": "", "created": "2011-07-15T10:42:41Z", "current_version": { - "id": 5625141, + "id": 5800440, "compatibility": { "firefox": { "min": "113.0", @@ -2750,7 +2750,7 @@ "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/youtube-high-definition/v…", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/youtube-high-definition/v…", "is_strict_compatibility_enabled": false, "license": { "id": 12, @@ -2761,25 +2761,26 @@ "url": "http://www.gnu.org/licenses/lgpl-3.0.html" }, "release_notes": { - "en-US": "Manifest v3 Support" + "en-US": "Manifest V3 Support" }, - "reviewed": "2023-09-21T07:50:10Z", - "version": "118.0.5", + "reviewed": "2024-09-02T15:21:14Z", + "version": "118.0.9", "files": [ { - "id": 4169481, - "created": "2023-09-18T12:22:43Z", - "hash": "sha256:66d24520820ea01056219751f4c42bf49cb7c0a295eb53e63cf28d603ea42d50", + "id": 4344731, + "created": "2024-08-29T15:35:24Z", + "hash": "sha256:99195aac88a26aa194ace2f0075d9b4e7710ac3f0c700d18ad3db57b656ee517", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 216452, + "size": 216788, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4169481/youtube_high_defi…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4344731/youtube_high_defi…", "permissions": [ "storage", - "*://*.youtube.com/*" + "*://*.youtube.com/*", + "*://*.youtube-nocookie.com/*" ], "optional_permissions": [], "host_permissions": [ @@ -2808,7 +2809,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-09-21T07:50:10Z", + "last_updated": "2024-09-02T15:21:14Z", "name": { "en-US": "YouTube High Definition", "zh-TW": "YouTube High Definition" @@ -2837,10 +2838,10 @@ "category": "recommended" }, "ratings": { - "average": 3.8445, - "bayesian_average": 3.8405068135224973, - "count": 1273, - "text_count": 461 + "average": 3.8397, + "bayesian_average": 3.835705118967834, + "count": 1279, + "text_count": 462 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/revi…", "requires_payment": false, @@ -2859,7 +2860,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/vers…", - "weekly_downloads": 1652 + "weekly_downloads": 2616 }, "notes": null } ===================================== projects/browser/config ===================================== @@ -104,9 +104,9 @@ input_files: enable: '[% ! c("var/android") %]' - filename: Bundle-Data enable: '[% ! c("var/android") %]' - - URL: https://addons.mozilla.org/firefox/downloads/file/4320635/noscript-11.4.31.… + - URL: https://addons.mozilla.org/firefox/downloads/file/4343311/noscript-11.4.35.… name: noscript - sha256sum: b22c007534471a8fb74378e970ba79a536a44f88d81ad3852273b82a466d10c7 + sha256sum: a448e4c2e0eb7ca5fb1b6d3189bc586b91a7ee6facecdd0424f1bfbf2b3016fb - URL: https://addons.mozilla.org/firefox/downloads/file/4328681/ublock_origin-1.5… name: ublock-origin sha256sum: 1db9c676a07d141f8d36dbbc24f9e3d64a6cc2340dbfc6c848bc4395f96cfb14 ===================================== projects/firefox/config ===================================== @@ -14,12 +14,12 @@ container: use_container: 1 var: - firefox_platform_version: 115.14.0 + firefox_platform_version: 115.15.0 firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '13.5' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 2 + browser_build: 3 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' @@ -103,6 +103,7 @@ targets: mullvadbrowser: git_url: https://gitlab.torproject.org/tpo/applications/mullvad-browser.git var: + browser_build: 2 branding_directory_prefix: 'mb' gitlab_project: https://gitlab.torproject.org/tpo/applications/mullvad-browser updater_url: 'https://cdn.mullvad.net/browser/update_responses/update_1/' ===================================== projects/geckoview/config ===================================== @@ -14,9 +14,9 @@ container: use_container: 1 var: - geckoview_version: 115.14.0esr + geckoview_version: 115.15.0esr browser_branch: 13.5-1 - browser_build: 2 + browser_build: 3 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' ===================================== projects/go/config ===================================== @@ -7,7 +7,7 @@ container: var: use_go_1_20: 0 - go_1_21: 1.21.12 + go_1_21: 1.21.13 go_1_20: 1.20.14 no_crosscompile: 1 setup: | @@ -131,7 +131,7 @@ input_files: enable: '[% ! c("var/linux") %]' - URL: 'https://go.dev/dl/go[% c("var/go_1_21") %].src.tar.gz' name: go - sha256sum: 30e68af27bc1f1df231e3ab74f3d17d3b8d52a089c79bcaab573b4f1b807ed4f + sha256sum: 71fb31606a1de48d129d591e8717a63e0c5565ffba09a24ea9f899a13214c34d enable: '[% !c("var/use_go_1_20") %]' - URL: 'https://go.dev/dl/go[% c("var/go_1_20") %].src.tar.gz' name: go ===================================== projects/manual/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 # To update, see doc/how-to-update-the-manual.txt # Remember to update also the package's hash, with the version! -version: 186657 +version: 199081 filename: 'manual-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -23,6 +23,6 @@ input_files: - project: container-image - URL: 'https://build-sources.tbb.torproject.org/manual_[% c("version") %].zip' name: manual - sha256sum: c73bb6c97eebe22947b0e9e076838e3c4994da24f3e6e16b7621831afd2006a8 + sha256sum: 12507ba43e5e4a4c4eb8e276f11c9d693d1e0fc4715753c87cd7166649c0da6b - filename: packagemanual.py name: package_script ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: 64b325861da514cd681533dcd368b351d2eb5f6c + git_hash: daed2afc487d1b20efc17feb153156524c6f714b targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: 36af545865b83e790019195095544d9eec133a49 + git_hash: 6374e3b09c0894b8452fa1ba0b99c807722fc805 targets: nightly: git_hash: 'tor-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: f00df5aeab6ef1bc592c6798db46ba6083283d00 + git_hash: f1585565f1635f18ab20a2fbdea4fdd72aa6c533 compress_tar: 'zst' targets: nightly: ===================================== rbm.conf ===================================== @@ -73,18 +73,18 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '13.5.2' + torbrowser_version: '13.5.3' torbrowser_build: 'build1' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. - browser_release_date: '2024/08/05 09:00:00' + browser_release_date: '2024/09/03 07:30:00' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: + - 13.5.2 - 13.5.1 - '13.5' - - 13.0.16 mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' # By default, we sort the list of installed packages. This allows sharing ===================================== tools/relprep.py ===================================== @@ -139,7 +139,9 @@ class ReleasePreparation: self.update_zlib() if self.android: self.update_zstd() - self.update_go() + # Do not update Go anymore: 1.21.x is not listed anymore in + # the download page as it is EOL as of August 13, 2024. + # self.update_go() self.update_manual() self.update_changelogs() ===================================== tools/update_manual.py ===================================== @@ -94,7 +94,8 @@ def update_manual(auth_token, base_path): return update_config(base_path, pipeline_id, sha256) - if __name__ == "__main__": if update_manual(load_token(), Path(__file__).parent.parent): print("Manual config updated, remember to stage it!") + else: + print("Manual already latest") View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.15.0esr-13.5-1-build3
by Pier Angelo Vendrame (＠pierov) 03 Sep '24

03 Sep '24

Pier Angelo Vendrame pushed new tag tor-browser-115.15.0esr-13.5-1-build3 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.15.0esr-13.5-1] 2 commits: Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in...
by Pier Angelo Vendrame (＠pierov) 03 Sep '24

03 Sep '24

Pier Angelo Vendrame pushed to branch tor-browser-115.15.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: b81d3724 by Anna Weine at 2024-09-03T09:11:27+02:00 Bug 1760806 - WebCrypto: ECDH and ECDSA JWK import to check that the crv in params and crv in alg are the same r=keeler https://treeherder.mozilla.org/jobs?repo=try&revision=ed7936b105dea8e58… Differential Revision: https://phabricator.services.mozilla.com/D217273 - - - - - 76781561 by Sam Foster at 2024-09-03T09:11:36+02:00 Bug 1909099 - Always clean up old session restore and sync log files. r=markh,sessionstore-reviewers,dao Differential Revision: https://phabricator.services.mozilla.com/D217520 - - - - - 5 changed files: - dom/crypto/WebCryptoTask.cpp - dom/crypto/test/test-vectors.js - dom/crypto/test/test_WebCrypto_ECDH.html - dom/crypto/test/test_WebCrypto_ECDSA.html - services/common/logmanager.sys.mjs Changes: ===================================== dom/crypto/WebCryptoTask.cpp ===================================== @@ -1777,7 +1777,8 @@ class ImportEcKeyTask : public ImportKeyTask { return; } - if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW)) { + if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_RAW) || + mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { RootedDictionary<EcKeyImportParams> params(aCx); mEarlyRv = Coerce(aCx, params, aAlgorithm); if (NS_FAILED(mEarlyRv) || !params.mNamedCurve.WasPassed()) { @@ -1882,11 +1883,21 @@ class ImportEcKeyTask : public ImportKeyTask { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } - // Extract 'crv' parameter from JWKs. + // Checking the 'crv' consistency if (mFormat.EqualsLiteral(WEBCRYPTO_KEY_FORMAT_JWK)) { - if (!NormalizeToken(mJwk.mCrv.Value(), mNamedCurve)) { + // the curve stated in 'crv field' + nsString namedCurveFromCrv; + if (!NormalizeToken(mJwk.mCrv.Value(), namedCurveFromCrv)) { return NS_ERROR_DOM_NOT_SUPPORTED_ERR; } + + // https://w3c.github.io/webcrypto/#ecdh-operations + // https://w3c.github.io/webcrypto/#ecdsa-operations + // If namedCurve is not equal to the namedCurve member of + // normalizedAlgorithm (mNamedCurve in our case), throw a DataError. + if (!mNamedCurve.Equals(namedCurveFromCrv)) { + return NS_ERROR_DOM_DATA_ERR; + } } return NS_OK; } ===================================== dom/crypto/test/test-vectors.js ===================================== @@ -901,6 +901,13 @@ let tv = { y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", }, + jwk_different_crv: { + kty: "EC", + crv: "P-521", + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + // The crv parameter is missing. jwk_missing_crv: { kty: "EC", @@ -1017,6 +1024,18 @@ let tv = { }, }, + // An ECDSA key in JWK format, which an "crv" field doesn't match the alg's crv. + ecdsa_jwk_crv_mismatch: { + pub_jwk: { + kty: "EC", + crv: "P-256", + alg: "ECDSA", + + x: "XOe4bjsyZgQD5jcS7wmY3q4QJ_rsPBvp92-TTf61jpg", + y: "9M8HWzlAXdHxresJAQftz7K0ljc52HZ54wVssFV9Ct8", + }, + }, + ecdsa_bad: { pub_jwk: { kty: "EC", ===================================== dom/crypto/test/test_WebCrypto_ECDH.html ===================================== @@ -152,12 +152,24 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDH import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-521"}; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -182,7 +194,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-384)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-384"}; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -207,7 +219,7 @@ TestArray.addTest( "JWK import an ECDH public and private key and derive bits (P-521)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-521" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -232,7 +244,7 @@ TestArray.addTest( "JWK import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve : "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } @@ -277,7 +289,7 @@ TestArray.addTest( "PKCS8 import/export roundtrip with ECDH (P-256)", function() { var that = this; - var alg = { name: "ECDH", namedCurve: "P-256" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; function doExportPriv(x) { return crypto.subtle.exportKey("pkcs8", x); @@ -296,7 +308,7 @@ TestArray.addTest( "Test that importing bad JWKs fails", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var tvs = tv.ecdh_p256_negative; function doTryImport(jwk) { @@ -306,6 +318,7 @@ TestArray.addTest( } doTryImport(tvs.jwk_bad_crv)() + .then(error(that), doTryImport(tvs.jwk_different_crv)) .then(error(that), doTryImport(tvs.jwk_missing_crv)) .then(error(that), doTryImport(tvs.jwk_missing_x)) .then(error(that), doTryImport(tvs.jwk_missing_y)) @@ -349,7 +362,7 @@ TestArray.addTest( "Derive an HMAC key from two ECDH keys and test sign/verify", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-521" }; var algDerived = { name: "HMAC", hash: {name: "SHA-1"} }; var pubKey, privKey; @@ -391,6 +404,28 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Derive an HKDF key from two ECDH keys and derive an HMAC key from that", + function() { + var that = this; + var alg = { name: "ECDH", namedCurve: "P-256" }; + + async function doTest() { + let privKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_priv, alg, false, ["deriveKey"]); + let pubKey = await crypto.subtle.importKey("jwk", tv.ecdh_p256.jwk_pub, alg, false, []); + let ecdhAlg = { name: "ECDH", public: pubKey }; + let hkdfAlg = { name: "HKDF", hash: "SHA-256", salt: new Uint8Array(), info: new Uint8Array() }; + let hkdfKey = await crypto.subtle.deriveKey(ecdhAlg, privKey, hkdfAlg, false, ["deriveKey"]); + let hmacAlg = { name: "HMAC", hash: "SHA-256" }; + let hmacKey = await crypto.subtle.deriveKey(hkdfAlg, hkdfKey, hmacAlg, false, ["sign"]); + return crypto.subtle.sign("HMAC", hmacKey, new Uint8Array()); + } + const expected = util.hex2abv("acf62832fa93469824cd997593bc963b28a68e6f73f4516bbe51b35942fe9811"); + doTest().then(memcmp_complete(that, expected), error(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "SPKI import/export of public ECDH keys (P-256)", @@ -433,7 +468,7 @@ TestArray.addTest( "SPKI/JWK import ECDH keys (P-256) and derive a known secret", function() { var that = this; - var alg = { name: "ECDH" }; + var alg = { name: "ECDH", namedCurve: "P-256" }; var pubKey, privKey; function setPub(x) { pubKey = x; } ===================================== dom/crypto/test/test_WebCrypto_ECDSA.html ===================================== @@ -91,7 +91,7 @@ TestArray.addTest( "ECDSA JWK import and reject a known-bad signature", function() { var that = this; - var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" }; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; function doVerify(x) { return crypto.subtle.verify(alg, x, tv.ecdsa_verify.sig_tampered, @@ -141,6 +141,18 @@ TestArray.addTest( } ); +// ----------------------------------------------------------------------------- +TestArray.addTest( + "Verify that ECDSA import fails with a key with a mismatched 'crv' field", + function() { + var that = this; + var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" }; + + crypto.subtle.importKey("jwk", tv.ecdsa_jwk_crv_mismatch.pub_jwk, alg, true, ["verify"]) + .then(error(that), complete(that)); + } +); + // ----------------------------------------------------------------------------- TestArray.addTest( "Verify that ECDSA import fails with a known-bad public key", ===================================== services/common/logmanager.sys.mjs ===================================== @@ -363,12 +363,7 @@ LogManager.prototype = { filename, this._log ); - // It's not completely clear to markh why we only do log cleanups - // for errors, but for now the Sync semantics have been copied... - // (one theory is that only cleaning up on error makes it less - // likely old error logs would be removed, but that's not true if - // there are occasional errors - let's address this later!) - if (reason == this.ERROR_LOG_WRITTEN && !this._cleaningUpFileLogs) { + if (!this._cleaningUpFileLogs) { this._log.trace("Running cleanup."); try { await this.cleanupLogs(); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/fdbe54… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/fdbe54… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 453f6361 by Pier Angelo Vendrame at 2024-09-03T04:24:19+00:00 fixup! Firefox preference overrides. Bug 40147: Re-enable Picture-in-Picture mode. Media capabilities are already protected by RFP. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -425,7 +425,6 @@ pref("dom.netinfo.enabled", false); pref("network.http.referer.defaultPolicy", 2); // Bug 32948: Make referer behavior consistent regardless of private browing mode status pref("network.http.referer.defaultPolicy.pbmode", 2); pref("network.http.referer.XOriginTrimmingPolicy", 2); // Bug 17228: Force trim referer to scheme+host+port in cross-origin requests -pref("media.videocontrols.picture-in-picture.enabled", false); // Bug 40148: disable until audited in #40147 // Bug 40463: Disable Windows SSO pref("network.http.windows-sso.enabled", false, locked); // tor-browser#40424 View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/453… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/453… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 59b4e929 by Pier Angelo Vendrame at 2024-09-03T04:21:15+00:00 fixup! Firefox preference overrides. Bug 40147: Re-enable Picture-in-Picture mode. Media capabilities are already protected by RFP. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -425,7 +425,6 @@ pref("dom.netinfo.enabled", false); pref("network.http.referer.defaultPolicy", 2); // Bug 32948: Make referer behavior consistent regardless of private browing mode status pref("network.http.referer.defaultPolicy.pbmode", 2); pref("network.http.referer.XOriginTrimmingPolicy", 2); // Bug 17228: Force trim referer to scheme+host+port in cross-origin requests -pref("media.videocontrols.picture-in-picture.enabled", false); // Bug 40148: disable until audited in #40147 // Bug 40463: Disable Windows SSO pref("network.http.windows-sso.enabled", false, locked); // tor-browser#40424 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/59b4e92… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/59b4e92… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by morgan (＠morgan) 03 Sep '24

03 Sep '24

morgan pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 7ec83a57 by Pier Angelo Vendrame at 2024-09-03T04:16:56+00:00 fixup! Firefox preference overrides. Bug 40147: Re-enable Picture-in-Picture mode. Media capabilities are already protected by RFP. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -425,7 +425,6 @@ pref("dom.netinfo.enabled", false); pref("network.http.referer.defaultPolicy", 2); // Bug 32948: Make referer behavior consistent regardless of private browing mode status pref("network.http.referer.defaultPolicy.pbmode", 2); pref("network.http.referer.XOriginTrimmingPolicy", 2); // Bug 17228: Force trim referer to scheme+host+port in cross-origin requests -pref("media.videocontrols.picture-in-picture.enabled", false); // Bug 40148: disable until audited in #40147 // Bug 40463: Disable Windows SSO pref("network.http.windows-sso.enabled", false, locked); // tor-browser#40424 View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7ec83a5… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7ec83a5… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 02 Sep '24

02 Sep '24

Pier Angelo Vendrame pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: d5811acf by Morgan at 2024-09-02T18:23:47+02:00 fixup! Firefox preference overrides. Bug 42735: Disable recent search suggestions; fix type in comment - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -171,7 +171,7 @@ pref("browser.urlbar.suggest.trending", false); pref("browser.urlbar.trending.featureGate", false); // tor-browser#42792: Explicitly turn off Pocket suggestions in the URL bar. pref("browser.urlbar.pocket.featureGate", false); -// tor-browser#41691: Hide "Firefox Suggets" in the UI +// tor-browser#41691: Hide "Firefox Suggest" in the UI pref("browser.urlbar.groupLabels.enabled", false); pref("browser.safebrowsing.malware.enabled", false); pref("browser.safebrowsing.phishing.enabled", false); @@ -187,6 +187,10 @@ pref("browser.safebrowsing.provider.mozilla.updateURL", ""); pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); pref("datareporting.healthreport.uploadEnabled", false); pref("datareporting.policy.dataSubmissionEnabled", false); +// tor-browser#42735: Disable recent search suggestions +pref("browser.urlbar.recentsearches.featureGate", false); +pref("browser.urlbar.suggest.recentsearches", false); + // Make sure Unified Telemetry is really disabled, see: #18738. pref("toolkit.telemetry.unified", false); // This needs to be locked, or nightly builds will automatically lock it to true View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d5811ac… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/d5811ac… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 02 Sep '24

02 Sep '24

Pier Angelo Vendrame pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 03170f93 by Morgan at 2024-09-02T18:24:00+02:00 fixup! Firefox preference overrides. Bug 42735: Disable recent search suggestions; fix type in comment - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -171,7 +171,7 @@ pref("browser.urlbar.suggest.trending", false); pref("browser.urlbar.trending.featureGate", false); // tor-browser#42792: Explicitly turn off Pocket suggestions in the URL bar. pref("browser.urlbar.pocket.featureGate", false); -// tor-browser#41691: Hide "Firefox Suggets" in the UI +// tor-browser#41691: Hide "Firefox Suggest" in the UI pref("browser.urlbar.groupLabels.enabled", false); pref("browser.safebrowsing.malware.enabled", false); pref("browser.safebrowsing.phishing.enabled", false); @@ -187,6 +187,10 @@ pref("browser.safebrowsing.provider.mozilla.updateURL", ""); pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); pref("datareporting.healthreport.uploadEnabled", false); pref("datareporting.policy.dataSubmissionEnabled", false); +// tor-browser#42735: Disable recent search suggestions +pref("browser.urlbar.recentsearches.featureGate", false); +pref("browser.urlbar.suggest.recentsearches", false); + // Make sure Unified Telemetry is really disabled, see: #18738. pref("toolkit.telemetry.unified", false); // This needs to be locked, or nightly builds will automatically lock it to true View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/031… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/031… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 02 Sep '24

02 Sep '24

Pier Angelo Vendrame pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: 44186d33 by Morgan at 2024-09-02T16:22:24+00:00 fixup! Firefox preference overrides. Bug 42735: Disable recent search suggestions; fix type in comment - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -171,7 +171,7 @@ pref("browser.urlbar.suggest.trending", false); pref("browser.urlbar.trending.featureGate", false); // tor-browser#42792: Explicitly turn off Pocket suggestions in the URL bar. pref("browser.urlbar.pocket.featureGate", false); -// tor-browser#41691: Hide "Firefox Suggets" in the UI +// tor-browser#41691: Hide "Firefox Suggest" in the UI pref("browser.urlbar.groupLabels.enabled", false); pref("browser.safebrowsing.malware.enabled", false); pref("browser.safebrowsing.phishing.enabled", false); @@ -187,6 +187,10 @@ pref("browser.safebrowsing.provider.mozilla.updateURL", ""); pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); pref("datareporting.healthreport.uploadEnabled", false); pref("datareporting.policy.dataSubmissionEnabled", false); +// tor-browser#42735: Disable recent search suggestions +pref("browser.urlbar.recentsearches.featureGate", false); +pref("browser.urlbar.suggest.recentsearches", false); + // Make sure Unified Telemetry is really disabled, see: #18738. pref("toolkit.telemetry.unified", false); // This needs to be locked, or nightly builds will automatically lock it to true View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/44186d3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/44186d3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-128.2.0esr-14.0-1] fixup! Firefox preference overrides.
by Pier Angelo Vendrame (＠pierov) 02 Sep '24

02 Sep '24

Pier Angelo Vendrame pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser Commits: ce72462c by Pier Angelo Vendrame at 2024-09-02T15:41:51+02:00 fixup! Firefox preference overrides. Fixed syntax error. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -291,7 +291,7 @@ pref("extensions.screenshots.disabled", true); pref("extensions.webcompat-reporter.enabled", false); // Disable contentRelevancy component (which itself is gated on Nimbus) (tor-browser#42867) -pref("toolkit.contentRelevancy.enabled", false; +pref("toolkit.contentRelevancy.enabled", false); pref("toolkit.contentRelevancy.ingestEnabled", false); pref("toolkit.contentRelevancy.log", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ce72462… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/ce72462… You're receiving this email because of your account on gitlab.torproject.org.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

tbb-commits